• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books
• Gallery

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

Repeated assessments of leading think-tanks in the US tell us that India can once again be subjected to a 26/11. Against this backdrop it is only sensible that we look at every known vulnerability in our schemes to protect our megacities, the favourite terrorist targets, and take appropriate preventive measures.

My own impression is that our critical infrastructure — power, water, air traffic control and telecommunication — offers easy inroads to the determined terrorist. The latter could combine frontal physical attacks with assaults on our critical infrastructure, a cocktail that can deal a deadly blow to our assets.

India is particularly disadvantaged in this respect, because all our neighbours are weighed down by grave public disorder. They also harbour elements inimical to India. This is one reason why regional coordination and exchange of information and intelligence becomes extremely difficult. To that extent, protection of our infrastructure and information systems too is a challenging task.

These were the thoughts that overwhelmed me when I read reports recently of a two-day conference (April 27-28, 2009) of the European Union (EU) devoted to critical information infrastructure protection (CIIP) held in Tallinn, the Estonian capital.

Both the timing and the venue of the event were significant. The days marked the second anniversary of the cyber attack — generally believed to have emanated from Russia — on Estonia, a Baltic nation whose normal life was paralysed by cyber aggression from across the border.

Estonia illustrates the truth of the belief that high levels of computerisation can be both a blessing and a curse. There is no earthly use of computerising all day-to-day critical activities without ensuring cyber security of the most sophisticated kind. This is what our policy makers need to keep in mind all the time when they speak of widening the use of computers, especially in our financial institutions.

Not only computers that regulate water and power supply systems need protection. There are institutions such as all the wings of the Armed Forces and those that govern the country’s finances which store extremely sensitive information. Stealing such information or altering it even slightly could be disastrous to national security and the health of the country’s economy. The Satyam scandal amply testifies to this. The ease with which the principal accused in the case generated bogus documents and fooled everyone around him emphasises how private industry, and not merely government departments, needs to fortify itself with impenetrable information systems.

The focus of the Tallinn conference was one of forging uninhibited cooperation and exchange of information among EU nations, so that the risk of disruption of information systems is reduced. The conference forum was used to communicate and review what the European Commission (EC) had already done in the area. The document that was prominently discussed was the Communication on “Protecting Europe from large-scale cyber attacks and disruptions” that the EC had adopted recently.

This plan concentrates on a series of short-medium term actions to strengthen security and resilience (the ability to recover from an attack) of a critical infrastructure facility. It takes into account the warning issued last year by the World Economic Forum that there was a 10 to 20 per cent chance of a worldwide breakdown of critical infrastructure by 2010. It could cost the world about $250 billion. This alone would warrant action on a war footing to secure the systems that run our critical infrastructure. The EC had launched a public consultation process in finalising its strategy. It received nearly 600 responses. What stood out from them was the widespread belief that threats to critical infrastructure had become global, and any effort to thwart them necessarily required global cooperation. The crucial role played by the Computer Emergency Response Team (CERT) in each country was also highlighted by the respondents.

The Tallinn Conference and subsequent reports on its deliberations pointed out how transparency was of the essence to any concerted plan to protect countries from cyber attacks of the kind Estonia experienced in 2007. Misgivings in the area arise from the tendency of many private corporations to suppress breaches in their information systems.

There is a lack of trust that any honest reporting of breaches will not be exploited by business rivals. It is for this reason that Sweden, which is known for its high levels of social cohesion and trust, is held out as an example for handling cyber security issues with aplomb and to the benefit of society.

The country is said to organise a cyber warfare exercise from time to time, in which officials and business representatives sit together to handle simulated cyber attacks and learn how to ensure that there is the least disruption to public services. This is an amazing practice that we in India could adopt to our advantage.

The EU is contemplating a regional cyber war exercise in 2010. There are problems of organising this both logistic and slight differences in perceptions. Irrespective of whether such an exercise takes off the ground or not, there is agreement within the EU that there is a solid case for a regulatory framework for forestalling the kind of problem which Estonia experienced.

It is sad that any such possibility of a joint operation is a near dream in the Asian context, given the distrust and hostility that govern relations between nations, especially those in the Indian sub-continent.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line