Is India's social data compromised, is it an easy target to cyber-warfare?
National security is not about having a large army anymore. It is about destroying the command and control centre not just with bombs but also with cyber warfare. Bots, viruses, Trojans and worms are finding their way into smartphones. Do we have reason to fear? Not today, but in five years it could be a real threat. Most Indians are on social media sites whose data sits in data centres all over the world. Data of around 200 million Indians is at risk of being exploited by state and non-state actors.
Similarly, corporates and startups have their data outside the country because they have launched their applications in the cloud (having the data centre in other nations). While we fight to secure the nation’s data sovereignty, a task arguably bigger than protecting national boundaries, there is also a need to foster home-grown IT security startups.
The first line of defence is to protect the data created by the millennial generation. Since digital profiles are unhesitatingly shared with corporations offering services, data could go unprotected, as enterprise-IT security products are not robust. Corporations often buy security products as part of a total IT package and have no road-map to be secured in different layers. However, there isn’t a single security stack protecting the data flow from the consumer to the sales organisation of the enterprise.
Second, are these questions being asked by large corporations – say a Future Group or Aditya Birla Group or Tata Sons? Most organisations do not discuss the attacks happening on their IT-systems, which get out in the public the moment services are delivered digitally. The fear of going digital should not arise if they have a roadmap to secure it. Surely, security software is not a standard product that has to be brought in an IT package.
Third, why can’t India have its own operating system, which can keep data within the nation? No one really knows why India’s open source operating system, Bharat Operating System Solutions – built by the Centre for Development of Advanced Computing – has not yet found commercial viability. Let us explore why.
The open world, not so open
Around 200 million Indians have become online-savvy, with accounts on LinkedIn, Twitter and Facebook. Since the social habits of citizens become primary data for behavioural study, there is a reason why this data needs to be encrypted in an Indian data centre. Also, 80 million Indians use global operating systems, apps and data for which–beginning from healthcare to fitness and reading habits––sit in the CRM systems of global corporations. This allows them to know every habit of a citizen.
In the world of free markets, sharing data is seen as a democratic right. But this also means people are willingly giving up control to a foreign state or a global corporation. However, the catch for us global individuals is that this data will help individuals live a better life when analysed by the corporations. If history has taught us anything, it is that the world is fraught with dominant cultures –that will enforce their will on others. The history of the world has shown that this conflict is not going to be resolved by a generation which holds on to the notion that technology offers convenience to make lives easy. They are missing the point and are wilfully giving up control to another state.
About 16 years ago, Robin Brown, a former professor of Political Communications at the University of Leeds asked me why eastern cultures wore jeans when there was traditional clothing that used 'natural' fabric. I replied like a student with no experience in applying social theories: “Jeans are convenient, fashionable and easy to use,” I said. The professor immediately sympathised with me and said, “You cannot give your culture a back seat because something is convenient.” His argument at the time was that communications technology was the soft power that enabled the nation with the intellectual property to be the dominant power in the world. Therefore exerting influence over softer means like music, language and clothing.
A similar logic should be applied to data security. India is not yet talking about the subject. The US and China are already funding a host of startups to protect their data and perhaps even snoop in on others' data.
Protecting the nation, not the world
The CIA’s In-Q-Tell venture has invested in more than 100 startups covering areas from software and hardware to data centres, biotechnology and sensors, to video and security testing. The point to note is that all these investments add up to ensure data security and data sovereignty. China has 780 government funds funding technology startups. The United Kingdom has plans to invest $250 million in cyber-security startups. India does not have a dedicated cyber-security fund yet.
The late economist Kenneth Galbraith famously said in his book The Affluent Society: “The chief aim of the techno-structure was security for itself and the growth of the firm as measured by sales. Giant firms were able to secure their "immortality" (an uninterrupted level of earnings) by controlling the social environment in which they operated. They could set prices, control decisive costs through power of purchase, manage demand through advertising and defence contracts. They were also well placed to suborn the "educational and scientific estate" to their goals. The multinational corporation was simply a device for extending this system of control to international trade - the modern form of imperialism.”
It seems prescient how, in 2008, critics went back to quoting Jonathan Maynard Keynes when the 'free' markets fell into chaos - after the dramatic collapse of several brokerage firms and corporations in North America and Europe. So, Galbraith, who was a great proponent of public interest over a materialistic society, must be quoted here to warn the Indian government. It must be second nature to create avenues to protect the nation’s digital data.
Many will argue that we should not speak about protectionism and let people decide for themselves about the data they generate. For them, I bring back the jeans argument, and for the millenials, what Steve Jobs said, “Customers do not know what they want.” Would the public know what works for them? So, is it better for a global corporation or state to decide how our data should be used?
Indians should be able to do what they want with their personal data generated from smartphones, but let there be a way to figure out how that data can be encrypted at the network level and be hosted in Indian data centres. There is a role here to encourage startups that can build network security for devices, sensors, networks and platforms. Let them build IP to protect data sensitive to national interest. However, in the world of apps, governments have no control over what the consumer shares globally. We may have already given up before we even started to think along those lines, because this data is vulnerable to attacks of black hats- hackers after the data to be sold for profit in the black market. At least we can create systems of computing excellence to fight motivated digital attacks by other nations and by the black hats themselves.
The future in India is bright
The same logic must be applied to Indian enterprises in the digital world when it comes to information security. There simply must be an Indian equivalent of an operating system and an app-store, like an iOS or Android or iTunes or PlayStore, to serve the 850 million Indians. There are startups doing exactly this for India. There is IndusOS, the Indian Language Operating system, and open-source security intelligence provider Innefu Labs making inroads for applications specifically for India. Now what should happen is a proliferation of tablet devices for 850 million Indians through BOSS, which integrates 14 Indian languages and will create a device ecosystem for India. However, all this can be under threat from lobbying by powerful global organisations. It is time the Indian government protected these companies and development centres.
Data from security company McAfee suggests that India has witnessed attacks on more than three lakh of its websites. The report adds that cyber crime is a growth industry for black hats, whose returns are great, and the risks low. The report estimates that the likely annual cost to the global economy from cyber crime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion.
Wouldn’t it be nice to be known as the forerunners of technology rather than being spoken about as a frugal engineering nation? Frugal can also mean we can make world-class products, but let the world listen to our terms.