A blueprint for cyber security in Digital India

Published: July 25, 2016 6:16 AM

Internet ubiquity and cyber security are two sides of the same coin. However the rising number of internet users in India that has crossed 400 million this year, has been accompanied by growing cyber crimes—culminating in a 19 times increase over the last ten years as per a report by IndiaSpend. In such a backdrop, the imperative for cyber security is never more than now.

cybers securityIn India, the ISO 28000-compliant supply chain security management system can identify and control security risks during the end-to-end process, that is, from incoming materials to deliveries to customers. (Reuters)

Internet ubiquity and cyber security are two sides of the same coin. However the rising number of internet users in India that has crossed 400 million this year, has been accompanied by growing cyber crimes—culminating in a 19 times increase over the last ten years as per a report by IndiaSpend. In such a backdrop, the imperative for cyber security is never more than now.

Moreover, the government’s ambitious programmes of Digital India and Make in India—have the potential for closer integration of the global supply chains with those in the country. A robust cyber security programme calls for securing the supply chains. The supply chain risk is particularly daunting, as often, it involves suppliers of hundreds of components operating in multiple countries. There are important lessons India can learn from the global community as it transitions to a more mature cyber economy in this complex digital journey.

Government as a facilitator

First, the government has a big role to play. It should be a facilitator in establishing integrated governance that will drive forward collaborative approaches to cyber security. For some years now, governments around the world— including the US—have been moving away from developing their own safety systems and products (GOTS—government off-the-shelf software), toward commercial products (COTS—commercial off-the-shelf software). Governments came to realise that in-house solutions customised to their needs were time-consuming and the costs prohibitive. Besides, they simply could not keep up with the pace of changing technology. So they looked to the private sector for answers.

But it was then that they realised that they were being exposed to supply chain and product integrity risk by shifting to commercial vendors. They had exposed themselves to additional risk because they could not easily determine the quality of the products, where the parts and components came from and who had access to them in a global supply chain.

This dilemma applies to India too as it moves up the global supply chain. There is therefore a need for independent evaluation and certification, a robust supply chain integrity framework and stronger legislation.

Integrated approach

Second, the global community is increasingly recognising the need for collaborating on principles, laws, standards and protocols. A recent European Union Agency for Network and Information Security (ENISA) report and the US-based National Institute for Standards and Technology supply chain cyber security framework noted the need for greater coordination in managing supply chain risks.

In India, the ISO 28000-compliant supply chain security management system can identify and control security risks during the end-to-end process, that is, from incoming materials to deliveries to customers.

Tainted products are the main threats to a supply chain. Here too, a robust traceability system should be established to prevent tainted and counterfeit products from entering the supply chain. Securing products in the “last mile,” taking stringent measures on regional warehouse, inbound inventory and outbound management and also selecting logistics service from a trusted logistics service provider and building product site inspection mechanism are some of the other key measures needed to improve the cyber security of a supply chain.

Finally, the top leadership in organisations must have an insight into risk management and effective programme implementation. But at the same time, they should not micro-manage risk, but “own” the risk management process and the results.

As India integrates more with the global community, companies will find cyber threats more daunting and real. There is another important factor which today has not been given its due value: a robust supply chain can be an important driver of profitability. In a global supply chain environment where no individual company holds any technology and where multiple countries are involved, a coordinated and collaborative approach is needed where industry, government and the technology provider must work hand-in-hand.

As India touches the quarter century milestone next month of the opening up of the country’s economy, accomplishing greater supply chain cyber security will be a key litmus test of India’s success and maturity in globalisation.

The writer is chief security officer, Huawei Telecommunications, India

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Switch to Hindi Edition