October 30, 2014

The Cyber Bridge to Improved India-U.S. Cooperation

Posted by Lisa Curtis on October 28, 2014

Indian Prime Minister Narendra Modi appears to have developed a strong rapport with U.S. President Barack Obama during his recent visit to Washington. In a Sept.  

Indian Prime Minister Narendra Modi appears to have developed a strong rapport with U.S. President Barack Obama during his recent visit to Washington. In a Sept. 30 column for the Washington Post, the two leaders mapped out an ambitious agenda for increased collaboration on a number of issues. Bureaucrats in both countries now assume the responsibility of bringing that shared vision to life. 

One area particularly ripe for deeper engagement is cyber security - an emerging national security issue for both countries, and one in which the level and the scope of the threat is fast expanding.

India boasts the world's third-largest population of online users, and Indians' increasing reliance on the internet leaves the country increasingly vulnerable to cyber warfare. The threat comes from criminal hackers, terrorist networks, and nation-states conducting espionage or trying to disrupt critical infrastructure. Cyber warfare can take an enormous toll on commercial activity, military readiness, and public safety. Guarding against increasingly sophisticated cyber attacks has therefore become a focal point of Indian and U.S. national security strategy.  

India was among the biggest victims of GhostNet, a global cyber espionage campaign that targeted governmental, research and military organizations. Beyond this campaign, Chinese espionage likely wrought India's most serious cyber breaches, including the March 2013 hacking of India's Defense Research and Development Organization's computer systems. In June 2012, cyber attacks were reported on the systems of the Indian Navy's Eastern Command, which is responsible for maritime activities in the South China Sea. 

Further, the internet helps militant groups spread propaganda, communicate with one another, and recruit members. Washington and Delhi share this concern, but the Indian domestic terrorist group Indian Mujahideen (IM) is particularly adept at using social media to communicate and recruit. IM members reportedly use Facebook and other chat sites to exchange cryptic messages while relying on proxy internet providers and software to mask their locations.  

Overcoming Suspicions

While the U.S.-India engagement on cyber security issues stretches back more than a decade, concrete cooperation remains minimal. There are specific reasons for this. 

A 2006 spying scandal that involved U.S. and Indian officials participating in a cyber security forum dampened cooperation for several years. Indian officials have since remained highly suspicious of U.S. motives and believe that Washington will look for ways to exploit any cyber security cooperation for the purposes of its own intelligence gathering. 

A recently-published study by the Heritage Foundation and New Delhi-based think tank Observer Research Foundation, titled Indo-U.S. Cooperation on Internet Governance and Cyber Security, argues that the growing challenges pertaining to global cyber security demand that India and the United States build a foundation of mutual trust and cooperation on intelligence and counterterrorism.  

The report highlights the need to expand Indo-U.S. cyber security dialogue to cover the international dimensions of the problem. The bilateral dialogue has so far focused narrowly on technical issues. The authors acknowledge, however, that the vast difference in cyber capabilities of both countries - as well as deep divisions within the United States over whether to pursue unilateral or multilateral approaches - hinder their ability to forge a consensus on international cyber norms and regulations. 

Dr. Raja Mohan, an Indian strategic thinker, notes the likely tension between India's tradition of favoring multilateralism and the imperative to build its domestic cyber security capabilities. In other words, Mohan writes, "India's national interests (on cyber security issues) may not be aligned with the collective positions of the South."

Another author of the report, Dr. Steven Bucci, Heritage's director of foreign and national security policy studies, makes a strong case for rejecting a regulatory approach. Instead, he recommends developing a legislative framework that "harnesses the power of U.S. and Indian industry and ingenuity, while safeguarding the freedoms and privacy of individual citizens." 

Building on Domestic Progress

India has begun to address its cyber security challenges in a serious way. The Indian government published its first ever National Cyber Security Policy in July 2013. The policy emphasizes research and development of indigenous security technology and enhanced public-private partnerships. It further encourages private organizations and companies to adopt more effective IT regulations and infrastructure that conform with international best practices, and it calls for developing a workforce of 500,000 cyber specialists over the next five years. 
To further boost cyber security, India recently set up the National Critical Information Infrastructure Protection Centre, responsible for protecting assets in sectors like defense, finance, energy and telecommunications. Still, U.S. spending on cyber security outstrips Indian spending by 100 times. 

The United States and India have much to gain from deepening their cooperation in cyber security. If both sides work to craft a unified approach to the challenges facing the cyber security world, it would signal that the digital leaders are ready to take on the responsibility to craft a more secure. yet more open, cyberspace. 
Lisa Curtis is a senior research fellow in The Heritage Foundation's Asian Studies Center.

No comments: