Sunday, December 18, 2011

Six Actions Governments must take to build a Secure Cyberspace

The rate of growth of cyberspace fuelled by individuals and businesses has been rapid.  The advent of smartphones has ensured a network of over 5 billion internet devices. Cloud computing and smart phone apps are major drivers of online commerce. Internet has entered utilities, businesses, homes, and even cars. Governments use cyberspace to provide egovernance to their citizens.
As interconnectivity and online transactions grew so did three major cyber risks – corporate espionage, cyber warfare and cyber crime. The rate of growth of these three risk vectors have left most governments underprepared and underinvested in building strong national and international cyber ecosystems. The rapid growth rate of a free Internet coupled with the not so technology savvy bureaucrats left governments without any relevant policy on building a strong ecosystem for the development and protection of national cyberspace. Bridging the gap requires a multibillion US dollar investment in building cyber institutions, cyber policy and domestic cyber development capability in products, services and training.
The six focus areas and related laundry list below should ideally  be enacted/executed in partnership with Industry and academia.
1.    Create an ecosystem for development of domestic cyber protection capabilities
a.    Capability to build secure products for the national cyber ecosystems
b.    Incentives for tech entrepreneurs to invest in security product development
c.    Labs and standards for evaluating and certifying products as security compliant
d.    Policies or regulation to ensure critical national infrastructure players invest in security defenses
e.    Set-up standard bodies for development and promulgation of security standards
f.     Enhance existing bodies like CERT for better incident response and vulnerabilility reporting
g.    Develop better online monitoring mechanism to detect hostile activities on the Internet

2.    Create an ecosystem for safe business transactions
a.    Capability to build tools for fraud detection and control
b.    Bodies that will establish trust in online identities such as identity service providers who can provide authentication services
c.    Capability to build tools for prescreening Internet content
d.    Capability to report online cybercrime
e.    Capability to trust online transactions
f.     Capability to trust and rate online business entities
g.    Capability to monitor the activities of online businesses in real time to certify businesses as safe to transact with
h.    Promulgate ethical standards for use of the Internet by business  in partnership with industry bodies

3.    Create an ecosystem for lawful use of the Internet
a.    Develop cyber police and cyber courts
b.    Training of police and judiciary
c.    Effective laws and regulation
d.    Cyber Bills and Acts

4.    Create an infrastructure to train new cyber security professionals
a.    Security courses in schools and college
b.    Funded research

5.    Develop effective international policies to deal with cross border issues
a.    Sign transactional treaties for fighting cybercrime internationally
b.    Establish international policy on privacy and law for use of cyberspace
c.    Establish norms for Internet service provider hosting content from or related to, India or Indians

6.    Promotion of cyber security awareness
a.    Encourage mcommerce players to promote citizen cyber security awareness
b.    Encourage the media to highlight cyber security issues and create awareness
c.    Institutionalize cybersecurity awareness training for children in schools
d.    National cybersecurity day

1 comment:

  1. This is a great article. My only comment is that as a nation we possibly do not have cloud services offered from within our geographical boundaries. Assuming that a data privacy Act is passed and while data can still possibly be encrypted and sent outside, it cannot be processed. While the government talks of a government cloud, I am yet to come across a government or a commercial cloud hosted in India.