“[The] combined strength of cyber security experts in all organisations in the government domain is 556, which is grossly inadequate to handle cyber security activities.” – India’s National Security Council Secretariat
India’s agreement with Japan to cooperate on cybersecurity at the recent “2+2” of Secretaries of Defence and External Affairs of each country has a distinctly strategic and military connotation. The move represents a deepening of India’s strategic engagement with the global network of the alliance of democracies with the United States at the core. More specifically, it brings India a step closer to joining the inner circle of that alliance that is involved in signals intelligence and joint cyber defense of a military character.
At the EastWest Institute’s Second Worldwide Cybersecurity Summit in London in 2011, Deputy National Security Adviser, Dr. Latha Reddy, declared that India wanted to become a member of the community of trusted nations in cyberspace. Some in London believe she meant by this the global intelligence alliance based on a small club of English speaking democracies who have been close intelligence allies since World War II (USA, UK, Canada, Australia and New Zealand). The intelligence alliance is now much bigger in practical terms and includes other countries (such as Japan, South Korea, Israel or Taiwan) according to the military problem. If this is the direction that India is heading, then such a development would only be a positive one for global cyber stability.
China will be watching this closely. The moves do not involve hostile intent toward China, but they demonstrate the increasing power of the alliance of cyber democracies in a situation of growing mistrust of China, caused by events in the cyber domain inside China and by its steadily accumulating military power. Although a cyber alliance for military operations is far more complex than for conventional operations, China is already heavily outgunned in cyberspace by the combined power of key members of the alliance of democracies. Little detail is available yet on what path the cybersecurity cooperation between India and Japan will take, as it will be discussed at a meeting on 5 November. But the scope of India’s existing or planned defense cooperation with Japan gives some hints.
This cooperation involves: strategic consultations on freedom of the seas, cooperation in anti-piracy operations, peacekeeping consultations, planning for a trilateral exercise with the United States, staff talks between the ground forces, staff exchanges between air forces and navies, planned mutual visits of vessels and aircraft, and a bilateral naval exercise. Indian cooperation with Japan on military strategic aspects of cybersecurity will relate mostly to protecting common security interests – keeping cyberspace open for business and maintaining international confidence in it.
The United States and Japan have conducted joint cyber exercises at the civilian level, involving the Computer Emergency Response Teams (CERTs) of the two countries and this may be one path that cyber cooperation between India and Japan takes. The agreement on cybersecurity with Japan is very much in line with the quickening pace of Indian policy development in this area, represented most recently by the release on 15 October of the “Recommendations of Joint Working Group on Engagement with Private Sector on Cyber Security,” which included references to increased international efforts by India to enhance its national cybersecurity.
This report made plain that cybersecurity for India cannot be delivered by the government alone, but that an active and robust alliance with the private sector is essential. What the paper did not say explicitly, but which is fundamentally true for all countries, is that cybersecurity depends on a global network of private sector actors working together, not just nationally branded companies. So national security in the information age is a responsibility now shared with non-national corporations. This inevitably means that in spite of India’s traditions of non-alignment and independent action, the realities of cyberspace are pushing it in a new direction of alliance building and dependence on others for its basic security.