October 27, 2011
A new partnership in cyberspace
By William S Cohen and Harry D Raduege
Ensuring cybersecurity is beyond the capabilities of any one country. Collaborative efforts are the way ahead
The US and India are engaged in an unprecedented level of collaboration and joint innovation in cyberspace. As our two economies grow more intertwined in the information age, so do our vulnerabilities. Today, adversaries in cyberspace no longer have to reach one nation's shores to strike the other. They can strike computer networks in Hyderabad by penetrating those located in Houston, and vice versa. This means India's ability to fend off cyber attacks is critical to the US' economic and national security—just as the US' ability to protect our information networks is critical to India's security.
The threat to both our countries is growing. Last March, a foreign hacker stole 24,000 secret Pentagon files—one of the most damaging cyber attacks against the US to date. And according to India's Minister of State for Communication and Information Technology Sachin Pilot, 117 Indian government websites were hacked during the first six months of 2011 alone.
And dangers we face will only escalate and diversify in the period ahead. We already face the daily challenge of identity theft and cyber crime. According to the Norton Cybercrime Report, nearly 30 million people in India fell victim to cyber crime in 2010, resulting in direct financial losses of $4 billion. Our countries must also deal with increasing cyber-espionage, as foreign entities use the Internet to steal state secrets and intellectual property. We face a growing danger posed by viruses and malicious codes, such as the Stuxnet virus which affected networks in the US, India and other nations, in addition to Iran's nuclear programme. And we face the increasing danger of data manipulation, in which hackers sneak into our networks and falsify critical information by changing words or moving a few decimal points—with potentially disastrous economic results.
Perhaps the most worrisome threat over the horizon is cyber-terrorism. Both India and the US have experienced catastrophic terrorist attacks in recent years, and policymakers have rightly focused on preventing terrorists from obtaining weapons of mass destruction that could cause even greater damage. But terror networks could also cause unprecedented damage with "weapons of mass disruption" —using cyber attacks to disable our financial systems and other critical infrastructure—causing massive economic shocks and even loss of life. In recent years, we have seen non-state actors—such as the hacker collective "Anonymous"—launch denial of service attacks against private companies and institutions with a level of sophistication that was once reserved to nation states. If private hackers can develop such advanced cyber attack capabilities, it is only a matter of time before terrorists do as well.
India understands homeland security depends on cybersecurity. India is a founding member of the Cyber40—an EastWest Institute (EWI) grouping of the world's most digitally-advanced nations that are working together to build the legal, policy, and technical capacity to protect our digital infrastructure. And next year India will host the third EWI Worldwide Cybersecurity Summit in Delhi—bringing together the world's top cyber defence officials and business leaders to expand cooperation even further.
Everyone knows that their networks are vulnerable, but few want to acknowledge that their networks have been compromised. But the only way to protect our digital infrastructure is to share information about the threats we face, so we can collaborate on ways to defeat them. This summer, the US and India took an important step in this direction, when our nations signed a cybersecurity agreement to increase information sharing between our countries on cyber attacks. India has signed similar agreements with Japan and Korea, and is negotiating one with Finland. And the North Atlantic Treaty Organization recently announced its desire to work with India on cybersecurity. The more trusted relationships we build, the better we can protect against threats we face in cyberspace.
We also need to address the human capital crisis in cybersecurity. There are not enough cybersecurity experts to deal with the dramatic escalation of cyber threats. We need to encourage more young people in both our countries to make careers in cybersecurity. The University of Maryland University College recently became the first US institution of higher learning to establish degree programs in cybersecurity, with more than 3,000 students enrolled. We need to encourage other academic institutions in the US to do the same, and to partner with Indian academic institutions so we can educate a new generation of cybersecurity experts who can take on the hackers and cyber terrorists. India can also help train cybersecurity experts in other nations under threat, such as Estonia, where India just established a chair at Tallinn University for cyber studies this past month. India has a young, dynamic, technologically-literate population that—with the right training—can become part of the solution.
Securing cyberspace is a global challenge that cannot be solved by a single country acting alone. Our economies and our networks are increasingly intertwined—and increasingly vulnerable to the new threats of the information age. That means we need to work together to protect them. And the first step is recognizing that India's cybersecurity is the US' cybersecurity.
William S Cohen, a former US defence secretary, is currently chairman and chief executive officer of The Cohen Group, an international business advisory firm. Raduege, a retired US Air Force lieutenant general, was co-chairman of the Commission on Cyber Security for the 44th presidency. He is currently a senior counselor of The Cohen Group.