The future for Indian cyber security systems

With the leak of America’s covert operation (PRISM), individuals, organisations and governments throughout the world are on tenterhooks as to what this means for them and the repercussions it will cause.

India, especially, is among the top five countries whose data has been compromised by the American National Security Agency (NSA) surveillance system.  According to the documents revealed by Ed Snowden (former NSA employee), the agency “has access on a massive scale to individual chat logs, stored data, voice traffic, file transfers and social networking data of individuals”.

But what does this mean for India and the future of its cyber security systems?

India has had a long-standing battle with cyber criminals where it is believed that more than 1,000 Indian government websites, storing critical and sensitive data concerning national security have been hacked by cyber criminals in the last three years.  For example, India’s top military organisation, the Defence Research and Development Organisation, suffered a compromise by suspected Chinese hackers, which is thought to be one of the biggest security breaches in the country’s history.

India has the fastest internet traffic growth globally and is expected to have 348 million users by 2017, which is up from 138 million in 2012. With such large activity, India is a key target for cyber criminals and security agencies alike.

In a bid to minimise security incidents, the Indian government  has proposed a new architecture which “envisages an interconnected set of organisations in key departments like NTRO [National Technical Research Organisation], defence and home ministries, while CERT [Computer, Emergency Response Team] will remain the umbrella body to oversee cyber-protection”.

The architecture will see the government working with Internet Service Providers (ISPs) to oversee the metadata of Indian users, but not to mine the data. The difference from this to PRISM is that the Indian cyber security system would not be a covert operation.

More information on cyber security and information security can be found from IT Governance, including a range of books, standards and toolkits on the subject.