During his fourth visit to the United States earlier this month, Prime Minister Narendra Modi held significant discussions on cyber security cooperation with President Barack Obama. These discussions resulted in the endorsement of a factsheet that should result in the signing of a framework for a cyber relationship in the next two months.
India and the US have engaged on cyber issues in the past as well; it started after the historic meeting between Prime Minister Atal Bihari Vajpayee and President George W. Bush in November 2001. However, engagement over the last decade and a half has been primarily confined to statements of intent and some exchange programmes. Momentum began to gather only after the Modi government took office in May 2014.
Although India’s announcement of the National Cyber Security Policy (NCSP) in May 2013 made the US enthusiastic, nothing actually moved forward. Rather, India’s posture on internet governance mechanisms stood in the way of active engagement. When India proposed a 50-nation committee on Internet Related Policies for the management of cyberspace issues at the 66th session of the UN General Assembly in October 2011, it was in direct opposition to a US-led effort aimed at fostering a multi-stakeholder approach.
Subsequently, the main focus between India and the US remained on how to bridge their divergent approaches. The Indian government was conscious of the realities of the fast emerging internet ecosystem and, therefore, the inherent impact of the internet economy was closely addressed by the Modi government. Based on the recommendations of a committee of three senior cabinet ministers, India finally announced its support for the multi-stakeholder model in August 2015.
Indian and US officials also met in Washington in August 2015 at the whole-of-government cyber dialogue to discuss enhanced cyber security information sharing, cyber incident management and cyber security cooperation in the context of ‘Make in India’. This meeting set the roadmap for further cooperation, which is being concluded via the framework that is to be signed.
Needless to say, India needs the US on many counts in order to build up an optimal cyberspace ecosystem, bolster cyber security across sectors and, most importantly, build critical infrastructure. The NCSP listed 14 broad points to build up India’s cyber ecosystem. But it remained almost entirely unimplemented until the Modi government created the office of the national cyber coordinator and appointed a person to that office in April 2015.
With the institutional framework in place, a roadmap with a budget has been made functional. But there is lot to be done in order to reach an acceptable level. It is here that the US can help with capacity building in the areas of research and dealing with incidents as well as their mitigation. Similarly, cooperation on the law enforcement front has to be much more open and prompt.
Internet governance and cyber security
The bigger role for the US will be to carry India to the high table of all internet governance initiatives and cyber security leadership. As the global community at various levels strives to find a globally acceptable working model for internet governance and cyber security, India has to be on the right side of things.
It was quite surprising that India was not included in the fourth Group of Governmental Experts (GGE) under the aegis of the UN, where 20 nations deliberated and laid out the ‘norms, rules and principles for the responsible behaviour of states’, after significantly contributing in the second and third GGE. Needless to say, keeping a nation with the second largest population of Internet users in the world out of such a forum does not help the cause of greater integration.
Both countries need to strategically shape the management of cyberspace infrastructure. As the US plans to transition the management of the Internet Corporation for Assigned Names and Numbers (ICANN) in the next few months to the global community, it will be logical for India to be seen as active in the new ecosystem.
As states, non-state actors and related vested interests up their game to destabilise the medium and push for its fragmentation, India and the US have to set the stage for more cohesive and open cyberspace engagement so that all tendencies for the Balkanisation of the internet are nullified.
Sooner than later, a decision will have to be taken on the applicability standards of international law to state conduct in cyberspace. As there is currently no clear global understanding in this regard, it will be imperative to harmonise and agree to a common threshold. Extensive engagement has to be fostered to set and implement voluntary norms of responsible state behaviour in peacetime, including those envisaged by the fourth GGE.
As both countries move towards enhanced defence cooperation, much of the technology in focus will have dual use and hinge heavily on cyber technology. Already, the Defence Technology and Trade Initiative enshrines co-development and co-production of equipment, both of which involve technology that should be more easily available to Indian entities where absorption capacity is in place.
The bilateral High Technology Cooperation Group should encompass more number of areas to facilitate greater Indian access to US technologies. At the same time, the right capacity building has to be initiated on the Indian side. If these two premises are indicators, the pace of progress has been slow and a smooth working relationship is yet to materialise. Clearly, India’s track record in maintaining the sanctity of critical technologies can guide this process.
So while the intent exists to forge a strong partnership on cyberspace issues, there is much groundwork to be done to actually build trust and move forward together. As the final touches are given to the framework, there is wider scope to focus on the strengths of this relationship and implement shared principles in a time-bound manner.
Both sides recognise the value of enhancing and further institutionalizing their broad-based cooperation on cyber issues, and in that respect, intend to complete a framework based on shared principles and intended forms of cooperation. The major shared principles of the India-US cyber relationship include:-
“A commitment to an open, interoperable, secure, and reliable cyberspace environment.” “A commitment to promote the Internet as an engine for innovation, economic growth, and trade and commerce.” Recognition of the importance of bilateral and international cooperation for combating cyber threats and promoting cyber security.”
“A commitment to promote international security and stability in cyberspace through a framework that recognizes the applicability of international law, in particular the UN Charter, to state conduct in cyberspace and
to be continue…..
the promotion of voluntary norms of responsible state behaviour in cyberspace.” “A commitment to the multi-stakeholder model of Internet governance that is transparent and accountable to its stakeholders, including governments, civil society and the private sector, and promotes cooperation among them.”
“A recognition of the importance of and a shared commitment to cooperate in capacity building in cyber security and cyber security research and development.” “Sharing information on a real time or near real time basis, when practical and consistent with existing bilateral arrangements, about malicious cyber security threats, attacks and activities, and establishing appropriate mechanisms to improve such information sharing.”
“Promoting cooperation in the fields of cyber security-related research and development, cyber security standards and security testing including accreditation process, and cyber security product development, including further consultations on such issues.” “Working to ensure shared understanding of technology access policy, including dual use technologies sought to be controlled by either country, including through such mechanisms as the bilateral High Technology Cooperation Group.”1
Once the framework for the India-US cyber relationship is signed in the next two months, it will not only give a major fillip to their bilateral cyber relationship but will also define the road map for future cooperation between the two countries.