The government of India plans to release a Cybersecurity Strategy in 2020, Lt Gen. (Dr) Rajesh Pant, the National Cyber Security Coordinator in the National Security Council, in a response to a question from MediaNama. He added that the government had “made a start” on a cybersecurity policy, saying that the present Cybersecurity policy was released in 2013, and a lot has changed in the six years since then. “5G will change the entire scope of cybersecurity in India. There are new aspects like ransomware, and IoT was not there. So with these changes, there is going to be a new strategy for dealing with cybersecurity. We have created a small team and we will write something and we will get comments from people,” he said, indicating that there will be a consultation.
Pant was speaking at the third launch event of the book Data Sovereignty: The Pursuit of Supremacy by Vinit Goenka, Lt Gen. Vinod Bhatia, Lt Gen. V.M. Patil, Lt Gen. (Dr) D.B. Shekatkar, Lt Gen. Vinod Khandare, Jayadeva Ranade, and Bharat Panchal, on June 21st 2019.
Comments by Pant at the book launch
During the Q&A, Pant was asked about India’s cyber offensive capabilities, and he said that “we have the [offensive] capability, but nobody will talk about it’”. Other comments he made at the book launch, some points in response to questions he was asked by the audience, included:
1. On Data Protection issues:
- On the Data Protection Bill: “… if you read the white paper [of the Data Protection Bill], it’s very interesting; it talks of three zones. There is the red zone, where the data stays inside the country, it doesn’t go out of the country. There is an amber zone, where a copy of the data stays inside the country, and it can go outside. And there is a green zone which, you know, talks of cross border flows and free flow of data, etc. because not all data is important … that’s what you were asking. Then it defines personal data also. … Well it defines what is personal data, that is, data which identifies you, you know like biometrics, like financial identification etc. And then the bill covers everything. It covers a lot of penalties in it. … the penalties can go up to in crores, 15 crores or a percent of your revenues, things like that. So the bill is going to be introduced and it going to be debated hotly, the way most bills are in our country. And we hope that if not in this session, then at least in the Monsoon session or Winter session that something is going to come out.”
- On data leakages in the banking and financial sector: “I find a lot of leakages taking place in the BFS, the financial sector, the number of reports that one gets of you people losing money, the banks losing money, banks not revealing for lack of you know for loss of reputation, etc., that is a worry”
- On free data storage offered by companies like Google: “There is a very important saying that for anything that is free, you are the product. That is their business model.”
- Data is the new oil: Even Pant was not immune to the temptation that afflicts every member of the government. He uttered the hallowed words — ‘data is the new oil’.
2. On security concerns:
- On identifying critical sectors to protect: “I am dealing with multiple sectors at the moment and I find that my priority number one in this appointment was the critical sectors. So power and energy. We have identified six critical sectors including nuclear and atomic sector.” And “Energy, gas, communication sector … these are the critical sectors. They have to be protected with whatever we have got. … After that is the government sector, and then of course the individuals.”
- On Aadhaar: “Your Aadhaar is very well protected, I can assure you. So you have nothing to worry about.”
- On basics of security: “… the universal concept [of security] is the same, and the concept is that we have a general layer depicting that we have a presence, and the core part is guarded with whatever we have. … Cybersecurity, the concept is the same, so even we know it. Even when we have the firewalls, and the APTs [advanced persistent threats] and the anti-DDOS [distributed denial of service] and all, today you can overcome everything. But the data that we want to protect, we protect it with hardware security, with software security, with many other waves.”
3. On 5G: “We have some plans which cannot be revealed at the moment.”
4. On external threats: “Cybercrime is something that is happening as we speak, in ways that you can’t imagine. … our starting point as I said is that you don’t trust anyone, not even the admin. That is how we implement our strategies … and why I am saying that is because it is not only China. China is our stated adversary. You know what happened recently in that EternalBlue case where the NSA had secretly kept that exploit for 5 years and they were using it, till the time another group called Shadow Grippers [Editor: It’s Shadow Brokers], you know, sneaked on them that they are using this exploit of Microsoft and then they said that okay. See, everybody is doing it. Russians, the Chinese …”
5. On Make in India: “Tejas Networks is making great switches and routers …”
6. On his role: “… my job is not to scare you, my job is to assure you that we have a secure and resilient cyberspace in India.”
7. On securing 2019 Lok Sabha elections: “During the last elections, all that I can say is that the social media, they did what we told them to do whether it was fake news, whether it was bringing down sites. So despite not being under our jurisdiction, which you know you understand when all these sites, they come through the ISPs, the internet content comes through the ISPs and ISPs are companies that are registered in India. So as per the licence agreement, they do what we tell them to do. But what is coming through the pipe is registered in Singapore, all these companies are registered in Singapore. So they are not bound by that. But despite that, we had called each one of the and they did what we asked them to do and everything went off smoothly.”
Anti-China points by speakers at the book launch
At the book launch, China loomed large on everyone’s minds and tongues. Practically every speaker emphasised on the Chinese threat, apart from the comments by Pant mentioned above, both as an military adversary, and as an economic rival. Here are a few samples:
- “… Chinese phones. Most of the troops in the forces, everybody wants a flashy device [holding up a Chinese phone], … that means you can actually map out which regiment is moving where, which skill set is moving where. And then connected to Facebook. … You know how the forces will react. Next point, construction industry … every equipment that is there [at the construction exhibition] is chipped by [the Chinese] … including the kind of material that is going into construction which means that if you have a strategic project … the Chinese know, sitting there, at what rate, at what milimetre rate, your construction is being made [sic].” — Wing Commander Satyam Kushwaha (Retd.)
- “The Chinese have been, the only word I can use is prowling around, in Silicon Valley, looking for start-ups which are developing technologies which they are interested in. And they have started offering them, you know, incentives which they find very difficult to refuse. And they [the Chinese] are buying them, or acquiring controlling shares. As of last week, the FBI has become more serious and has started cracking down on them. So with the result that the Chinese investments there have dropped. But that is the way they are operating. … Here [in India], they are looking at two aspects. They are looking at start-ups here, or youngsters here. And they are approaching them and offering them large amounts of money. They are also approaching English language teachers, including people who started their own tutorials. … It’s an input for them acquiring the necessary cyber capability.” — Lt Gen. Vinod Bhatia, co-author of Data Sovereignty: The Pursuit of Supremacy
- “China has got its own network; you can’t get out of it. … Weibo, they have their own chat, they have their own thing. … We are a little late on the scene. … Already we are porous. Our data has gone perhaps, gone everywhere.” — A retired naval officer
- “We [RailTel] run a national optical fibre network in the country, and that’s the only network in the country which does not have a single Chinese equipment [sic] on its network.” — Ashutosh Vasant, Director, RailTel Corporation of India