India’s cyberspace is in a woeful state. The recent hacks by hacker group Legion have only served to highlight this fact. If a bunch of kids can breach India’s government servers and facilities, what defence do we have against a state-sponsored attack?
We spoke to Dr. Govind, former CEO of NIXI (National Internet Exchange of India), to help us understand the situation better.
Dr. Govind tells us that the main problem with cyber security in India is that we don’t have the capabilities of dealing with any such threat. A lack of education concerning cyber security, a 16-year old IT Act and a lack of investment and focus on the issue is hurting us badly.
The best way to fix this, he says, is to build capacity and install a robust system that will ensure that cyber security is, and always will remain, a priority.
In order to build capacity, Dr. Govind insists that we need to educate the masses and develop the requisite skills among them. The government also needs to be actively recruiting for its cyber security endeavours.
He also believes that a large investment is necessary to start building up the necessary infrastructure. It’s more important that the investment be a continuous one, he adds.
The Information Technology Act, 2000 is the one act we refer to for most of our legal and policy needs. Dr. Govind points out, as did IT Minister Ravi Shankar Prasad , that this act is over 15 years old and it’s high time we overhauled it.
In an industry where even six months seems an eternity, we can’t wait this long to implement IT policy. A responsive, agile system is required to deal with all threats.
Collaboration with the industry is also important, says Dr. Govind. By itself, it’s hard for any single entity to deal with cybersecurity threats on a national level. A large pool of experts and quick, reliable industry inputs can go a long way towards achieving our security goals.
Pointing to CERT-in, the Indian Computer Emergency Response Team, Dr. Govind says that we are already in the process of putting services and protocols in place for dealing with cyber security threats.
We need to start using them, however.