Author : Sameer Patil

Expert Speak Digital Frontiers
Published on Dec 04, 2022 Updated 14 Days ago
India now has the opportunity to spearhead a global partnership to build a safe cyberspace and to prioritise cybersecurity concerns
India’s cybersecurity priorities for G20 Presidency On 1 December 2022, India assumed the presidency of G20, the grouping which brings together 20 of the world’s largest economies. With the sluggish post-pandemic economic recovery and increased geopolitical tensions, courtesy of the Russia-Ukraine conflict, G20’s priorities have evolved in the last two years. However, for India, themes like digital public infrastructure, climate change and sustainability, supply chain resilience and reformed multilateralism will dominate the agenda. With this presidency, India can drive initiatives in critical areas as the world settles into the second decade of the 21st century.

Enhanced cybersecurity cooperation at the G20 forum can contribute to ensuring the security and integrity of critical infrastructure and digital public platforms. Therefore, cybersecurity must be a key focus area in the digital agenda under India’s presidency in 2023.

One such critical area that has remained highly volatile and needs sustained focus at the level of G20 is cybersecurity. The need for a secure cyberspace is vital as there has been an exponential surge in the number and type of cyber threats, particularly to critical infrastructure: The latest example being the continuing disruption at New Delhi’s All India Institute of Medical Sciences caused by a ransomware attack. According to the 2022 Microsoft Digital Defense Report, nation-state actors are launching increasingly sophisticated cyberattacks to target critical infrastructure, particularly the Information Technology sector, financial services, transportation systems, and communications infrastructure. However, the potential cascading impact of such threats goes beyond these critical infrastructure sectors and disrupts digital public platforms—infrastructure that enables the delivery of government services. Therefore, cyber-secured critical infrastructure and digital public platforms are vital for national security, better governance, and, more importantly, retaining citizens’ confidence. Enhanced cybersecurity cooperation at the G20 forum can contribute to ensuring the security and integrity of critical infrastructure and digital public platforms. Therefore, cybersecurity must be a key focus area in the digital agenda under India’s presidency in 2023.

G20’s previous cybersecurity initiatives

At the 2015 G20 Antalya Summit, the world leaders recognised that we live in an internet economy age that brings both opportunities and challenges. In 2016, during the Chinese Presidency, a G20 Digital Economy Task Force was established to shape a common understanding on addressing digital technology-related issues but excluded cybersecurity from its purview. In 2020, the Saudi Presidency bridged the digital economy and cybersecurity gap by convening the G20 Cybersecurity dialogue (as part of the Digital Economy Task Force) and focusing on the cyber resilience of the MSMEs (micro, small, and medium-sized enterprises) in the Digital Economy Ministers’ meeting, where India had highlighted the significance of making digital platforms trustworthy, safe, and secure. This focus on cybersecurity persisted under the Italian and Indonesian presidencies in 2021 and 2022, respectively, by underlining the criticality of cyberspace under the Digital Economy Working Group discussions. Specifically, under the Indonesian Presidency, the salient cybersecurity focus was evident in the recent Bali Leaders’ Declaration, which among other things, highlighted:
  1. The importance of countering disinformation campaigns and cyber threats and ensuring security in connectivity infrastructure;
  2. The Financial Stability Board’s consultative report on achieving greater convergence in cyber incidents reporting.
This demonstrates the G20’s recognition that the credibility of the digital economy hinges on the security and uninterrupted functioning of critical infrastructure and digital public platforms. To better defend these systems, India can take forward the G20’s work on cybersecurity by working with the rest of the members to adopt guiding principles and evolve practical ways.

Shaping India’s cybersecurity agenda for G20

It is time that cybersecurity gets a more prominent feature in the core initiatives of the G20, particularly when efforts to create a rules-based order in cyberspace have had limited success.

Specifically, India’s agenda must include the following:
  • Harmonisation between national Computer Emergency Response Teams (CERTs): The respective national CERTS have traditionally played an essential part in identifying potential cyber threats from within or across the border. They are also at the forefront of reporting cybersecurity breaches and incidents. Currently, there are bilateral agreements between the CERTs of different countries on sharing sensitive data and information regarding cybersecurity incidents. These act as the vanguard in ensuring quick responses to any significant impending attack targeting critical infrastructure. While bilateral coordination between different CERT teams has been the norm till now, there has been less clarity on the data being shared between the two countries. This necessitates a transnational effort to curate responses to cyber threats and defend against cyber warfare tactics. In its G20 Presidency, India can shape an initiative to improve state-to-state coordination by building a framework to ensure multilateral CERT cooperation. This can involve detailing the type of data to be shared with other CERT teams and how to report cyber incidents. In addition, G20 members can develop a broad framework for determining CERTs’ response to transnational cyber threats and a standard procedure to follow among different CERT teams when developing resilient cyber systems.
  • Defending against cybercrimes: Speaking at the 90th General Assembly of Interpol in October 2022, Indian Prime Minister Narendra Modi stressed upon the necessity of a global effort to fight against criminal activities. India now has the opportunity to spearhead a global partnership to build a safe cyberspace for economic activities and advance the digital economy. As part of this, New Delhi must examine the threat implications of ransomware and distributed denial-of-service attacks on critical infrastructure and digital public platforms and convene a cybersecurity dialogue focusing on thwarting cybercrimes and ransomware threats. Another potential focus can be on cyber forensic capacity building to investigate darknet activities and cryptocurrency transactions, which abet cybercrimes. Such an initiative will build on the G20 member states’ expertise in cyber forensics and specifically on India’s recently expanding domestic capacity in this field.
  • Augmentation of cybersecurity skills: A significant vulnerability that currently exists is the wide skilling gap among regular users and professionals vis-à-vis cyber threats. In addition, with diverse actors like financial entities, government agencies and law enforcement agencies storing their data on the cloud, there is a need for improved cybersecurity measures to safeguard sensitive information. This requires adequate cybersecurity experts and those who can contribute towards building capacity or expertise in this area. As part of its G20 presidency, India can introduce a roadmap to impart or teach cybersecurity skills to different segments of society. While it is hard to curate a single cybersecurity skilling programme for people of all age groups and backgrounds, G20 can envision different strategies to introduce cyber skilling programmes across the member states and their societies. The collective responsibility of the G20 states would be to equip their citizens with the necessary skill sets to recognise, report and prevent potential cyber threats and avoid data breaches.
To sum up, cybersecurity has become an essential aspect of international affairs that requires adequate focus due to its economic and geopolitical implications. It is time that cybersecurity gets a more prominent feature in the core initiatives of the G20, particularly when efforts to create a rules-based order in cyberspace have had limited success. As the G20 President in 2023, India can ensure that the field gets its due on the global stage.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Author

Sameer Patil

Sameer Patil

Dr Sameer Patil is Senior Fellow, Centre for Security, Strategy and Technology and Deputy Director, ORF Mumbai. His work focuses on the intersection of technology ...

Read More +

Contributor

Arjun Gargeyas

Arjun Gargeyas

Arjun Gargeyasis an IIC-UChicago Fellow and was previously a researcher with the High-Tech Geopolitics Programme at the Takshashila Institution.

Read More +