Rediff.com« Back to articlePrint this article

The weapons of mass disruption

October 15, 2004 10:53 IST

Information security -- also known as cybersecurity -- is one of the keys to unlocking the full potential of the trade and technology relationship between the US and India.

All levels of society today -- from individuals, to companies, to governments -- rely on information technology and information networks in their daily lives to communicate, to manage activities, to transact business and to provide essential services to the public.

As commerce between the US and India continues to expand, consumers and corporations will seek to ensure that their personal information and business proprietary data are secure, and that information services are reliable and protected.

Without an adequate level of security, we run the risk of backlash among consumers and loss of confidence among business people, which could severely limit progress in our trade and technology relationship.

While the Information Age has brought innovation, economic growth and a higher quality of life, it has also spawned new and unique vulnerabilities.

Computer systems and networks create new avenues for malicious actors -- ranging from hackers and common criminals to foreign intelligence agencies and international terrorists -- who can do damage to all of us.

In an age when entire industry relies on IT, we are now vulnerable to cyber attacks and cyber terrorism.

In fact, while a cyber attack would not, of course, be considered a weapon of mass destruction, it can be thought of as a weapon of mass disruption.

One person with relatively little training, inexpensive equipment, and access to the Internet has the potential to disable an entire network or infrastructure. The financial and other costs related to such attacks are enormous.

The US welcomes India as a vital partner in addressing such global cybersecurity issues. Our two economies are becoming increasingly interconnected with the growth of computer software development in both countries as well as the growing trend in utilising IT-related services in each other's country.

According to the National Association of Software and Service Companies (Nasscom), India's IT sector generated $12.5 billion in exports during the past fiscal year. Many of these services are provided to US firms and consumers.

And the US clearly provides IT services to India. For instance, a significant portion of the $ 3.3 billion in US service exports to India in 2002 was related to services involving IT.

As these trends continue, the US and India must work together to ensure a secure environment for information exchanges, commercial transactions and software development.

In light of our growing interdependence in IT, President Bush and the then prime minister Atal Bihari Vajpayee agreed in November 2001 to establish the US-India Cyberterrorism Initiative.

Since that time, our two governments have worked closely to address cybersecurity issues. In April 2002, the two governments convened a meeting in New Delhi of the US-India Cybersecurity Forum, and discussed ways to better coordinate joint cybersecurity activities regarding standards, legal and law enforcement issues, defence and infrastructure protection.

Through this framework, the US seeks to work with India to develop appropriate standards for cybersecurity and to strengthen national laws and enforcement capabilities.

While we favour a regulatory approach that is not excessive or burdensome on legitimate businesses and consumers, we also believe it is important that national laws on cyber crime be harmonised, so that hackers and others do not move from country to country in search of lax enforcement and non-existent penalties.

For that reason, we believe that the Council of Europe's Convention on Cybercrime provides a useful model to follow, as it sets forth principles for strengthening national laws concerning cyber crimes and encouraging international cooperation on the investigation of such crimes. We urge India's adherence to the principles in this convention.

We also hope that our two governments can establish 24/7 watch and warning capabilities in order to help prevent and, if necessary, recover from incidents in which security is compromised.

We anticipate that these and other topics will be open for discussion when we host the next meeting of the US-India Cybersecurity Forum in November in Washington, D.C.

Governments, of course, can only do so much, because so many of our information systems and networks are owned and operated by the private sector.

Accordingly, the cornerstone of our national cybersecurity strategy as well as our cybersecurity initiatives with India, is an effective partnership with industry.

After all, industry is in the best position to identify threats and vulnerabilities, articulate the need for security and protection of assets, and share ideas and best practices for the development of cybersecurity technologies, policies and programmes.

I am confident that by bringing together representatives from government and industry in both countries to discuss best practices, we can increase our cooperation in fighting cyber crime and cyber terrorism, and ensure the security of our information infrastructure.

With the conclusion of Phase One of the Next Steps in Strategic Partnership initiative and our ongoing dialogue under the High Technology Cooperation Group, the US and India have charted a robust and unequivocal course of strategic partnership that will benefit both countries.

The private sector has an important role in translating these government initiatives into concrete joint activity at the business-to-business and people-to-people levels.

While government can create the appropriate environment for commercial activity, it is up to private businesses, organisations, and individuals in both countries to reach out and build relationships.

As part of this process, to reap the full benefit of the US-India trade and technology relationship, our governments and people must work as partners to secure the information networks, systems and infrastructures that drive the economic activity between our two countries.

Kenneth I Juster is US Under Secretary of Commerce. This article is excerpted from his keynote address at the India-US Information Security Summit.

Powered by

Kenneth I Juster