Event ReportsPublished on May 14, 2018
Multi-disciplinary approach required for cyber-security

“Cyber law and policies should stand grounded firmly and be updated to hold against cyber-threats,” according to J. Prasanna, Director, Cyber Security & Privacy Foundation, Bengaluru. Initiating an interaction on “Cyber-threats in national perspective” at the Chennai Chapter of Observer Research Foundation on 5 May 2018, Prasanna said technological inter-connectivity has made our lives easier on one hand, through developments such as appliances and services connected by the Internet and increasingly capable mobile computing, but with more devices on other hand to hack, budding the opportunities of cyber-crime to grown. Thus when cyber-attacks are carried out on an exponentially increasing interconnected internet landscape, it affects more than ever before.

Insufficient ‘anonymisation’ is leaving ever-increasing data at the risk of breach. As technological inter-connectivity have been tremendously increasing with the emergence of smart phones, more sophisticated mobile computing, and the use of biometric data in the case of Aadhar have concerns over privacy and security. The biggest challenges to the privacy in the digital age revolve around the transmission of personal data. Data collection has become an inexorable part of daily life, prevailing during each and every electronic transaction.

Such massive data sets have the ability to enhance human life, but only if data analysis and collaboration can occur without incapacitating individual privacy. Contemporarily, the trade-off between the volumes of privacy data entries are afforded and the extent to which data researchers can extract apposite information. However, simply removing personal attributes from a data set, does not adequately protect the privacy of the individuals used in the data set with data thefts becoming increasingly common, there must be a lot to be done to protect individual privacy, and that is the prior issue, Prasanna said.

Privacy and security

Privacy and security could be fostered only by design itself and then by good communication practices, not the other way around, which makes things vulnerable. As the Internet of Things (IoT) and wearable devices reach deeper into our lives, data transmission and collection will increasingly rely on cloud computing services and this partnership will present new privacy and security vulnerabilities.

The expansion of the IoT fundamentally changes the nature of cyber security threats, expanding them far beyond cyberspace. In order to increase interconnectivity and simultaneously shrink opportunities for malicious activity, privacy and security must be implemented as fundamental features in the design stages of production, Prasanna said.

The increase in smart infrastructure is demonstrating the need for well-planned security features. Protecting the cyber integrity of critical infrastructure, such as energy grids, power-plants, banking and financial nectors and traffic-control and navigation functions will be one of the National cardinal challenges in the fore-coming years.

The ongoing proliferation of cyber-physical systems, a combination of physical infrastructure, computing power and cyber networks, has the potential to increase the functionality of our infrastructure, but its digital processes can also be subject to cyber-attacks. Impounding critical infrastructure cyber secure will be one of the most complex and important challenges faced by governments in the near future.

There has been a massive digitisation of formerly analog functions in critical infrastructure. This phenomenon is not just confined to power plants, but spread across many functions. Critical research institutions face the threat of losing their privacy of academic information. Cyber-risk of playing “the voice of people” in the election by psychological profiling and manipulation is always in the scenario, which is very dangerous to democracies.

Digitised and hyper-connected critical infrastructure improves efficiency and responsiveness, and allows for data driven decision-making. Such inter-connectivity will only be expounded upon as public safety, transportation, banking and other critical services inevitably connect and utilize the cyber-physical systems, Prasanna explained.

Software with hard law

Collaboration in the digital realm is no different than other forms of collaboration, Prasanna said. New norms of data sharing should be adopted both within and across industries in order to address the particular strengths and potential hazards of each unique situation. The perpetually-progressing world of cyberspace is reaching further into our daily lives and up to the highest levels of government and business.

As the cyber world increasingly penetrated itself into to the physical world, there is a vacuum created for new and defined norms of collaboration to help govern behaviour and effect change. The knowledge base of policy makers should expand to adapt the rapidly evolving digital threats and firm it with severe rules and Laws. As cyber threats evolve at an ever increasing pace, it is paramount for lawmakers and government to stay updated with the latest developments, and to use that information to ensure the law reflects changing technological capabilities across ages.

An inability to stay ahead of this curve risks misemploying of technology through ignorance or malice with no legal recourse, and may leave the nation, vulnerable to attacks, which we have faced in the social networking Companies. In order to implement effective laws and policies in this domain, it is crucial that law-makers and law-enforcement authorities should understand the current challenges faced by cyber-security experts also. There requires a multi-disciplinary analysis, which must be understood by policy-makers, Prasanna added.

This report was prepared by S Sivanesan, Associate, Observer Research Foundation, Chennai 

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.