India and the United Kingdom expressed concern over “the increased willingness of states and their proxies” to facilitate malicious cyber activities stressing that the rules-based international order must be upheld online, according to a joint cybersecurity statement released by the countries. “We will deepen coordination on mitigation strategies against Advanced Persistent Threats as well as cooperation on tackling cybercrime,” the statement said.
The statement was released following UK Prime Minister Boris Johnson’s two-day trip to India. The countries said that the role of voluntary and non-binding norms to promote responsible state behaviour cannot be discounted. (A copy of the norms can be found here)
The two countries condemned the use of cyber tools to damage or impair critical infrastructure. The statement declared that the states are obliged to respond to “appropriate requests” to address malicious information and communication technology (ICT) activity against other states emanating from their territory”.
The statement highlights how cybersecurity has become a crucial point of discussion among major countries. The fact that a separate statement was released on cybersecurity reveals that the topic has become a significant issue for consideration. It is also a tacit acknowledgement of the need for cooperation to address cyberattacks taking place offshore.
What else was discussed?
Cooperation among countries: The two nations agreed to work on an international convention to counter the use of information and communication technologies by criminals. The convention will look to build international cooperation to prevent, deter, mitigate, investigate and prosecute cybercrimes, the statement said. “India and the United Kingdom are working in close cooperation under the International Counter Ransomware Initiative,” the statement added.
Securing IoT devices: The two countries will work with private players and international standards organisations to stipulate measures which will nudge manufacturers to incorporate security features in the design of Internet of Things (IoT) devices. “We will complete joint work to identify shared vulnerabilities, and promote effective public-private partnerships, with a view to ensuring decisions on systems design and deployment take into account public safety protections,” the statement read.
Collaboration with the private sector: “We recognise that governments cannot meet the challenges of the digital age alone. We will continue to collaborate closely with digital service providers, social media and telecommunications companies, to embed safety in the services they offer while ensuring the protection of user privacy and their cooperation with the relevant government entities, especially with the onset of 5G and 6G technologies,” read the statement.
Spreading cyber awareness: The countries announced plans to increase the availability and diversity of cyber skills in the workforce. Their efforts will centre around the use of education to spread awareness about cyberspace and cyber hygiene.
Summary of cybersecurity cooperation between India and the UK
The first India-UK cyber dialogue was held in November 2012, as per a post from the IISS. The countries had agreed to reduce the risk of threats from cyberspace and tackle cybercrime, and build skills and capacities, among other things, the post revealed.
The partnership between the two countries intensified in April 2018 with the signing of a five-year ‘framework agreement’.
“The fourteen areas of cooperation included exchanging information and strategies for effective cyber security, crime, international law, incident management and threat response; promoting cooperation in the fields of cyber security-related research and development, and cyber security product development; and developing a common and shared understanding of international cyber stability, and destabilising cyber activity,” IISS said in its post.
Prime Ministers Narendra Modi and Boris Johnson signed an agreement in May 2021 to promote international security in cyberspace. The countries sought to improve bilateral cooperation on critical national infrastructure, healthcare, and vaccines. The statement encouraged cooperation between governments and the private sector to embed safety in ICT products and in system designs while ensuring the protection of user privacy.
A meeting was held in October 2021 which discussed various aspects of cooperation in the area of cyber capacity building. The most recent meeting was held on April 12, 2022, where they revealed that there had been “substantial bilateral engagement” over issues of cyber governance, deterrence, and resilience between the two countries.
- UN Cyber Stability Conference: Understanding threats in cyberspace
- IT Minister Ashwini Vaishnaw on creating a new world order for internet regulations
- UN Cyber Stability Conference: How confidence-building measures can avoid conflicts