High Level Statements
Home > High Level Statements > Speech by Shri Shivshankar Menon, National Security Advisor at Fourth International Meeting of High Level Officials Responsible for Security, Vladivostok
Speech by Shri Shivshankar Menon, National Security Advisor at Fourth International Meeting of High Level Officials Responsible for Security, Vladivostok
Your Excellencies, Distinguished Guests, Ladies and Gentlemen.
I wish to begin by thanking you, Mr. Patrushev, and the Russian government for your initiative in arranging this important international meeting, which has now established itself in the calendar as a meeting that we all look forward to, for your hospitality, and for the importance and topicality of the discussions.
I will say a few words on cyber security.
Cyberspace is today the fifth domain of human activity, in addition to land, sea, air and outer space. During the last two decades, the Internet has grown exponentially in its reach and scope. Equally, our dependence upon cyberspace for social, economic, governance, and security functions has also grown exponentially. Unfettered access to information through a global inter-connected Internet empowers individuals and governments, and it poses new challenges to the privacy of individuals and to the capability of Governments and administrators of cyberspace tasked to prevent its misuse.
Our task is complicated by the unique characteristics of cyberspace. These include, as we are reminded every day: its borderless nature, both geographically and functionally; anonymity and the difficulty of attribution; the fact that for the present the advantage is with offense rather than defence; and, the relatively anarchic nature of this domain.
Let us consider each of these briefly.
Borderlessness
The anonymity and inter-connectivity of cyberspace are exploited by criminals, terrorists and even States to carry out identity theft and financial fraud, conduct espionage, disrupt critical infrastructures, facilitate terrorist activities, steal corporate information, and plant malicious software (malware) and Trojans which can be exploited in different ways.
Anonymity
Because of the anonymity and the difficulty in attribution, securing cyberspace against misuse by either State or non-State actors is a multi-dimensional challenge that requires concerted efforts on the part of all stakeholders. Cyber security involves securing our national Information Communication Networks and Critical Information Infrastructure, combating cyber crime and protection from cyber attacks. It involves threat monitoring, assessment, mitigation, risk management, forensics, hardening of systems and capacity building in terms of both technical as well as human resources. All these require technical advances to make it possible for us to be able to redefine anonymity so as to separate legitimate from other uses of cyberspace.
Offense and Defence
We have seen that there is an inextricable link between cyber crime, trans-national organized crime and cyber terrorism. Active actors range from ordinary individuals to cyber criminals, extremists, terrorists, social, and political groups. We have also seen that launching destructive cyber attacks costs little, but defending against such attacks is becoming increasingly expensive and complex. The increasing use of "cloud computing” models, and third party network based servers which form the "cloud”, has introduced new policy challenges such as defining jurisdictional boundaries for law enforcement, protecting privacy and civil liberties according to national laws, and liability in the event of a breach of security.
Anarchy: International and Governance Aspects
Different countries have different approaches to this issue, based on their national experience and perceived interests. We are each learning as we go. Fortunately we now see the beginnings of a common realization of the need to ensure security of cyberspace and to institutionalize safeguards for individuals and society against its misuse.
Given the inter-dependencies that are a characteristic of cyber space, the international community needs to make concerted efforts to secure cyberspace, which is a common resource. Many issues relating to cyber security have trans-national components and these challenges cannot be addressed by individual nations or in isolation. There is a self evident need for cooperation to exchange experiences and to share best practices for protection of information infrastructures.
There is a need to develop a common understanding on norms of State behavior in cyberspace. India would prefer norms derived from existing international legal frameworks relevant to the use of ICT. As a member of United Nations Group of Experts, India has worked with Russia and with other countries on the Group’s Report, which will be submitted to the UN General Assembly.
India supports democratic and representative Internet governance. International institutions that are invested with authority to manage or regulate the Internet need to be broad-based and internationalized if they are to make meaningful decisions on what is today a global commons.
India’s Experience
India is one of the major IT destinations in the world. We have the third largest number of Internet users after the USA and China. India has a Gen Y population, between the ages of 15 to 29 years, of approximately 310 million adept at using the Internet and social media networks. There are over 700 million mobile phones and about 670,000 km of optical fibre laid across the country. We add over 7 million new mobile phone connections every month. Such phenomenal growth in access to information and connectivity has added to our vulnerabilities.
The Government of India has recently approved a National Cyber Security Policy and a Framework to address cyber security concerns. This Framework envisages a multi-layered approach to ensure defence in depth and a clear delineation of functional responsibilities amongst stakeholders, while stressing coordination and sharing of real-time information. It also seeks to strengthen our assurance and certification framework to address supply-chain vulnerabilities, hardening networks, and promoting Research and Development in cyber security with an emphasis on capacity-building.
In July 2012 we established a Joint Working Group with representatives of Government departments and the private sector. The Report of this Joint Working Group contains a detailed roadmap for public-private partnership on cyber security, which includes the setting up of institutional frameworks, capacity building in the area of cyber security, development of cyber security standards and assurance mechanisms and augmentation of testing and certification facilities for IT products. This Joint Working Group is a standing body and has generated considerable enthusiasm in the private sector.
Conclusion
In ensuring cyber security, we have to be careful that the free flow and access to information is not hindered or compromised. There should be no doubt about our commitment to preserving the democratic nature of cyberspace which is one of its most enduring features. India is stoutly committed to freedom of expression, which includes freedom of expression in cyberspace. At the same time, we have to be concerned with securing our cyberspace for trusted e-commerce, security of data and protection of Critical Information Infrastructure. We have to guard against malicious activities of those who may seek to undermine our economies or disrupt social harmony. The imperatives of national security have thus to be balanced with protecting the privacy of individuals.
We in India look forward to working with the international community in finding this balance and in the task of keeping cyberspace secure and safe for all our citizens and societies.
I wish to begin by thanking you, Mr. Patrushev, and the Russian government for your initiative in arranging this important international meeting, which has now established itself in the calendar as a meeting that we all look forward to, for your hospitality, and for the importance and topicality of the discussions.
I will say a few words on cyber security.
Cyberspace is today the fifth domain of human activity, in addition to land, sea, air and outer space. During the last two decades, the Internet has grown exponentially in its reach and scope. Equally, our dependence upon cyberspace for social, economic, governance, and security functions has also grown exponentially. Unfettered access to information through a global inter-connected Internet empowers individuals and governments, and it poses new challenges to the privacy of individuals and to the capability of Governments and administrators of cyberspace tasked to prevent its misuse.
Our task is complicated by the unique characteristics of cyberspace. These include, as we are reminded every day: its borderless nature, both geographically and functionally; anonymity and the difficulty of attribution; the fact that for the present the advantage is with offense rather than defence; and, the relatively anarchic nature of this domain.
Let us consider each of these briefly.
Borderlessness
The anonymity and inter-connectivity of cyberspace are exploited by criminals, terrorists and even States to carry out identity theft and financial fraud, conduct espionage, disrupt critical infrastructures, facilitate terrorist activities, steal corporate information, and plant malicious software (malware) and Trojans which can be exploited in different ways.
Anonymity
Because of the anonymity and the difficulty in attribution, securing cyberspace against misuse by either State or non-State actors is a multi-dimensional challenge that requires concerted efforts on the part of all stakeholders. Cyber security involves securing our national Information Communication Networks and Critical Information Infrastructure, combating cyber crime and protection from cyber attacks. It involves threat monitoring, assessment, mitigation, risk management, forensics, hardening of systems and capacity building in terms of both technical as well as human resources. All these require technical advances to make it possible for us to be able to redefine anonymity so as to separate legitimate from other uses of cyberspace.
Offense and Defence
We have seen that there is an inextricable link between cyber crime, trans-national organized crime and cyber terrorism. Active actors range from ordinary individuals to cyber criminals, extremists, terrorists, social, and political groups. We have also seen that launching destructive cyber attacks costs little, but defending against such attacks is becoming increasingly expensive and complex. The increasing use of "cloud computing” models, and third party network based servers which form the "cloud”, has introduced new policy challenges such as defining jurisdictional boundaries for law enforcement, protecting privacy and civil liberties according to national laws, and liability in the event of a breach of security.
Anarchy: International and Governance Aspects
Different countries have different approaches to this issue, based on their national experience and perceived interests. We are each learning as we go. Fortunately we now see the beginnings of a common realization of the need to ensure security of cyberspace and to institutionalize safeguards for individuals and society against its misuse.
Given the inter-dependencies that are a characteristic of cyber space, the international community needs to make concerted efforts to secure cyberspace, which is a common resource. Many issues relating to cyber security have trans-national components and these challenges cannot be addressed by individual nations or in isolation. There is a self evident need for cooperation to exchange experiences and to share best practices for protection of information infrastructures.
There is a need to develop a common understanding on norms of State behavior in cyberspace. India would prefer norms derived from existing international legal frameworks relevant to the use of ICT. As a member of United Nations Group of Experts, India has worked with Russia and with other countries on the Group’s Report, which will be submitted to the UN General Assembly.
India supports democratic and representative Internet governance. International institutions that are invested with authority to manage or regulate the Internet need to be broad-based and internationalized if they are to make meaningful decisions on what is today a global commons.
India’s Experience
India is one of the major IT destinations in the world. We have the third largest number of Internet users after the USA and China. India has a Gen Y population, between the ages of 15 to 29 years, of approximately 310 million adept at using the Internet and social media networks. There are over 700 million mobile phones and about 670,000 km of optical fibre laid across the country. We add over 7 million new mobile phone connections every month. Such phenomenal growth in access to information and connectivity has added to our vulnerabilities.
The Government of India has recently approved a National Cyber Security Policy and a Framework to address cyber security concerns. This Framework envisages a multi-layered approach to ensure defence in depth and a clear delineation of functional responsibilities amongst stakeholders, while stressing coordination and sharing of real-time information. It also seeks to strengthen our assurance and certification framework to address supply-chain vulnerabilities, hardening networks, and promoting Research and Development in cyber security with an emphasis on capacity-building.
In July 2012 we established a Joint Working Group with representatives of Government departments and the private sector. The Report of this Joint Working Group contains a detailed roadmap for public-private partnership on cyber security, which includes the setting up of institutional frameworks, capacity building in the area of cyber security, development of cyber security standards and assurance mechanisms and augmentation of testing and certification facilities for IT products. This Joint Working Group is a standing body and has generated considerable enthusiasm in the private sector.
Conclusion
In ensuring cyber security, we have to be careful that the free flow and access to information is not hindered or compromised. There should be no doubt about our commitment to preserving the democratic nature of cyberspace which is one of its most enduring features. India is stoutly committed to freedom of expression, which includes freedom of expression in cyberspace. At the same time, we have to be concerned with securing our cyberspace for trusted e-commerce, security of data and protection of Critical Information Infrastructure. We have to guard against malicious activities of those who may seek to undermine our economies or disrupt social harmony. The imperatives of national security have thus to be balanced with protecting the privacy of individuals.
We in India look forward to working with the international community in finding this balance and in the task of keeping cyberspace secure and safe for all our citizens and societies.
