Digital dreams, cyber security nightmares

Government initiatives in increasing Internet-enabled services must address concomitant worries regarding the privacy and safety of citizens’ data

The world is increasingly connected and much can be accessed digitally in real time, often giving a tremendous advantage to various parties concerned. Now, we have initiatives that are increasingly digitising government departments and services and promising to make information available at the click of a mouse, or the touch of a finger at a kiosk.
The thought of cutting the Gordian knot of red tape that has maintained a centuries-old stranglehold on anything to do with government services is attractive. The notion of a paperless world is as beguiling as it is elusive. Technology evangelists have been predicting it for long, yet the road ahead is both long and winding. Along the way are hazards. Information highway robbers would rank among the more frightening ones, especially since they continue to demonstrate an uncanny ability to rob what should have been secure digital vaults that protect public information gathered by government agencies.
Digital dreams, cyber security nightmaresThe recent instance of a cyber breach at the USA’s Office of Personnel Management exposed personal information of at least 1.8 crore current, former and prospective US government employees. Even as the breach cost the director her job and the investigation continues, it soon became apparent that the hackers, believed to be Chinese, breached the servers through a contractor employed by the department and used that company’s credentials.
The highly computerised country is often a target of hackers, many of them foreign. Even the White House’s unclassified computers have been hacked, a dubious distinction that the State Department and other sensitive wings of that government share. The number of attacks on various corporations and other entities is staggering, as is the amount of data that has been compromised due to such attacks.
India is by no means safe from such attacks. In April, the website of the Controller of Defence Accounts (Officers) had been hacked, potentially leaking details about the officers’ pay, provident fund and other sensitive financial data. Predictably, after the initial furore, the issue was brushed under the carpet.
Last year, National Informatics Centre (NIC), servers were breached. Among other responsibilities like handling websites of Central government departments and e-mail accounts of senior government officials, the NIC also has the exclusive right to issue digital certificates and signatures. Hackers had apparently managed to penetrate the systems and issue fake digital certificates. The NIC remained unaware of the breach till outside agencies raised the alarm. It also tried to minimise reports about the damage done, and was not cooperative about its subsequent investigations.
The 2015 annual ‘Cost of Data Breach Study: Global Analysis’ by the US-based Ponemon Institute has found that the cost of data breach had increased by 23 per cent since 2013. The study of 350 companies in 11 countries, including India, found that the cost keeps on climbing.
The cost of privacy, like the cost of life, varies according to where the breach happens. Every compromised record costs money, more in the US, where it is pegged at $217. India is at the bottom of the totem pole at $56.
Harnessing the Internet to make improvements to the lives of the citizens is a common goal that many governments share as they seek to use digitisation to bring in more accountability and improve the efficiency of bureaucratic processes. India too has made some impressive strides over the years. In fact, many of the programmes in the recently launched Digital India initiative can be traced back to various schemes of the preceding government. The problem has always been with the implementation. Even as governments struggle in getting the right data, and finding ways of ensuring its accuracy, there is always the threat of the data being misused, or the servers that store it being hacked.
While it can be successfully argued that we do not treat privacy as seriously as the western world, it remains the duty of the government to guard the privacy of its citizens. As more and more information is reduced to bits and bytes before being stored in digital lockers, it is incumbent on the government to ensure that such lockers stay locked.
One advantage that India has over some of the early adopters of computerisation is that we do not have to face legacy issues. We have the luxury of starting anew, and for this, we need to adopt the best practices of nations that have successfully demonstrated the required commitment to transparency in gathering and securing data.
One nation that stands out is Estonia, known among Internet users as the birthplace of the popular video chat software Skype. The country has aggressively worked on digitising government records and services. It faced a major cyber attack in 2007, but successfully bounced back, learning from the experience to become an important international cyber security player. Since August 2008, the NATO Cooperative Cyber Defence Centre of Excellence has operated out of Estonia’s capital Tallinn.
Instead of reinventing the wheel, we should cherry pick the best elements of what is already working well. We must also realise that international cooperation is vital in preventing and combating cyber attacks. Indian authorities need to be transparent while dealing with international organisations. It is not possible to brush off cyber attacks, but that is the first knee-jerk reaction of bureaucrats who usually head government entities. On July 12, when the website of ISRO’s commercial arm Antrix Corporation Limited was defaced, the space agency downplayed the incident. Such low-level attacks, while embarrassing, are seldom damaging.
A change of attitude is called for. Even as effort is made to provide better internet-enabled services to Indians, much more attention must be given to ensuring the best possible cyber security for the data that is inevitably needed for such services. It is ironic that while many Indians are well known for their cyber security expertise internationally, their homeland’s flanks are exposed. A pity, indeed.
This article was published in The Tribune OpEd page on July 17, 2015

Leave a Reply

You must be logged in to post a comment.