On September 23, members of the Quad released a joint statement addressing the global threat of ransomware. It emphasised the role played by nation states in taking reasonable steps to address ransomware operations emanating from within their territories. A bi-national cyber partnership can be critical for India to meet its immediate goals of securing its cyber infrastructure and expanding opportunities for the country’s tech sector.
A bi-national cybersecurity relationship could be built on two fronts. On the first front, the two nations could agree on a broad framework for future dialogue, one that encourages the exchange of information on cybersecurity incidents and threats, and sharing of best practices to promote innovation in cybersecurity. Another area of cooperation between the two governments lies in cybersecurity training.
India can look to Israel for cooperation by introducing training courses in Indian universities and providing access to experts. The Israel National Cyber Directorate (INCD), responsible for all aspects of cyber defence in the civilian sphere, provides another avenue of cooperation as Indian policymakers look to adopt a Cyber Command that would streamline policy formulation and implementation in cybersecurity at the national level.
The second front lies in building business-to-business relationships between the two countries. Nations could sign an agreement to create an R&D fund for joint innovation in cybersecurity and set up a working group to institutionalise conversations. Apart from the multi-stakeholder approach in the joint statement, this bi-national cybersecurity relationship could potentially be a subset for the proposed UN cybercrime convention.
Troll the Trojans
As a first step, corporates must conduct a vulnerability study to expose all top cyber-related weaknesses. This is being done by a professional third party that simulates attacks exposing such weaknesses. The vulnerabilities should be prioritised and addressed based on their criticalities. The weaknesses should be addressed via ‘best of breed’ technical solutions and standard operating procedures need to be adopted. At the IT level, most likely, all servers need to be isolated from third-party access till the attack is fully understood. At the public/industrial relations level, agreed-upon statements need to be established, if any, with investors, company management, company employees and customers.
The India-Israel Forum has put cybersecurity as one of its top priorities to address. At the core, attempts are being made to build a ‘best of breed’ software suite made of the best cyber solutions each country has to offer. Such consortiums would approach MSMEs that typically do not have the resources to invest in proper cybersecurity and provide its services.
Nowadays, the MSME segment with its hoard of personal identifiable information (PII), financial data and niche services has come under the focus of attackers. MSMEs are increasingly dependent on technology, and often have valuable data on customers, goods and services. Small businesses are often not aware of the extent to which they need to deploy mature cybersecurity practices and tools, given the growing sophistication of cyberattacks, and the value of their data.
This is where the initiatives of a Computer Emergency Response Team (CERT) that handles cybersecurity incidents become essential for this sector. Deployment at scale, with the right quality of service and at the right price points, is part of this challenge. The key for consortiums such as the India-Israel Forum to be successful is to establish a joint CERT . Providing a proactive security as a service’ platform can be a robust way of defending any enterprise.
Security services via a CERT must begin with an awareness of the latest types of attacks, offer audit services, recommend best practices and create deployment processes and roadmaps for the future. Once an attack has taken place, the service must help the enterprise mitigate damage and build resilience. The service must, of course, cover the entire threat surface beginning from edge devices such as laptops and mobiles, across storage and networks, to the cloud, covering data and systems.
Before Cyber Turns Cipher
India values Israel’s cybersecurity expertise. A governmental agreement to collaborate was first signed in 2017. A recent MoU signed by CERT with INCD for greater cooperation deepens operational collaboration to fight cybercrime. A team of experts from both nations can be a guiding force in creating a world-class platform for MSME security.
Today, ecosystems have become important. We are, indeed, stronger together, as nations and as businesses. Such bi-national collaboration would hopefully serve as a footprint for others to join, enabling nations to enjoy much improved cyber protection.