International,  BRICS

What India can learn from Israel, EU, Singapore and US Cybersecurity Strategy?

India will develop its Cybersecurity Strategy in the year 2020. The Cybersecurity Strategy will enable India to be the leading nation in harnessing cyberspace as an engine of economic growth, social welfare and national security. Indian national cybersecurity strategy is first and foremost a means of realising the Indian cyber vision by keeping cyberspace safe, secure and resilient and by confronting the various cyber threats, in accordance with the country’s national interest. In addition, the strategy aims to ensure India’s role in the international arena, as a leader in technological innovation and as an active partner in the global process of shaping cyberspace. In this article, Sanjana Rathi presents in a brief analysis of the cybersecurity strategy of Israel, Singapore, EU and US & what India can take from them to develop its own National Cybersecurity Strategy.

Israel’s Cybersecurity Strategy

The National Cybersecurity Strategy of Israel is based on the three-layer model of operations:

1. First Layer: Aggregate Cyber Robustness: The Cyber robustness is the ability of organization and process to continue operating despite a routine of cyber threats by repelling and preventing most of the attacks. The National Cybersecurity Agency(NCSA) has an important role to play in Critical Infrastructure Regulation, Sectorial Security Guidance, National Knowledge Hub, Cybersecurity Market Regulation.

  • Regulation of the cybersecurity market (supply): Cyber professionals, Security products and services, Technological service.
  • Guidance for the Private sector (demand): Specific advice to critical infrastructures, Mandatory standards inessential areas, promoting knowledge and awareness through the private sectors.

2. Second Layer: Systemic Cyber Resilience: The second layer in the concept of operations is the systematic ability to confront cyber-attacks before, during, and after incidents, prevent them from spreading and reduce their cumulative damage to the nation. While the first layer is focused on lowering attacks a priori, regardless of any specific event, this layer is event-driven by definition. Systemic resilience can be achieved through state processes encouraging information sharing, generating and disseminating valuable information, and assisting organizations during cyber incidents.

The NCSA leads this effort in collaboration with the national CERT. Also, the national CERT works closely with the private sector, both directly and through sector-based cyber centers that operate within the CERT. The CERT strives to engage in global and local cooperation while supporting innovation and harnessing it for its goals

3. Third Layer: National Cyber Defense: A national-level campaign is required against severe threats by determined, resource-rich attackers who pose a danger to the nation. National defense campaigns incorporate defensive effort to contain such attacks and their ramifications together with active efforts to confront the sources of the threats. The functions of the NCSA here is to manage defensive campaign within the civilian sector, coordination between agencies, national situation assessment

The phenomena under the Capacity Building for Cyber: Advancing National Cyberspace Capabilities

It is a priority to strengthen Israel’s scientific and technological cyber capabilities and innovation processes. This includes two primary efforts:

1. Research, development, and implementation of national-level security capabilities and technologies, including secure and efficient information sharing platforms; solutions are supporting the state’s efforts to expose, investigate and contain cyberattacks; robust cyber processes; and centralized security services.

2. Strengthening the national science and technology (S&T) base in cyber: promoting industrial innovation, supporting academic research (including the establishment of six research centers in Israel’s leading universities), enhancing the nation’s human capital in the cyber field and fostering an ecosystem for mutual enrichment. This includes the unique CyberSpark project — a healthy and robust cybersecurity ecosystem consisting of Israeli startups, global companies, academia, and civilian and military cybersecurity centers — all within walking distance of one another.

Assessment & Policy Recommendation for India:

  • Israel is the size of Kerala. Therefore, this cybersecurity structure and strategy does well in Israel and cannot be directly applied to India.
  • However, the idea of the first layer of the three-layer model, especially critical infrastructure regulation, sectorial security guidance, national knowledge hub, cybersecurity market regulation must be applied at the national level cybersecurity strategy. Besides this, the ‘two main effort’ in ‘Capacity Building of Cyber’ must be adopted. Adoption of this will strengthen India’s scientific and technological cyber capabilities and innovation processes, enhancing the country’s human capital in the cyber and fostering an ecosystem for mutual enrichment.
  • India must also strive for the promotion and development of domestic cybersecurity products.

Singapore’s Cybersecurity Strategy

Singapore’s Cybersecurity Strategy focuses on creating a resilient and trusted cyber environment. The four pillars underpinning the strategy:

  1. Strengthen the resilience of Critical Information Infrastructures: This is done by mobilizing businesses and the community to make cyberspace safer by countering cyber threats, combating cybercrime, and protecting personal data. First, it enhances the CII Protection Programme to establish robust and systematic cyber risk management processes across all critical sectors. Second, improve sectors’ response and recovery plans to breachesMulti-sector cybersecurity exercises to test cooperation across multiple industries and address inter-dependencies during significant cyber-attacks. Expand and beef up national resources such as the National Cyber Incident Response Team (NCIRT) and the National Cyber Security Centre (NCSC). Next, introduce the Cybersecurity Act to give the Cyber Security Agency of Singapore (CSA) higher powers to secure the CIIs. Finally, as threats to government networks will continue to grow, expansion of efforts to ensure government systems and networks, to protect citizens’ and official data.
  2. Creating Safer Cyberspace: Cyber technology can enable and empower business and society, but only if it is safe and trustworthy. Safer cyberspace is the collective responsibility of the Government, companies, individuals, and the community. First, to effectively deal with the threat of cybercrime, the Government will implement the recently launched National Cybercrime Action Plan. Second, we will enhance Singapore’s standing as a trusted hub by fostering a trusted data ecosystem. We will work with global institutions, other governments, industry partners, and Internet Service Providers to quickly identify and reduce malicious trace on our Internet infrastructure. Finally, communities and business associations can play their part by fostering their members’ understanding of cybersecurity issues and promoting the adoption of good practices.
  3. Develop a vibrant cybersecurity Ecosystem: Similar to Israel’s Capacity Building effort
  4. Strengthening International Partnership: Respect sovereign boundaries, address the jurisdictional gaps that are exploited to the cyber-attackers’ advantage. Cyber-attacks disrupting one country can have severe spillover effects on other countries as our inter-dependencies have increased through trade and global financial markets. Championing cyber capacity building initiatives and facilitate exchanges on cyber norms and legislation. Through international consensus, agreement, and cooperation, make cyberspace a safer and more secure place for all.

Assessment & Policy Recommendation for India:

  • Singapore Cybersecurity Strategy has a strong business focus, with the industry best practices used in the government sector. If this has to apply to India, the cost of implementation will become high. Therefore, there must be a robust Public-Private Partnership in the implementation of the industry best practices.
  • Singapore’s focus on supply chain cybersecurity, security by design, promotion of cybersecurity culture, systemic cyber risk management, and awareness training model is mature. It must be integrated into the National Cybersecurity Strategy. Manufacturing, Textile, Transport, and Energy sector must adopt the best practices.
  • There must be multi-sector cybersecurity exercises/drills to test cooperation across multiple sectors and address inter-dependencies during significant cyber-attacks.

European Union’s Cybersecurity Strategy

The focus of the strategy of the European Union is to preserve open, free, and secure cyberspace and uphold the core values that Europe stands for. The emphasis on security, privacy, and supporting liberal values through cyberspace.

The Structure:

ENISA: European Network & Information Security Agency- Responsible for setting the cybersecurity policy

NIS: Network & Information Security

EEAS: European External Action Services ( diplomatic services)

Assessment & Policy Recommendation for India:

India must adopt a similar structure as that of the EU so that the state-level agencies can have their functioning authorities and report to the National Authorities as and when required. The decentralized structure will facilitate effective communication and efficient handling of cyber incidents. Moreover, the strategy can be adopted nation-wide if we acknowledge the presence of state-level authorize. This will also facilitate better information sharing, and the culture of competition to do better will motivate the state-level authorities.

United State’s Cybersecurity Strategy

The United States of America issued a revised Cybersecurity Strategy in September 2018. The four main pillars of the strategy are:

  1. Protecting the American People, Homeland Security, and the American way of life: This pillar involves a framework for cybersecurity, reducing cybercrime, and having a defense mechanism in place.
  2. Promoting American prosperity: The focus here is on building a robust digital economy, fostering and protecting US ingenuity, and developing a superior cybersecurity workforce. It also addresses the issues of cross border data flow and technology transfer.
  3. Preserve peace through strength: The pillar involves the development of cyber norms, responsible state behavior, and attribution and deterrence of unacceptable behavior in cyberspace
  4. Advancing American Influence: This pillar focuses on international American influence in the domain of cyber. It advocates strengthened cyber diplomacy and the building of global cyber capabilities.

Assessment & Policy Recommendation for India:

  • The United States has a significant focus on the development of international presence and influence in matters related to Cybersecurity. Indian Cybersecurity Strategy can also encompass the clause of developing a global presence and influencing cyber policies globally. India must be an active part of building norms and strengthen cyber diplomacy.
  • Strengthening the digital economy, cross border data transfer, and technology transfer must be addressed in the strategy.

About the Author

Sanjana Rathi is a student of Security & Diplomacy at Tel Aviv University, also working for Cyber Peace Foundation, an NGO in India in the domain of Technology and Policy. She has previously worked with international law-enforcement, think tank, academia, and the private sector in Singapore, Israel, UK and India. Her domain of expertise is in cybersecurity, technology, innovation and business development. She is a Computer Science Engineer and also holds an MSc. Degree in Digital Innovation from the London School of Economics. Besides that, she has a Diploma in Cyber Law and Forensics from National Law School of India University.

TheCyberDiplomat is a cybersecurity and publishing service that does everything related to cyber.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − fourteen =