Obama's India Visit Covers Info SharingObservers Cite Barriers to Indo-U.S. Cybersecurity Vision
Threat information sharing was among the cybersecurity topics discussed by President Barack Obama and Indian Prime Minister Narendra Modi during the U.S. leader's visit to India as the chief guest at the Indian Republic Day parade. However, security experts say that the creation of real-time information sharing framework for cyber-threats is highly unlikely.
See Also: Data Center Security Study - The Results
"Devising an effective mechanism for information sharing without giving away too much on sources has constrained the U.S. in the past from providing threat information - cyber or otherwise- to countries other than its closest allies," says Dr. Cherian Samuel, associate fellow at the Institute for Defense Studies and Analyses in New Delhi.
Samir Saran, senior fellow and vice president at the Observer Research Foundation, a Delhi-based think-tank, says the practical aspects of intelligence sharing are complex. "There has to be a detailed framework that will need to be developed for sharing of information between the two governments and the departments therein," he says.
This would entail not only closer calibration, but in many instances initiation of processes among and across departments involved. Without this, the political intent is unlikely to be implemented, he says.
The topic of information sharing arose during a broader cybersecurity discussion between the two leaders.
U.S. Deputy National Security Advisor Ben Rhodes said during a press briefing in New Delhi on Jan. 26 that cybersecurity was identified as an area where there can be increased cooperation. "The cyber discussion came up specifically in that context with the need to protect intellectual property," he said.
Obama picked up on that theme at a dinner hosted by the U.S.-India Business Council. "In knowledge-based economies, entrepreneurs and innovators need to feel confident that their hard work and, in particular, their intellectual property will be protected," Obama said.
In a joint U.S.-India statement, both leaders noted their growing cooperation on battling cybercrime and its "serious risks to national and economic security from malicious cyber-activity and agreed to cooperate on enhancing operational sharing of cyber threat information, examining how international law applies in cyberspace and working together to build agreement on norms of responsible state behavior."
Prior to the state visit, a joint declaration of intent for cooperation in the field of information & communications technology and electronics, was also signed between the U.S. ambassador to India, Richard Verma and R S Sharma, Secretary of the Indian government's Department of Electronics and Information Technology.
In response to the announcements, Dr. Samuel notes, "Both countries have already had discussions on international law in cyberspace, and agreements on norms of responsible state behavior, so this is an ongoing exercise." While operational sharing of cyber threat information holds a lot of promise, sharing of technical capabilities for early-warning of cyberattacks and cooperation on attack mitigation would be mutually beneficial and more realistic goals for both the countries.
An intelligence-sharing pact that would make India a close partner with the U.S., next only to member countries of the 'five-eyes' treaty, is reportedly in the works. The challenge is going to be the practical action points. Such a pact would give Indian intelligence agencies access to encrypted digital traffic which they are at present unable to decipher.
Saran believes that information sharing among friendly nations can become especially relevant when it comes to the use of cyber weapons. "For instance, India was heavily affected by Stuxnet, even though it was ostensibly directed at another target," he says. "Friendly countries need to find ways to alert and inform the other to prevent collateral damage."
While much can be expected from a cooperation and partnership point of view in the key strategic domain that is cyberspace today, arrangements between the two countries thus far have remained part of a broader conversation. Cybersecurity is one of the key areas of cooperation under the Ten Year Defense Cooperation Perspective Plan which India and the United States will be discussing soon, says Col. M V Ganapathy (ret.), former senior official at the Indian Prime Minister's Office.
"There are already many inter-governmental agencies cooperating in this strategic area," he says. "This effort needs to be institutionalized for better coordination, accuracy, sharing of critical information and prevention of terrorism."
Deity's Sharma believes that the manner in which the U.S. has framed and implemented a fairly comprehensive cybersecurity assurance framework and protection plan for critical information infrastructure holds important lessons for India. "There is a need to learn from the U.S.' experience so as to create better frameworks within our context for implementation in 'Digital India' program," he says.
Dr. Gulshan Rai, Director CERT-In says, "The first step towards enhancing the cybersecurity posture is to have more skilled manpower available to handle sophisticated technology and cyberattacks." He believes that this is another area where U.S. models can be emulated, and a transfer of technology and expertise in this area will help India better address this challenge.
Dr. Rai says that under existing arrangements, the Indo-US Joint Working Group on Information Technology meets on regular intervals to discuss the issues of bilateral importance to both the countries and cyber security forms an important part of the agenda.
"The US-CERT and CERT-In have a memorandum of understanding to exchange information on cyber security, threats and incidents," he says, adding that there is a need for strengthening these forums and to work together to address new age issues such as advanced persistent threats and botnets.
Experts agree that India needs to move past the whitepaper stage in cybersecurity. The U.S. restructured its security apparatus in a big way post 9/11 by focusing on homeland security. Learning from this and executing critical projects in cybersecurity in a timely manner is going to be imperative for India, they say.
In the aftermath of President Obama's visit, the consensus is that relations can be further strengthened by collaboration in areas of strategic interest to both countries. Col. Ganapathy notes that the U.S. is now the third-largest arms exporter to India. He believes this is a sign of positive movement on critical defense issues, and needs to include cybersecurity.
"We have to move from a patron-client relationship with the US to a partnership model," he says.