The onset of the digital age – with the explosive growth of smart devices and mobile computing, the proliferation of social media and the appearance of the ‘Internet of Things’ – has benefited mankind. Yet there is a darker side to this cyber world which has opened up a plethora of security concerns spanning technology, business and legal domains. These cybersecurity challenges appear at multiple levels – government, industry and the individual user, as each of them fall victim to espionage, cybercrime, hacking and malware attacks.
While in the past few years, a majority of attacks have targeted personal and commercial cyber-infrastructure, their consequences are no longer restricted to these levels, as evident in the following examples:
Stuxnet: The virus attacked Iran’s nuclear plants at Bushehr and Natanz, affecting its reactors. Yet it also affected the SCADA systems of a host of manufacturing sites worldwide.
Target data breach: In one of the worst data breaches, hackers gained unauthorised access to payment and card data from the online retailer Target – affecting approximately 40 million of its users.
Heartbleed: A bug in the OpenSSL encryption software exposed vulnerabilities in two-thirds of the internet’s web servers that allowed the theft of protected information including passwords and confidential email content.
Cybersecurity has become an important thrust area of national security as a growing number of countries acquire offensive cybercapabilities, seen in Edward Snowden’s revelations and the repeated espionage accusations against China. And yet there is no global agreement on cybersecurity. Jammers repeatedly pointed out that cyberspace cannot wait for its own ‘Pearl Harbour’ to prepare its response and that there was a pressing need to begin global cooperation on cybersecurity issues.
In this context, a major dilemma facing countries that possessed offensive cybercapabilities is how to secure something that was of more value to them unregulated. This dilemma is particularly evident in the debate on regulating ‘deep web’ and ‘darknet’ – the underground World Wide Web, which is the hub of illegal activities but is also used extensively by security agencies to pursue leads on cybercrime.
Perhaps the way forward is the same as in addressing terrorism – secure agreements on various facets of terrorism such as terrorist financing. Given the disagreements on cybersecurity, countries could begin by focusing on evolving sectoral agreements, such as critical infrastructure, before discussing a global cybersecurity treaty.
This needs to be accompanied by the creation of a dedicated cybersecurity organisation which will be the nodal point for coordination and information-sharing, and be aligned with the national units of the Computer Emergency Response Teams.
While countries undertake these efforts globally, businesses also need to forge initiatives amongst themselves to mutually share their risk perception and concerns, and also address the human component of cybersecurity by focusing on enhancing the pool of IT professionals and spreading employee awareness on IT issues.
Sameer Patil is Associate Fellow, National Security, Ethnic Conflict and Terrorism, at Gateway House.
Sameer Patil was the host of the Cyber-Security panel at Security and Defence Agenda’s (SDA) Security Jam 2014.
This article was exclusively written for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.
For interview requests with the author, or for permission to republish, please contact outreach@gatewayhouse.in.
© Copyright 2015 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited