Credits: NEWS 18
Not just data localisation, India should have its own operating systems, software, networking equipment and cryptographic algorithms to secure itself from present-day threats of cyber warfare, said Lt. General (retired) Deependra Singh Hooda, the architect of the 2016 surgical strikes on terror camps across Line of Control.
General Hooda, who presented India’s National Security Strategy document to the Congress, said, “In India, we seem oblivious to the vulnerabilities that exist in our critical networks due to foreign hardware and software. This needs to be quickly reversed. The technological component of India’s digital sovereignty has to be a gradually planned adoption of software and hardware that is designed and manufactured by Indian private companies. The government should promote and support Indian companies through funding assistance and give them preference in the purchase of equipment for critical infrastructure.”
He suggested the indigenisation should start with the operating systems and software, microelectronics, networking equipment, cryptographic algorithms and navigation systems.
According to him, this is essential to thwart the threat of data being collected by a third agency for another country. At the moment, most apps, web services and pretty much most of the online traffic is stored on servers outside of India.
For example Facebook, the most popular social network in the world, despite all the controversies, gets a large portion of its user base from India.
According to research firm Statista, Facebook had as many as 294 million users in India — the most it has from any country, by far.
The United States is second with 204 million and Indonesia is third with 134 million. All this data is stored on servers in the US. Facebook has our usage data, browsing behaviour, a sketch of our habits, preference data, facial recognition tools and more — all collected on a daily, hourly and per minute basis.
The report said that though the Supreme Court had declared privacy as a fundamental right, as of now, there were no privacy laws governing the security of personal data.
Even data stored in India is not safe as owners of this data are the giant technology companies, mostly based in the US and not under our legal control.
In September 2017, it was reported that Google has quietly stopped challenging most search warrants from US judges in which the data requested is stored on overseas servers.
A 2017 study conducted by Symantec points out how alarming the situation is in the country as India ranked fourth in online security breaches, accounting for over 5% of global threat detections.
General Hooda said cyber-attacks conducted by an external state threatened national security and hence, we must realise that this threat could not be countered by intelligence agencies like the NTRO or by a Cyber Security Coordinator but the defence services should be the lead agency corresponding to cyber-attacks.
The report rued the fact that India was one of the few countries that still did not have a dedicated cyber component in its military. Though the setting up of a Defence Cyber Agency has been announced, it must be be upgraded to a cyber command with a clear mandate to conduct full-spectrum cyberspace operations, General Hooda wrote.
There has been much debate on data localisation in India. The report points at the dangers to our social fabric in the information age.
“It is well known that our laws can only be enforced in our territorial jurisdiction. These are the primary drivers that automatically point us towards adopting a data localisation policy. The enormous economic potential that can accrue by utilisation of this data gives an added impetus to adopt such a policy,” the retired general said.