Cherian Samuel replies: Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” Communications networks are crucial to the connectivity of other critical infrastructure, viz. civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, communication, information technology, law enforcement, intelligence agencies, space, defence, and government networks. Therefore, threats can be both through the networks as well as to the networks.

Securing the networks is complicated by a number of factors. In the first instance, much of the hardware and software that make up the communications ecosystem is sourced externally; as a case in point, Chinese manufacturers such as Huawei and ZTE have supplied about 20 per cent of telecommunications equipment while Indian manufacturers have about 3 per cent of the market. As recent incidents have shown, foreign governments are not above taking advantage of the market penetration and dominance of their companies to infiltrate and compromise telecommunications networks. This is a potent combination of expertise and resources.

The task of securing the networks is also complicated by the fact that much of the infrastructure is in the hands of private companies who see measures such as security auditing and other regulations and frameworks as adding to their costs. The government in the National Telecom Policy of 2012 has set a target for domestic production of telecom equipment to meet the Indian telecom sector’s demand to the extent of 60 to 80 per cent by 2020. The Ministry of Communications and Information Technology has also repeatedly urged telecom companies to take note of vulnerabilities in their equipment and told them they would be held responsible and subject to penalties if the vulnerabilities are not addressed. A number of other measures, such as making local certification mandatory, have been announced, but there is a need for a more integrated and strategic approach to securing the networks since they are so crucial to the economic, social and political wellbeing of the country.

Shruti Pandalai replies: Social networking sites (or social media) and the challenges that it throws up in the space of cyber-warfare are indeed issues that have drawn the attention of security and law enforcement agencies in recent times. The mass exodus of a number of northeast Indians from many parts of India in the aftermath of the ethnic strife in Assam, triggered by a cyber hate campaign in 2012, was a major turning point (for more on this, refer to my comment, “Don’t Shoot the Messenger: The ‘Un-Social’ Strategy”, at http://www.idsa.in/idsacomments/DontShoottheMessengerTheUnSocialStrategy...). However, from a long term perspective, shooting the messenger may not be the most ideal solution. As technology grows, so will the challenges. In such a scenario, engaging with the medium and optimising its potential for our advantage is the way forward.

Social media analysis generated intelligence or SOCMINT is being developed as a successful model in many countries abroad to isolate hotspots or subjects that go viral and is used as a predictive tool. India too is looking at these models, but is still at the stage of experimentation, trial and error. The Mumbai Police has launched a project called “Social Media Lab”, the first of its kind in the country. The lab would monitor relevant information from Facebook, YouTube, Twitter, as well as all other open sources in the public domain. About 20 specially-trained officers are supposed to work in shifts.

We need many more such pilot projects across the country to develop a truly credible data base and this will require huge investments in terms of both infrastructure and human resource. We also need to work on network availability constraints, language barriers and, most importantly, organisational adaptability in terms of this new medium. There are also pressing questions regarding rights to privacy, misuse of data and loopholes in the legal regime that needs to be navigated.

This is still a work in progress, yet I believe engagement and not regulation is truly the way forward.