By the Indian Future Foundation
The immense expansion of digital usage in India over recent decades has thrust cyber policy and digital security to the forefront of minds. Government and business are unified in their intent to create a more secure digital environment. They are brought together and supported by leading third sector organisations such as the India Future Foundation, which straddles both the public and private sectors to help drive towards a mutual understanding and to identify digital solutions which are holistic in both their approach and the threats which they address. In this article, the India Future Foundation shares its views on the threat and solutions landscape, the opportunities for Commonwealth cyber cooperation, and the role all actors can play in advancing towards a more secure digital arena.
Introduction
In the digital realm, the interconnections among Commonwealth nations have been extensive. Diplomatic relationships in the 21st century have progressed beyond trade and peace resolutions to encompass collaborations and investments in technology. However, as technology and the Internet have become integrated into various aspects of human life, the negative aspects of technology have also surfaced. To protect their citizens, Commonwealth nations are giving significant importance to the development of laws, frameworks, and regulations to govern the Internet and cyber platforms, thereby addressing the menace of cyber threats.
Commonwealth nations have acknowledged the urgent necessity to prioritise cybersecurity due to the escalating proliferation of cyber threats, which pose a growing concern for governments, organisations, and individuals worldwide. The increasing wave of cyberattacks, such as ransomware attacks, data breaches, and cross-border cybercrimes, have substantial economic and social consequences for governments, businesses, and individuals across the Commonwealth. Cybercriminals have become more agile, employing sophisticated tactics, techniques, and procedures (TTPs) to exploit vulnerabilities in online systems, networks, and infrastructure. These advanced measures include tactics like phishing emails, social engineering, malware, and ransomware attacks. In this context, human beings are considered the weakest link in the cyber kill chain, making them an easy target for cybercriminals to exploit.
To counter the rising cyber threats, innovative technologies have been developed to mitigate the associated risks. Artificial intelligence (AI) and Machine Learning (ML) have emerged as vital tools in the battle against cyberattacks. These technologies offer advanced capabilities to detect, analyse, and respond to cyber incidents in real time, enabling faster and more accurate threat mitigation. By leveraging AI and ML algorithms, security systems can automatically identify patterns, anomalies, and malicious activities within vast amounts of data, enhancing the efficiency and effectiveness of cybersecurity measures.
Advanced Threat Detection AI and ML algorithms enable the identification of patterns and detection of anomalies that may indicate cyber threats, even in large and complex networks. These technologies can analyse extensive datasets, including network logs, user behaviour, and system configurations, to identify potential risks and vulnerabilities. This proactive approach empowers organizations to identify and address security weaknesses before they can be exploited by malicious actors.
Predictive Analytics AI and ML models can analyse historical data to predict and anticipate potential cyberattacks. By identifying emerging trends and patterns, security systems can proactively implement preventive measures, thereby minimizing the impact of cyber threats. Predictive analytics helps Commonwealth nations stay one step ahead of cybercriminals by identifying vulnerabilities and implementing appropriate countermeasures.
Automated Incident Response AI and ML can automate incident response processes by swiftly identifying and containing cyber threats. Intelligent systems can autonomously respond to security incidents, initiate countermeasures, and mitigate the impact of attacks. Automated incident response reduces response times and minimizes human error, enabling organizations to neutralize threats more efficiently.
Enhanced User Authentication AI and ML techniques, such as behavioural biometrics and facial recognition, can strengthen user authentication processes. These technologies continuously learn and adapt to user behaviour, identifying suspicious activities, detecting unauthorized access attempts, and enhancing overall system security. Advanced user authentication mechanisms provide an additional layer of protection against cyber threats, mitigating the risk of unauthorized access and data breaches.
Organisations like INTERPOL have been actively working to raise awareness about the alarming increase in cybercrime activities targeting nations. These activities range from ransomware attacks to data breaches and state-sponsored hacking. INTERPOL has adopted two separate approaches in its efforts to tackle cyberattacks. The first approach involves conducting Cyber Awareness and Capacity Building Campaigns, while the second approach focuses on facilitating collaboration among nations to combat cybercrimes.
INTERPOL has launched Cyber Awareness and Capacity Building Campaigns that cover various important topics such as Sextortion, Ransomware, and Distributed Denial-of-Service (DDoS) attacks. Notable campaigns like #JustOneClick, #OnlineCrimeIsRealCrime, #WashYourCyberHands, and #BECareful are designed to emphasize the importance of practicing good cyber hygiene and educate individuals about the risks associated with clicking on suspicious links, fraudulent emails, and similar cyber threats.
INTERPOL has also introduced two secure and flexible services to facilitate effective communication and collaboration among law enforcement agencies and relevant stakeholders in tackling cybercrime. These services known as Cybercrime Knowledge Exchange workspace, caters to non-police information and is accessible to all relevant users, whereas the Cybercrime Collaborative Platform – Operation, supports law enforcement operations and is limited to operational stakeholders.
The availability of these services and campaigns establishes a platform for collaboration among Commonwealth nations and facilitates the development of effective cybersecurity strategies. As a response to these advancements, governments of Commonwealth nations have taken significant measures to regulate internet-based services within their respective jurisdictions. For instance, the Government of India has recently made amendments to the Information Technology Act, 2000, which was initially enacted during the nascent stages of internet services in the country. India's vision of building a USD 1 trillion digital economy, along with the increase in internet access from 5.5 million users in 2000 to 850 million users in 2023, underscores the importance of regulating internet services. This regulatory framework aims to promote growth while ensuring compliance with safety measures to effectively mitigate evolving digital threats.
India's National Cyber Security Strategy 2020 was an important step in this direction. It served as a foundation for the development of the Proposed Digital India Act, 2023, and the Draft Digital Personal Data Protection Bill, 2022. Together, the proposed Act and Bill aim to regulate online gaming platforms, OTT platforms, social media, online child safety, storage and use of personal data collected by organizations. It also proposes amendments to the Indian Penal Code to address online crimes. Furthermore, the act recommends stronger guidelines and regulations for India's Computer Emergency Response Team (CERT-In) to enhance cybersecurity preparedness and compliance.
Despite these interventions, cybersecurity remains a challenge within the Indian subcontinent. One major challenge is the lackadaisical attitude of organisations, including Critical Information Infrastructure (CII), towards cyber threats. Many organisations overlook the importance of maintaining a robust cybersecurity posture, even in the face of guidelines from CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC). Additionally, there is a shortage of trained cybersecurity professionals who can ensure organizations maintain a strong security posture.
Further, there is a significant gap in collaboration between the public and private sectors when it comes to cybersecurity. While the private sector has been actively engaged in developing innovative technologies and solutions to defend against cyberattacks, the lack of synergy and cooperation between these sectors hinders the effective scaling and implementation of such measures. The lack of collaboration results in several challenges. Firstly, it leads to challenges in effectively sharing vital threat intelligence. The private sector's expertise and resources can enhance the government's efforts in developing and implementing cybersecurity policies, regulations, and incident response strategies.
Secondly, the absence of a collaborative environment limits the scalability and adoption of innovative cybersecurity solutions. Many private sector initiatives remain confined to specific industries or organizations, lacking the necessary support and integration into the broader cybersecurity ecosystem.
To facilitate the public and private sector’s collaborations, India Future Foundation has been at the forefront to ensure a smooth dialogue between these two sectors.
Role of IFF in Cybersecurity Strategy
India Future Foundation (IFF) leads initiatives to drive change in Digital Internet Policies with an aim to foster and build Digital Ecosystems which guarantee Freedom of Expression, Trust and Safety for users. IFF, through its team of experts in foreign policy, digital and cyber diplomacy helps nations engage effectively with their international counterparts to build strategic ties through digital dialogues and interventions. IFF works with government ministries on Cyber laws, Strategy, Policy, Governance, Data Protection, and Security of Emerging Technology (5G, IOT/OT). IFF has been working with the Government of India and the Government of the United Kingdom to foster a culture of cybersecurity across the Commonwealth. IFF has engaged with The Foreign, Commonwealth & Development Office (FCDO) to develop IOT security standard alongside The European Union Agency for Cybersecurity (ENISA) and Department for Culture, Media and Sport (DCMS). FCDO is also engaging IFF in a capacity building program in the Asia Pacific region where IFF is part of a larger consortium.
IFF has been involved in organising consultations with government and industry bodies across the Commonwealth nations. These consultations aim to understand challenges, identify gaps, and propose necessary reforms to enhance the safety of cyberspace. Important stakeholders from the Indian Tech and Security ecosystem such as the Ministry of Defence, Ministry of Electronics and Information Technology (MeitY), National Security Council (NSCS), Ministry of Home Affairs etc are regular attendees at these consultations. By engaging both government and private entities, IFF ensures that the needs and expectations of all stakeholders are considered, fostering collaboration and mutual understanding, leading to improved cyber resilience across sectors.
These consultations are sector specific and as a result it helps IFF develop action plans and roadmaps that are implementable and agile.
IFF has actively engaged in digital literacy programs at the grassroots level, focusing on initiatives aimed at women, children, and individuals within schools, universities, and workplaces. Their primary objective is to enhance cyber safety awareness and empower individuals to adopt secure online practices. IFF advocates for the inclusion of a cybersecurity curriculum in school syllabi. Introducing cybersecurity education at a young age, will ensure a culture of cyber safety and instil responsible digital habits in students. IFF has also partnered with law enforcement agencies to provide capacity-building training and support in campaigns promoting digital safety.
IFF actively contributes to the field of cybersecurity through its research work, which includes publishing papers and thought leadership content. These resources serve as valuable reference materials for researchers, enabling them to develop products that align with the evolving needs of the cybersecurity industry. The papers published by IFF not only shed light on current vulnerabilities but also offer insights into effective strategies for organizations to address these weaknesses.
_____________________________________________________________________________
Conclusion
Cybersecurity has become a critical priority in Commonwealth nations, as the proliferation of cyber threats poses significant risks to governments, organisations, and individuals. By formulating laws, fostering collaboration, and harnessing advanced technologies like AI and ML, Commonwealth nations are actively combating cybercrime. Initiatives such as Cyber Awareness and Capacity Building Campaigns by INTERPOL, along with the involvement of organisations like India Future Foundation, are contributing to raising awareness, developing effective strategies, and providing resources to enhance cybersecurity. Through these collective efforts, Commonwealth nations are striving to create a secure and trusted digital environment that safeguards their citizens and promotes global cybersecurity.
India Future Foundation’s Founder is Kanishk Gaur, and the organisation is chaired by Lt Gen Rajesh Pant, Former National Cyber Security Coordinator, India
Comments