Obama's India Visit Covers Info Sharing

Observers Cite Barriers to Indo-U.S. Cybersecurity Vision
Obama's India Visit Covers Info Sharing
President Obama and Prime Minister Modi during Obama's recent visit to India. (White House photo)

Threat information sharing was among the cybersecurity topics discussed by President Barack Obama and Indian Prime Minister Narendra Modi during the U.S. leader's visit to India as the chief guest at the Indian Republic Day parade. However, security experts say that the creation of real-time information sharing framework for cyber-threats is highly unlikely.

See Also: Secure Access in a Hybrid IT World

"Devising an effective mechanism for information sharing without giving away too much on sources has constrained the U.S. in the past from providing threat information - cyber or otherwise- to countries other than its closest allies," says Dr. Cherian Samuel, associate fellow at the Institute for Defense Studies and Analyses in New Delhi.

Samir Saran, senior fellow and vice president at the Observer Research Foundation, a Delhi-based think-tank, says the practical aspects of intelligence sharing are complex. "There has to be a detailed framework that will need to be developed for sharing of information between the two governments and the departments therein," he says.

This would entail not only closer calibration, but in many instances initiation of processes among and across departments involved. Without this, the political intent is unlikely to be implemented, he says.

Cybersecurity Agreement

The topic of information sharing arose during a broader cybersecurity discussion between the two leaders.

U.S. Deputy National Security Advisor Ben Rhodes said during a press briefing in New Delhi on Jan. 26 that cybersecurity was identified as an area where there can be increased cooperation. "The cyber discussion came up specifically in that context with the need to protect intellectual property," he said.

Obama picked up on that theme at a dinner hosted by the U.S.-India Business Council. "In knowledge-based economies, entrepreneurs and innovators need to feel confident that their hard work and, in particular, their intellectual property will be protected," Obama said.

In a joint U.S.-India statement, both leaders noted their growing cooperation on battling cybercrime and its "serious risks to national and economic security from malicious cyber-activity and agreed to cooperate on enhancing operational sharing of cyber threat information, examining how international law applies in cyberspace and working together to build agreement on norms of responsible state behavior."

Prior to the state visit, a joint declaration of intent for cooperation in the field of information & communications technology and electronics, was also signed between the U.S. ambassador to India, Richard Verma and R S Sharma, Secretary of the Indian government's Department of Electronics and Information Technology.

Big Picture

In response to the announcements, Dr. Samuel notes, "Both countries have already had discussions on international law in cyberspace, and agreements on norms of responsible state behavior, so this is an ongoing exercise." While operational sharing of cyber threat information holds a lot of promise, sharing of technical capabilities for early-warning of cyberattacks and cooperation on attack mitigation would be mutually beneficial and more realistic goals for both the countries.

An intelligence-sharing pact that would make India a close partner with the U.S., next only to member countries of the 'five-eyes' treaty, is reportedly in the works. The challenge is going to be the practical action points. Such a pact would give Indian intelligence agencies access to encrypted digital traffic which they are at present unable to decipher.

Saran believes that information sharing among friendly nations can become especially relevant when it comes to the use of cyber weapons. "For instance, India was heavily affected by Stuxnet, even though it was ostensibly directed at another target," he says. "Friendly countries need to find ways to alert and inform the other to prevent collateral damage."

Setting Expectations

While much can be expected from a cooperation and partnership point of view in the key strategic domain that is cyberspace today, arrangements between the two countries thus far have remained part of a broader conversation. Cybersecurity is one of the key areas of cooperation under the Ten Year Defense Cooperation Perspective Plan which India and the United States will be discussing soon, says Col. M V Ganapathy (ret.), former senior official at the Indian Prime Minister's Office.

"There are already many inter-governmental agencies cooperating in this strategic area," he says. "This effort needs to be institutionalized for better coordination, accuracy, sharing of critical information and prevention of terrorism."

Deity's Sharma believes that the manner in which the U.S. has framed and implemented a fairly comprehensive cybersecurity assurance framework and protection plan for critical information infrastructure holds important lessons for India. "There is a need to learn from the U.S.' experience so as to create better frameworks within our context for implementation in 'Digital India' program," he says.

Dr. Gulshan Rai, Director CERT-In says, "The first step towards enhancing the cybersecurity posture is to have more skilled manpower available to handle sophisticated technology and cyberattacks." He believes that this is another area where U.S. models can be emulated, and a transfer of technology and expertise in this area will help India better address this challenge.

Dr. Rai says that under existing arrangements, the Indo-US Joint Working Group on Information Technology meets on regular intervals to discuss the issues of bilateral importance to both the countries and cyber security forms an important part of the agenda.

"The US-CERT and CERT-In have a memorandum of understanding to exchange information on cyber security, threats and incidents," he says, adding that there is a need for strengthening these forums and to work together to address new age issues such as advanced persistent threats and botnets.

Experts agree that India needs to move past the whitepaper stage in cybersecurity. The U.S. restructured its security apparatus in a big way post 9/11 by focusing on homeland security. Learning from this and executing critical projects in cybersecurity in a timely manner is going to be imperative for India, they say.

In the aftermath of President Obama's visit, the consensus is that relations can be further strengthened by collaboration in areas of strategic interest to both countries. Col. Ganapathy notes that the U.S. is now the third-largest arms exporter to India. He believes this is a sign of positive movement on critical defense issues, and needs to include cybersecurity.

"We have to move from a patron-client relationship with the US to a partnership model," he says.


About the Author

Varun Haran

Varun Haran

Principal Correspondent, ISMG

Haran has been a technology journalist in the Indian market for close to six years, specializing in information security. He has driven industry events such as the India Computer Security Conference (ICSC) and the Ground Zero Summit 2013. Prior to joining ISMG, Haran was a correspondent with TechTarget and InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.




Around the Network