Published in Incubator,
The Entrepreneurship Magazine of IIM Shillong.
On the growing concerns of cyber security and potential business for start-ups.
The path of human evolution is closely linked to our
defence systems. I am no anthropologist but I can see that the needs of today
were actually the military necessities of times gone by. The computer,
cryptographs, Internet, rockets, cars are by products of the Second World War.
The famous saying goes that the fourth world war if ever fought will be in
bricks and stones. Maybe. But the third for sure will be fought in the
cyberspace.
And it has already begun!
Cyber security today has become paramount to national
security. Security experts point out that there are two types of companies
today: those which know that they have been hacked and others who have been
hacked without realizing it. I propose its extrapolation to nations: states
which know they have been hacked and those who know it but act ignorant. And of
course there is a third category: states with army of hackers to invade other
nations.
If I were to name the militarily active warzones of
the world cyberspace would be my first choice. It is an active warzone, with
multiple fronts, multiple combatants and no rules. The war zone has state
players snooping around, private companies, ethical hackers and hackers who are
there for the fun of it. The reported hackings around the world has increased
by a phenomenal 42% on a year on year basis. While companies are more
forthcoming in reporting hacking, states find a certain amount of reluctance to
admit it. First no one country can be exonerated or proved guilty and since
little can be proved any gung-ho about the matter it is quickly brushed under
the carpet.
There has been a rise in two generation of hackers. One is closely associated with the state
armies like China or Russia snooping in other nations defence systems, or
(being politically incorrect) USA and Israel whose Stuxnet virus was responsible
for hacking into Tehran’s nuclear facilities. The other are relatively new
entrants: companies or hackers who snoop in the cyberspace just to create havoc.
Some self-appointed cyber vigilantes waged a cyber-war between Indian hackers
and their Pakistani counterparts, each trying to unmask the other nation’s
state websites.
With cyber space becoming the focus of the country’s
defence it is immensely important for the country to channelize their cyber
hackers in a right direction. A misguided hacker may just post the operations
of a complex weapon on the internet for the benefit of the terrorists, or
potential hacking into sensitive government databases can hold the country to
ransom, with target spectrum of economy to defence systems. Maybe underlying
the charisma and debonair of John McClane was a very real potential threat in
Die Hard 4.0, where cyber terrorists hack into the government database.
The real problem is defining the cyber space and then
protecting it. With the number of border issues still on ground demarcating the
abstract space seems next to impossible. “If you don’t really know where your
castle starts and ends, you can’t really build an effective wall and moat
around it”, says Nils Phulmann, former security chief of Zynga and founder of
cloud security alliance. India, unfortunately with its democratic baggage is
not exactly a model of pro-activeness, but it is not far reaching to assume
that China’s hackers used Indian cyber security hacking as net practice before
taking on America.
Indian government and many start-ups need to look into
the cyber security sector. Pessimistically, most of the world (ones that matter
or is our potential threat or competitor) knows all about our missile
programmes, company data and stock exchange, in the most optimistic view, they
are struggling hard to shred through last few firewalls and blast in. In any
case we are grossly underprepared and defenseless.
The American’s, touchy about their security after
Pearl Harbour and 9/11 and petulant of their numero-uno status with regard to a
inflaming China and cantankerous Russia, have already begun a debate about how
best to tackle the problem. America has been a cheerleader for an international
convention on cybercrime that prohibits private actors from striking out
online. However there is a growing section which advocates a more aggressive
approach, where companies or security firms they employ are allowed to strike
back at the hackers or at least track stolen files and reclaim them or prevent
their use without damaging other networks.
The Annual Black Hat event last year displayed the
growing concern of companies with the issue. Some entrepreneurs have already
dived into this area knowing full well that with the growing times they will be
the forefront of defence capacities. Some have developed ingenious solutions
like planting false info, gibberish data, creating a virtual labyrinth, an
endless maze, crunching huge data to identify threat and shut down and much
more. Some have even developed codes to strike back when required.
India with its neighbour concern has this one actual
chance to stay in the game and not be overrun by China and the others. Though
little thought seems to be given in this direction by anyone. The whole country
is at a standstill for the next elections, and the army, traditional as always,
is still struggling to catch up with China and effectively deter Pakistan on
land to think of the cyberspace. What is appalling is the fact that no one is
even recognizing this as a potential threat. But then we wait till the problem
snowballs. It may take at least two years for the next government formed to
begin work, assuming it is not a hung parliament and after diktats of the
coalition dharma have been fulfilled. After that what remains to be seen is who
is at the helm of affairs. It seems that a tech savvy aggressive PM may give
this direction a thought rather than a puppet prime minister or worse still a ‘yuvraaj’
PM who might take one term to understand the problem.
Why I insist on governmental interference is because
this is one defence system that we will have to develop indigenously and not
buy from Russia or USA. And for a change we will be playing on a favourable
turf: the IT industry is poster boy of our growth story. We do not have dearth
of qualified engineers and we have space to experiment without drawing the irk
of communities, locals, castes or other democratic ills. Finally we have an
area where we can innovate and lead developing our resources and technology.
The Indian Inc. (as the growing Indian industries are
often referred) is usually more enterprising and pro-active. With many of top
Indian companies turning global they will face the same hacking risk as their
American counterparts and this may just give them the impetus to invest into
cyber security. While the country tackles other issues the companies can
actually use this as an opportunity to wall their cyber space and continuously
develop it. Many companies are of the view that anything within their firewall
is safe, but with hackers scaling new heights with impunity the companies will
be forced to change their binary view.
There are quite a few ethical hacking groups in India,
like the Indian Cyber Army aka Indishell, Team NUTS, Team Gray Hat, Lords of
Dharmaraja and the Indian Cyber Devils, that have reportedly been working to
safeguards India's cyber space. Many of them in their free time act as patriots
hacking in Pakistani and Chinese cyber space. The companies on the other hand
have the opportunity to develop algorithms and software’s required for security
concerns of tomorrow, all before government wakes up to regularise it. Many of
these developed system may form the blueprint of the regulations. What the IT
firms in India have at hand is potentially a billion dollar industry. With
cloud computing and state backed hacking they are the hotspots of tomorrow.
Investing in the security would make a wise decision for it can always be sold
to an ailing company to country.
The government on the other hand has a potential industry
that if effectively harnessed could be its strategic launch in the world giving
up on it. Better control the fire lest we are fighting with it both without and
within.
“If someone is
shooting on you the last thing you focus on is the calibre of the bullet”-
Gorge Kurtz.
No comments:
Post a Comment