Warning: Creating default object from empty value in /nfs/c03/h02/mnt/56080/domains/logos.nationalinterest.in/html/wp-content/themes/canvas/functions/admin-hooks.php on line 160
Tag Archives | ICT

Cyber Security: It is not about securing the Cyberspace alone – III

The lack of a universal definition of Cyber Security is a challenge. Is it so expansive and dynamic that it is hard to define?

The World Economic Forum highlighted that two out of the top ten global risks in 2015 are Cyber Attacks and Data Fraud or Theft. The priority to secure the nation from such risks is getting bigger. So, the question that arises is, what all do we need to protect and how much should we do?

In the face of these fast moving developments in the technology sector coupled with strong interconnections amongst people and systems via cyberspace, the strategies and procedures for National Security need to adapt continuously. An effective strategy is needed to minimise new gaps that appear due to advancements in cyberspace. To go about this, we first need to look at

  • the various types of Assets that need to be protected and how they can be classified
  • the various Threats and Attacks possible and how they can be classified
  • what measures are needed to protect these assets, how to prevent and deter such attacks and appropriately respond to, if an attack occurs.

National Security at a very broad level covers providing security of all assets that includes critical infrastructures and the citizens, protecting the economy and various operations, ensuring safety and health to public, countering any internal or external attacks, etc. Threats can be of various kinds like war attacks, terrorist attacks, etc. Tallinn Manual defines Cyber Attack as a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.

In all these set of assets, Information and Communication Technology (ICT) forms one key part of assets which need protection. ICT includes all forms of information storing and processing computer systems (hardware/software), electrical and electronic equipment, telecommunication equipment, etc. In cyberspace, in addition to the ICT infrastructure, information that is stored or transmitted is of prime value. Confidential information must be protected from illegal access and manipulation, and all information should be available for access when needed to the person(s) authorised . The goal of Information Security is to ensure the preservation of confidentially, integrity and availability of information stored in any form – be it digital (like in a hard-disk or memory device) or print like books or any other form that is possible. The term Information Security is used more in the corporate side to refer to information in the cyberspace.

CyberSecurity_300p_final

 

To begin with, we can say that Cyber Security applies to security of ICT assets and all information related assets in cyberspace. ISO defines it as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”. The Indian National Cyber Security Policy 2013 defines Cyber Security as a measure “To build a secure and resilient cyberspace for citizens, businesses and Government. To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.”

The paper by Rossouw von Solms and Johan van Niekerk titled From information security to cyber security makes this distinction between Information Security, ICT security and Cyber Security. It also widens the scope of cyber security to include assets like people who could be indirectly impacted due to acts which use ICT-based systems as one of the means to carry out them. The paper argues that all of Cyber Security is not necessarily a subset of Information Security. Instead, there are cyber security threats that don’t form part of the scope of Information Security. Examples highlighted are Cyber bullying, threat to non-information based home assets that are automated, Cyber Terrorism, illegal sharing of data, etc. The Venn diagram shown below gives a high-level picture using the concepts listed above.

Venn_Diag

So, given the wider scope, Cyber Security can be considered as measures adopted

  • to protect the assets (including people), which are part of cyber domain or have links with the cyberspace, from threats of attacks
  • to preserve confidentially of information, integrity and availability of networks and infrastructure and
  • to build a resilient framework to prevent, deter any attacks and accordingly respond to them in any event.

 In the next blog in this series, we will elaborate on the Venn diagram shown above to break-down the various assets and categorise them into different security types. We will also take a closer look at vulnerabilities, types of threats and causes for cyber attacks.

Sudeep Divakaran is a Research Scholar at Takshashila Institution

Comments { 0 }

The penchant to get interconnected is unstoppable – II

Vast interconnections help greater access to information and enable the path to greater knowledge, application and even prediction. Having an edge with a little caution matters!

Communication, data collection and analytics will foster economic growth and for some, it may even help predicting the future. Being able to predict the weather, stock markets, energy supply, prices of commodities, market potential, etc based on various data points and statistical analysis has seen increasing demand. Today, in an interconnected world of cyberspace, a place where we have people-to-people communication, people-to-machine communication and machine-to-machine communications evolving at a tremendous pace, the opportunities opening up are galore. And India, with a vast population and economic potential, cyberspace technologies are key to minimise inefficiencies and to implement effective solutions that can work at scale. On the other hand, highly networked interconnections will also bring along its share of vulnerabilities which can be exploited. In the first part of this series of blogs on Cyber Security topic, the broad definition of Cyberspace was provided together with a brief introduction on the questions around Cyber Security. Before going into the details of Cyber Security, it is essential to look at what are the trends and reach of cyberspace in India.

The TRAI report on The Indian Telecom Services Performance Indicators for the period July-September 2015 showed that newly added broadband Internet subscriber rates are growing faster than narrowband subscribers added, and see a clear indication that Indians are accessing internet more via wireless than wireline technologies. The impact of the challenges faced to lay cables to connect all areas in India, particularly in rural areas, is now to some extent mitigated due to the wireless alternative (e.g. the National Optical Fibre Network project in India initiated in 2011 to connect 2,50,000 Gram panchayats using optical links is facing huge delays). The total number of internet subscribers touched 324.95million at the end of September 2015, with wireless internet subscribers accounting for more than 93% of the subscriptions.

While mobile devices enable faster penetration of internet today, wireline solutions like ADSL, Cable Modem and Optical Fibre to home solutions will also gain traction along the way due to its higher bandwidth capability, lower cost and wider application base (like Audio/Video streaming).

Globally, in the Information and Communication Technology (ICT) sector, we are seeing a massive growth in internet users since 2000. ITU’s ICT Facts & Figures report show that the number of internet users has increased to 3.2Billion in 2015 from just around 400million in 2000. Internet penetration grew seven-fold from 6.5% to 43% between 2000-2015. As per Ericsson’s India Mobility Report June 2015, India is one of the fastest economies using mobile for accessing the internet. The number of smartphone subscriptions is expected to grow at a CAGR of 35% from 2014 to 2020, reaching 750million subscriptions. The total data traffic is expected to touch as high as 2800PetaBytes per month in 2020, which is a 55% CAGR growth compared to figures in 2014. The usage of mobile data services is seen in all segments like Audio/Video streaming, Social Networking, E-Commerce, Instant Messaging, Banking and Finance, Emails, etc. Globally, India grew the fastest in terms of net subscriber additions in Q3 2015.

From Digital India to Smart Cities, technologies like Internet-of-Things will bring more devices connected to the internet (not limited to PCs and Mobile phones, but also household appliances, automobiles,  homes, etc) and enhanced services via cloud based technologies. The cyberspace environment is going through a transformation which will make it very complex. Cisco predicts that there will be 50billion devices connected to the internet by 2020, that is an average of ~6.58 devices per person. And if we consider only the actual number of internet users in 2020, this figure would be much higher.

However, the increasing interconnections will raise the chances of increasing vulnerability in the system, hence making users more prone to security risks. Given that the benefits of connecting to Internet outweigh the economic costs of cyber attacks, nations need to focus more on how to tackle the challenges of cyber security. ITU’s Global Cyber Security Index report released in April 2015 made an evaluation of India’s Cyberwellness profile. Interestingly, India was ranked 5th in the Global Cyber Security Index (ps. rank was shared with six other countries). While this may be commendable, the word of caution to take note (also mentioned in the report) is that this ranking is based on data concerning the commitment and preparedness of the country and not really taking into account the detailed capabilities and possible vulnerabilities in the cyberspace systems – which is also critical.

In this information age, the question that arises is how prepared is the nation to handle cyber attacks? Do we know the vulnerabilities in the systems we use and are able to take appropriate actions immediately? What level of cyber security awareness do users have? What are all the key critical assets that need to be air-gapped to prevent any catastrophic impacts due to cyber attacks? With the ever increasing value of information of a billion people and with ability to control critical infrastructure and business/household systems from remote locations, do we have the right capabilities and capacities to protect the citizens and systems and to respond swiftly to minimise impact of an attack and also, have in place appropriate measures to prevent or deter such attacks?

In the next blog in this series, we will look further into the scope of cyber security in the context of National Security and beyond.

Sudeep Divakaran is a Research Scholar at Takshashila Institution

Comments { 0 }

The push and pull of Central Business Districts

Central Business Districts need to be decongested using tools like relocation, ICT and incentive based pricing to reduce the congestion in Indian cities. 

As Delhi tries to solve the problem of congested traffic and pollution using the odd and even scheme, it is time we look at other feasible solutions to decongest the Indian cities. A common reason for congestion in a city is the compact space, usually in the centre, within which most of the commerce and businesses are located. This central region is known as the Central Business District (CBD).

Commonly known as the downtown region, CBDs lie in the middle of the city so that the commercial centres can be central to all external or internal activities in the city. This central location creates opportunities for the businesses to gain from the interaction between people and jobs, and helps to reach maximum number of people living around the city. As for the people, the proximity to work reduces travelling cost and keeps them close to the various opportunities provided by the city.  Owning to these benefits, CBDs tend to be expensive, crowded, and dense. Classic examples of CBD can be Nariman point in Mumbai or MG Road in Bangalore.

Along with being the hub for all the commercial activities, CBDs also attract a significant amount of population either as consumers or for work. Thereby, a large number of people travel across the ends of the city to come to the centre. However, the lack of appropriate infrastructure to take the burden of the incessantly rising population that travels to or lives in the CBD creates congestion and traffic. This high cost of travel and the benefits provided by the CBD makes it more desirable for the businesses to stay close to the CBD. The increase in demand, thereby, leads to an increase in the land value and pushes the middle income population out of the CBD. Hence, the population that remains in the CBD includes the rich who can pay the high prices or the poor who can’t afford the travel cost. Last year, Delhi’s CBD, Connaught Place was ranked fifth most expensive office market in the world, followed by Mumbai’s Bandra-Kurla Complex (BKC) at 15th position.

In order to reduce the stress borne by these CBDs, it is important that appropriate steps are taken to decongest them. One of the essential steps is relocation. When the congestion on the streets becomes intolerable, people tend to move closer to the CBD or the business moves to the clusters where there is market for workers and the products/services. Mumbai is a successful example of how multiple BDs were create to to effectively reduce the stress on the original CBD. Dissipation of BDs across the cities helps in redirecting the traffic and the land values in the original CBDs. Similarly, Delhi require more versions of BDs such as Nehru Place to reduce the pressure and the land value in Connaught place.

Besides decongesting cities, the recent innovation in the Information and Communication Technology (ICT) should also be used to reduce the dependence on a physical business districts.  After 1999 and advent of ICT, the urban experts have been debating the relevance of CBDs altogether. The ICT provides a flexible work-space for various activities and reduces the spatial constraint. It provides amenities that made it easy to coordinate work through Skype (online video calls) and allow online shopping and transactions.

Tai-Chee Wong, specialist in urban studies, tried to check the relevance of CBD in the ICT era in his paper based on the financial district in Singapore. Wong’s paper studied whether an extended CBD is required for future financial district expansion or will it turn out to be superfluous. The paper explains further that ICT makes it possible to bring different categories of labour to places at varied costs and availability, towards the final production of goods and services. Thereby making financial corporate organisations ‘dispersed, interdependent and specialised’. However in the end after reinstating the question about the relevance of allowing a physical region for business and commerce related activities, Tai Chee Wong has concluded that,

“The ICT is an important consideration, but is largely inadequate as a decisive factor to motivate enterprises to select their location. Other factors such as an appropriate workforce, labour supply and access to transport can be more important.”

Wong’s study did not include the services sector that require face to face contact with the customer, examples being domestic services, security services etc. Moreover, the human interaction is an important element of agglomeration economies that refers to the benefits from the proximity between people or businesses. Therefore there the ICT has a limited scope for improving the condition.

The final method to reduce congestion in the CBDs can be by using methods to disincentives inefficient behaviour by the citizens. For instance, charging for parking or charging surge prices for travelling within the CBD will increase the economic cost of the citizens. This would make them reconsider their choices and make economical decisions like relying on public vehicle or car pooling. This solution however will be dependent on the current status of the public transport. As a inefficient public transport will only increase the cost of owning vehicle but would not provide alternate options. A common example for the incentive based pricing is the parking rates in Singapore that vary between the hours of the day, as well as between, weekday and weekends. Bangalore Metropolitan Transport Corporation, similarly, runs a set of AC buses for short distance within city to create a substitute for private vehicle. However, Bangalore falls short in providing high speed networks to connect the CBD and the rest of the city. Thereby restricting the growth of the city and increasing the stress on the CBD.

In addition to applying the three solutions to the problem, we should also ponder upon the question whether we should plan the CBDs or let them grow organically?

Devika Kher is a policy analyst at Takshashila Institution. Her twitter handle is @DevikaKher.

Comments { 1 }