Enforcement agencies should build “lawful capabilities to monitor electronic communication”
A national centre for research in encryption and cryptanalysis should be set up to meet cyber-security requirements and build interception capabilities “without hindering economic growth,” says a report prepared by the National Association of Software and Services Companies (Nasscom) and Data Security Council of India (DSCI).
Emphasising that law enforcement and intelligence agencies need to build “lawful interception capabilities to monitor electronic communication, including encrypted communication, in real time,” the report notes that “encrypted communication is a must for [the] economic growth as it fosters trust in electronic transactions, including e-commerce, e-governance, online banking, etc.”
The report says lawful interception is a “genuine national security requirement owing to the increased usage of technology by criminals and terrorists” and law enforcement and intelligence agencies should build capabilities in cryptanalysis and encryption.
The recommendation assumes significance in the context of the government's persistent demand that service providers facilitate the monitoring and interception of communication on Internet, including encrypted services, and the difficulties the authorities were facing in finding ways of intercepting some of them.
The report, ‘Securing our cyber frontiers,' suggests the appointment of a “fully empowered” national head for cyber security, backed by a “National Structure” that lays down the roles and responsibilities of both public and private sector stakeholders, to enhance the nation's capability to meet cyberspace threats.
The Nasscom and the DSCI had constituted a cyber security advisory group to make recommendations on public-private capacity-building and policymaking in cyber-security. Among the other key recommendations of the report of this group, released recently by Union Home Minister P. Chidambaram, are the establishment of a Centre of Excellence for Best Practices in Cyber Security, Centre of Excellence for Cyber Security Research and a Cyber Command within the defence forces, besides the creation of a National Threat Intelligence Centre.
The National Threat Intelligence Centre could be “established within” CERT-in (Indian Computer Emergency Response Team), now the nodal government agency keeping tabs on cyber threats and suggests appropriate responses at the technical level.
As part of the efforts at addressing the shortage of cyber-security manpower, a ‘competency framework' should be implemented to assesses security skill requirements, identify shortfalls, define competencies and frame strategies for building capacities in various areas.
An inventory of critical information infrastructure in the country should be drawn up and maintained to help handle cyber attacks and facilitate the adoption of better protection measures.
The report suggests the creation of a national knowledge repository on cyber-security in the form of a Centre of Excellence for Best Practices in Cyber Security. The centre could institutionalise the development, sharing, collation, distribution and implementation of best practices, including those pertaining to specific sectors, technologies and disciplines.
Law enforcement agencies and industry should invest in the setting up of training centres to build capabilities for investigating and dealing with cyber crime. The Nasscom and the DSCI have established such facilities with the government's help in eight major cities through the Cyber Labs programme, but such initiatives need to be augmented.
The defence forces should have a Cyber Command equipped with defensive and offensive weapons as well as capabilities in cyber espionage. They should have manpower trained in cyber warfare, the report notes.