A need for constant vigilance
A Arvind Gupta believes that we are at a stage where technology is far ahead of cyber laws and cyber norms. While the UN Group of Government Experts (UNGGE) has proved to be a useful platform to discuss these issues, the absence of “a broader representative platform where contentious issues can be hammered out and consensus arrived at” is absent.
“Unlike the other commons, namely the land, sea and space, wherein international law has grown immediately, cyberspace is still largely lawless. Sustained discussion by international experts is necessary to generate ideas on the way forward towards building a consensus on cyber-security issues,” contends Gupta.
India will, in fact, have to study the evolution of the idea of cyber deterrence. To build an effective cyber-deterrence capability would require robust networks “that can be defended, encouraging comprehensive R&D in the area of cyber-security and strengthening indigenous manufacturing of ICT products”.
Gupta maintains that there is a need to analyse the patterns of cyber-attacks against India so as to adopt suitable counter-measures, “including the capability to conduct cyber operations, if required”.
The country must internalise the “increasingly assertive cyber-security doctrines that are being adopted by other countries” as it works out its own cyber-security doctrines.
Holding that cyber-attacks cannot be seen in isolation, Gupta says that cyberspace today has close links to “other domains of warfare, namely, land, water, air and space” This implies “that cyber-attacks will not be seen merely as that.
The retaliation in non-cyber form, i.e., retaliation through non-cyber means, including possibly military means, cannot be ruled out. Cyber-attacks, as means of warfare, would only enlarge the battle domain. Cyber-warfare may induce states to opt for full-spectrum deterrence”. The book has been divided into two sections - International Perspectives on Cyber-security and Asian Perspectives on Cyber- security.
The book’s editors, Cherian Samuel and Munish Sharma (both with the IDSA), hold that as an economic and geopolitical organisation of eight countries, the South Asian Association for Regional Cooperation (Saarc) can play a pivotal role in capacity-building as well as coordinating cyber-security efforts of all the members facing non-traditional security threats, such as cyber-terrorism ad cyber-crime, from non-state actors to both their populace and businesses.
Nandkumar Saravade, a former IPS officer who has served as CEO of the Data Security Council of India, points to a rather grim scenario: India lacks the necessary structures and capabilities within the country to understand complex cyber-security issues, and the government has to build the necessary frameworks to engage in consultations with the key stake-holders and develop a position on key cyber-security issues.
Comparing the American and Chinese perspectives on cyber-security, Cuihong Cai, an Associate Professor of International Relations at the Center for American Studies at Shanghai’s Fudan University, contends that over-interpretation of cyber-security risks strengthens the threat cognition, which results in conflicts and control-oriented security practices. It further leads to trust-deficit and weakening of rules, resulting in the self-fulfilling prophecy of heightened cyber conflicts.In sum, this is definitely a “must have” volume.