While both Smart Cities and Digital India will create new economic and social opportunities, they will also be creating an increasingly large attack surface for cyber criminals
When you talk to the visiting heads of the technology giants about the government’s ambitious Digital India and Smart Cities initiatives, usually the focus is around scale of the project, capacity to do it and eventually the conversation will move to the subject of cyber security. Nowadays security breaches are a regular feature. So much so that the insurance giant Aetna recently announced that it was going to approach cyber security as one more business risk that needs to be managed and insured in the same way that company manages fluctuating currency prices or the threats of lawsuits.
The integrated digital footprint created by Digital India and Smart Cities is likely to bring formidable and increasing demand on resources to defend against the multiplying threat levels and entry points. While both Smart Cities and Digital India will create new economic and social opportunities, they will also be creating an increasingly large attack surface for criminals to exploit as an initial foothold or vector into otherwise well-protected IT environments. The government initiative that seeks to transform the country into a connected economy can be successful only when security of the connected devices is assured.
The increasing synchronisation and interpretation of existing digital data and processes within government departments will require maximising security posture while keeping critical data flowing in such a daunting threat environment.
Despite all the cyber security risks, the movement towards Digital India is inevitable. The government and enterprises realise this and efforts are on for developing better systems for maintaining security while also taking advantage of the plethora of technological applications that have exploded during the last few years. The challenge is that presently, majority of government departments and e-governance projects are working in silos but this cannot be the case with Digital India, a R1.13-lakh crore initiative that seeks to transform the country into a connected economy, attract investment in manufacturing, improve citizen service delivery and create millions of jobs and support business.
“As Digital India and the concept of Smart Cities takes shape, security needs to be considered as integral part rather than an afterthought. Securing data at all the times, protection of citizen’s information at large and security of critical infrastructure need to be ensured through strict compliance with the security policy and using modern techniques, tools and processes,” Tarun Kaura, director—Technology Sales, India, Symantec, told FE.
So far, Digital India and Smart Cities initiatives have put spotlight back to India. Global CIOs and tech leaders are optimistic about the programme, in couple of years, they expect the country to embrace new generation technology. “There has been dramatic changes in India. Indian government and enterprises’ willingness to look into the challenge of cyber security has substantially increased,” said Stephen DuBravac, executive vice-president, Security Weaver.
Generally, across the globe, government and businesses have been reluctant to invest in security because they have too many other project to execute and security does not become the priority. But now there is shift; security is becoming more of high priority task as the growing trend of digitisation and using own devices is posing critical questions on how to manage security in the age of Digital India.
There is no clear answer, but it should not come as a surprise if we consider the views of someone like Bruce Schneier, the noted American cryptographer, who says, “Security is not a product, but a process.”