Bi-national cyber security relations can be built on two fronts. On the first front, the two nations could agree on a comprehensive framework for future dialogue, which encourages the sharing of information on cybersecurity incidents and threats and exchange of best practices to foster innovation in cybersecurity. Another area of cooperation between the two governments is cyber security training.
India can look to Israel for cooperation by starting training courses in Indian universities and providing access to experts. Israel’s National Cyber Directorate (INCD), responsible for all aspects of cyber defense in the civil sector, provides another avenue of cooperation as Indian policymakers consider adopting a cyber command that will facilitate policy formulation and implementation in cyber security at the national level.
Another front is building business-to-business ties between the two countries. Nations can sign an agreement to create an R&D fund for joint innovation in cybersecurity and establish a working group to institutionalize the conversation. In addition to the multi-stakeholder approach in the Joint Statement, this bi-national cybersecurity relationship could be a potential subset for the proposed UN Cybercrime Convention.
Troll the Trojan
As a first step, corporates should conduct a vulnerability study to uncover all the top cyber-related vulnerabilities. This is being done by a commercial third party that simulates attacks that expose such vulnerabilities. Vulnerabilities should be prioritized and addressed based on their severity. Weaknesses should be addressed through ‘best of breed’ technical solutions and standard operating procedures should be adopted. At the IT level, most likely, all servers need to be isolated from third-party access until the attack is fully understood. At the public/industrial relations level, agreed statements must be established with investors, company management, company employees and customers.
The India-Israel Forum has addressed cybersecurity as one of its top priorities. Essentially, efforts are being made to create a ‘best of breed’ software suite made up of the best cyber solutions each country has to offer. Such consortia will approach MSMEs who typically do not have the resources to invest in proper cyber security and provide their services.
These days, the MSME segment, which has a collection of Personal Identifiable Information (PII), financial data and specific services, has become the focus of attackers. MSMEs are increasingly dependent on technology and have valuable data on customers, goods and services. Given the increasing sophistication of cyber attacks and the value of their data, small businesses may not realize the extent to which they need to deploy mature cyber security practices and tools.
Computer Emergency Response Team (CERT) initiatives that deal with cyber security incidents become essential for this sector. Part of the challenge is mass deployment with the right quality of service and at the right cost. Establishing a joint CERT is key to the success of a consortium like the India-Israel Forum. Providing an active ‘security as a service’ platform can be a strong way to protect any enterprise.
Security services initiated by CERT must be aware of sophisticated attacks, offer audit services, recommend best practices, and create deployment processes and roadmaps for the future. Once an attack occurs, the service should help the enterprise mitigate damage and build resilience. The service should, of course, cover the entire threat surface, from edge devices like laptops and mobiles, to storage and networks, to the cloud, covering data and systems.
Before becoming a cyber cipher
India values Israel’s cybersecurity expertise. An intergovernmental agreement to cooperate was first signed in 2017. A recent MoU signed by CERT with INCD for greater cooperation deepens operational cooperation to fight cybercrime. A team of experts from both the countries can be a guiding force in creating a world-class platform for MSME security.
Today ecosystems have become important. We are, indeed, stronger together as nations and businesses. Such bi-national cooperation will serve as a stepping stone for others to join, enabling nations to enjoy more improved cyber defenses.