Technological progress has made cyberspace indispensable for human activities. The political, social, economic and security implications of cyberspace have led to strategic competition between major powers over the control of cyberspace, the US-China confrontation in cyberspace is a case in point. This zero-sum approach to cyberspace has huge ramifications for several countries in Asia, Africa and Latin America together referred to as the Global South. On one hand, the Global South is set to witness the fastest growth in the number of internet users; on the other hand, it remains most prone to cyber threats and vulnerabilities due to the lack of cyber capacity. India has recognised this predicament of the Global South in the cyberspace and has thus adopted an alternative approach based on active engagement and partnership with special focus on the Global South in cyberspace. The main pillar of India’s cyber approach is to advance the cyber capacity building in the countries of the Global South.
This issue brief will explore the emerging significance of cyberspace in international relations, the need for cyber capacity building especially in the Global South, India’s role in advancing cyber capacity building in the Global South and lastly the challenges faced by India to achieve the same.
Cyberspace in International Relations
Science and Technology has become the leitmotif of our times. The development of Information and Communications Technology (ICT), especially the advent of internet, gave birth to a new total human made space called cyberspace.Cyberspace is a space: (1) where people interact through the interconnection of global network of computers; (2) which is built on software layers; (3) which allows processing, manipulation, exploitation, augmentation of information; (4) which is supported by institutions and policy.[i] This cyberspace is becoming more complex everyday with the arrival of emerging technologies like quantum computing, artificial intelligence, machine learning, etc.[ii] Cyberspace has the potential to have transformative effect on human lives, as it allows us to connect (Ola, Uber), learn (edX), do business, create communities, and obtain essential services such as healthcare (Co-Win), or gain access to critical services.
Nonetheless, cyberspace has become increasingly vulnerable and conflictual with serious geopolitical implications. Cyberspace, which was once imagined to be an equal and empowering space, is witnessing growing use by state and non-state actors for malicious purposes.[iii] For instance, cyber espionage (Mint Sandstorm, Daggerfly, Bitter), viruses and malwares (red echo, colonial pipeline, NotPetya,WannaCry), denial-of-service and botnets attacks on government servers (Zhadnost DDOS), cyber-attacks on critical infrastructure, cyber warfare (Stuxnet, Estonian cyber-attacks in 2007, Ukrainian Cyber-attacks in 2014 & 2022), violation of people’s privacy (Pegasus, Cambridge Analytica), etc. These cyber incidents are leading to new power asymmetries, development of offensive cyber capabilities by states, and conflicting narratives between liberal states and authoritarian states.
In international politics, cyberspace has transcended to an issue area of high politics. Beginning in the 1990’s, the publication of the John Arquilla and David Ronfeldt paper “Cyberwar is Coming” highlighted the need to control the cyberspace to win wars and made it an issue area of national security.[iv] It has now become an area of contestation where major powers like US, China and Russia want to shape cyberspace according to their respective national interest and thus dominate cyberspace. Since 2000 onwards, states increasingly started adopting cybersecurity strategies and policies to attend to growing cyber threats and vulnerabilities emanating from states and non-state actors in the cyberspace. The cases in point being the US’ 2003 National Strategy to secure cyberspace, the Russian Information Security Doctrine of 2000, India’s IT Act of 2000 and the 2006 Chinese National Informatisation Plan, etc. At the United Nations in 2004, the Group of Governmental Experts (GGE) was formed to facilitate responsible state behaviour in cyberspace with respect to international security and the 2012-2013 GGE laid down capacity building as one of the major elements for securing cyberspace. [v]
While major powers have developed cyber policies and strategies to cater to their respective national interests the countries in the Global South still lack the technical, institutional and policy capability, i.e. cyber capacity to tackle malicious cyber events.[vi]According to International Telecommunication Union’s (ITU) Global Cybersecurity Index, 2020, there are 23 countries in Africa and 14 countries in Americas which do not have Computer Emergency Response Teams (CERTs) vis-à-vis only 5 countries in Europe.[vii] Further, in South East Asia, Cambodia, Lao PDR, Brunei and Myanmar still lack a dedicated cyber strategy or cyber policy.[viii] Figure 1below indicates countries which tend to perform low in the Global Cybersecurity Index are mostly least developed and developing countries with a large chunk of their population unconnected and they need support to develop cyber capacity to respond to the cyber threats.[ix]
Figure 1 Source: Global Cybersecurity Index, ITU World Telecommunication /ICT Indicators
India is responding to this cyber divide through its inclusive partnership with the Global South in the digital sphere.
Cyber Capacity Building and India’s approach
Cyber capacity building is a relatively new concept which emerged in the mid-2000 as a means for countries and organisations to assist each other, across borders to enable a secure, safe and open use of cyberspace.[x] Cyber capacity building of a country rests on three pillars i.e. (1) a strong institutional set-up, (2) technical knowhow, and (3) policy capabilities. It enhances the State’s ability to detect, investigate, and respond to cyber threats.[xi]
As the Asian and African region is set to witness the fastest expansion of digital connectivity, this region is, therefore, in need of utmost cybersecurity through cyber capacity building and India has understood this complex reality of cyberspace to focus on cyber capacity building. India’s aim is not to dominate and control, rather it aims to be a partner of the Global South in its cyber capacity building.
Since the introduction of internet in 1995, India is rapidly digitising, ranking only second with 692 million internet users.[xii] This digitisation has led to a steadily growing cyberspace. India is rapidly moving on the path of a cyber revolution powered by a young demography, internet expansion, exponential data generator, and, most importantly, the government is emphasising on digitisation through its flagship Digital India program. India is not only utilizing and making use of these opportunities emerging from the cyberspace, but amidst the growing cyber threats and vulnerabilities, it is also creating an effective cyber ecosystem with major focus on cyber capacity building.
The Indian cyber capacity is made up of the policy, institutional and technical aspects. India’s IT Act (2000) regulates the use of computers, computer networks, data and information in electronic format.[xiii] In 2013, India came up with a dedicated National Cyber Security Policy to build a secure and resilient cyberspace for citizens, businesses and Government. In its National Cyber Security Policy 2013, India’s goal includes the development of bilateral and multilateral cyber security relationships with a major emphasis on cyber capacity building.[xiv]Also, India is on its way to develop a new cyber security policy[xv] and national cybersecurity strategy which will be in tune with contemporary realities of cyberspace. India’s policy framework is supported by the institutional and organisational setup in the form of various government stakeholders spread across various ministries such as Ministry of Electronics and Information Technology (MeitY), Ministry of Home Affairs, Ministry of External Affairs, Department of Telecommunications, National Security Council, etc.The Computer Emergency Response Team (CERT-In)[xvi], the Cyber Swachhta Kendra[xvii], Cyber Surakshit Bharat Initiative[xviii], the Cyber Crime Coordination Centre (I4C) and the National Critical Information Infrastructure Protection Centre (NCIIPC)[xix], etc., make up the comprehensive technical aspect of Indian cyber capacity. Also, India is engaging bilaterally and multilaterally with the countries of the Global North to develop it’s own cyber capacity (India-US i-CET, India-Japan Cyber Dialogue, India-EU cyber dialogue, Quad cyber security partnership etc.).
India’s Bilateral and Multilateral engagement in the Global South and the shaping of global cyberspace discourse
India has been building cyber capacity in Global South through conducting dialogues, carrying out technical training to develop human resource and skills, signing of Memorandums of Understanding (MOU’s), opening training centers, exchanging indigenous technologies such as India stack and UPI etc. In 2021, India has conducted many cyber dialogues and has signed 34 active MoUs centered on cybersecurity and ICT with various countries.[xx]
India is making comprehensive efforts in cyber capacity building at the multilateral level. Through the Indian Technical and Economic Cooperation (ITEC) programme, India is providing cybersecurity training which focuses on South-South Cooperation and comprises of capacity building partnership in about 160 partner countries of Africa, Asia, and Latin America, the Caribbean as well as Pacific and small island countries.[xxi] India is also sharing its indigenous technology e.g. UPI and India Stack (a collection of open APIs and digital public goods that aim to facilitate identity, data, and payment services on a large scale). The UPI has been accepted in Singapore, Sri Lanka etc. India and Trinidad and Tobago have signed a Memorandum of Understanding (MoUs) on sharing the India Stack.[xxii] Since June 2023, India has already signed MoUs with countries namely, Sierra Leone, Suriname, Armenia and Antigua and Barbuda to share India Stack.[xxiii]
Besides in South Asia and Bay of Bengal region, India has proactively integrated cybersecurity in the agenda of the Bay of Bengal Initiative for Multisectoral Technical and Economic Cooperation (BIMSTEC). In the seventh round (June 2022) of the India-Bangladesh Joint Consultative Commission (JCC) new areas of cooperation such as cybersecurity, artificial intelligence, etc, were discussed.[xxiv] India’s CERT-In hosted the ‘India-ASEAN Cyber Threat Hunting’ webinar in 2022.[xxv] For this webinar India received positive feedback. Also in 2019 India initiated a Track 1.5 on Cyber Dialogue which aims to promote India’s interactions with ASEAN on cyber issues and digital connectivity. Very recently, India-ASEAN Digital work plan 2022 was approved which aims to co-operate through capacity building and knowledge-sharing in emerging technologies and applications such as 5G, cyber forensics etc.[xxvi] In addition to this, India in association with CERT-In hosted ‘IBSA Cyber Threat Hunting’ webinar in 2022. In 2021, India organised a workshop on Digital Forensic for BRICS countries as well. In Africa, through it’s Pan-Africa e-network, India has set-up a fiber optic network to provide satellite connectivity, tele-medicine and tele-education to countries of Africa.
Apart from regional engagements in South East Asia, Africa and West Asia, India is engaging bilaterally as well. India has signed an MOU on cooperation in cybersecurity with countries like Vietnam and is sharing its technical expertise through cyber training e.g., Thai officers were trained in cybercrime by CBI in 2016. Further, India has opened Centres of Excellence in Software Development and Training in Cambodia, Lao PDR, Myanmar and Vietnam. Under its Quick Impact projects (QIP), India has helped Cambodia build capacity in digital public services implementation, cyber security for government agencies and the child online risks awareness campaigns.[xxvii] Indian Computer Emergency Response Team (CERT-In) in collaboration with Cyber Security Agency of Singapore (CSA) successfully designed and conducted the Cyber Security Exercise “Synergy” for 13 Countries done under the International Counter Ransomware Initiative- Resilience Working Group which is led by India.[xxviii]
In Africa, Memorandum of Cooperation (MoC) on ‘Cyber Security’ was signed between CERT-In and Nigerian-CERT for sharing information and expertise in cyber security. The first India-Egypt Cyber Dialogue was held in New Delhi in 2016.Under its first ITEC-Onsite assignment (2018-19), a team of experts went to Sierra Leone for Cyber Crime training. A group of 22 senior Tunisian administrators underwent a specially tailored training programme on e-governance and cyber-security at Indian Institute of Public Administration, New Delhi in 2019.[xxix]
In West Asia, India is aiming to develop technical cooperation with UAE in cyberspace. In 2022, a 20-member Iraqi IT team from Prime Minister’s office underwent cyber security training in India.[xxx]
Conclusion
In the interconnected cyberspace, it is difficult to remain insulated from cyber threats and vulnerabilities. State and non-state actors are both the victims as well as perpetrators in cyberspace. In cyberspace where one stands depends on where one sits, thus US and China are at the helm of cyberspace dominance and both are trying to outrun one another to become a cyber hegemon. India is providing an alternate vision and perspective to this zero-sum game in cyberspace and, thus, is focusing on partnerships in the Global South through cyber capacity building. However, it still has it’s own set of challenges, the case in point being the urgent need for India to upgrade it’s National Cybersecurity policy 2013 to meet the complex cyber threats and vulnerabilities. It’s time for India to address the challenges to continue being an efficient and reliable partner to the Global South in the cyberspace.
*****
*Anubha Gupta, Research Associate, Indian Council of World Affairs, New Delhi.
Disclaimer: Views expressed are personal.
Endnotes
[i]Nazli Choucri and David D. Clark, International Relations in the Cyberage: The Co-Evolution Dilemma (The MIT Press, 2019). Available at https://mitpress.mit.edu/9780262038911/international-relations-in-the-cyber-age/#:~:text=International%20Relations%20in%20the%20Cyber%20Age%20astutely%20recasts%20that%20unilateral,between%20international%20relations%20and%20cyberspace.%22 (Accessed on September 18, 2023)
[ii]Ibid
[iii]“Cybersecurity”, Geneva Internet Platform. Available at https://dig.watch/topics/cybersecurity?nowprocket=1. (Accessed on September 20, 2023)
[iv]David Ronfeldt and John Arquilla, “Cyberwar is Coming,”RAND Corporation, January 1, 1997. Available at https://www.rand.org/pubs/reprints/RP223.html (Accessed on 24 September 2023)
[v]“Developments in the field of information and telecommunications in the context of international security”, UN Doc A/68/98. Available at https://digitallibrary.un.org/record/753055?ln=en. (Accessed on September 20, 2023)
[vi]Jorge Heine, “the Global South is on the rise – but what exactly is the Global South?”The Conversation, July 3, 2023. Available at https://theconversation.com/the-global-south-is-on-the-rise-but-what-exactly-is-the-global-south-207959. (Accessed on 25th September 2023)
[vii]“Global Cybersecurity Index 2020,” International Telecommunication Union, 2023. Available at https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf. (Accessed on 27th September 2023)
[viii]Trisha Ray, “An ASEAN-India Cybersecurity Partnership for Peace, Progress, and Prosperity: Report of the Third ASEAN-India Track 1.5 Dialogue on Cyber Issues,”ORF, April 2022. Available at https://www.orfonline.org/research/asean-india-cybersecurity-partnership-for-peace-progress-and-prosperity/ (Accessed on 26th September 2023)
[ix]Ibid
[x]Robert Collett, “Understanding cybersecurity capacity building and its relationship to norms and confidence building measures,” Journal of Cyber Policy, vol. 6, no. 3 (2021), pp. 298-317. Available at https://doi.org/10.1080/23738871.2021.1948582. (Accessed on 27th September 2023)
[xi]Irene Poetranto, Justin Lau and Josh Gold, “Look South: challenges and opportunities for the ‘rules of the road’ for cyberspace in ASEAN and AU,” Journal of Cyber Policy, 6(3) (2021), pp. 318-339. Available at https://doi.org/10.1080/23738871.2021.2011937 (Accessed on 27th September 2023).
[xii]Tanushree Basuroy, Statista, July 18, 2023. Available At https://www.statista.com/statistics/255146/number-of-internet-users-in-india/. (Accessed on 29th September 2023).
[xiii]IT Act 2000, Government of India, June 9 2000, Available at https://eprocure.gov.in/cppp/rulesandprocs/kbadqkdlcswfjdelrquehwuxcfmijmuixngudufgbuubgubfugbububjxcgfvsbdihbgfGhdfgFHytyhRtMjk4NzY= (Accessed on 29th September 2023).
[xiv]National Cyber Security Policy, Ministry of Electronics, and Information Technology, 2013, Available at https://www.meity.gov.in/writereaddata/files/downloads/National_cyber_security_policy-2013%281%29.pdf (Accessed on 29th September 2023).
[xv]Elizabeth Roche, “PM Modi says India to have new cyber security policy soon,” Livemint, August 15, 2020, Available at https://www.livemint.com/news/india/pm-modi-says-india-to-soon-have-cyber-security-policy-11597461750194.html (Accessed on 29th September 2023).
[xvi]Anil K. Antony, “Cyberattacks are rising, but there is an ideal patch,”The Hindu, February 25, 2023. Available at https://www.thehindu.com/opinion/op-ed/cyberattacks-are-rising-but-there-is-an-ideal-patch/article66550210.ece (Accessed on 30th September, 2023). CERT-In collects analyses and disseminates information on cyber incidents, and also issues alert on cybersecurity incidents
[xvii]It helps internet users to clean their computers and devices by clearing out viruses and malware.
[xviii]It helps to spread awareness about cybercrime and building cyber capacity.
[xix] It was created for the protection and resilience of critical information infrastructure.
[xx] [xx]“Annual Report,”Ministry of External Affairs, 2021-2022, Available at https://www.mea.gov.in/Uploads/PublicationDocs/34894_MEA_Annual_Report_English.pdf (Accessed on 30th September 2023).
[xxi] International Training under ITEC Scheme of MEA, Centre for Development of Advance Computing, Available at https://www.cdac.in/index.aspx?id=print_page&print=edu_et_E_IPC_DACMohali. (Accessed on 30th September 2023).
[xxii] “India Stack goes Global,” Press Information Bureau of India, August 17, 2023. Available at https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1949830 (Accessed on 1st October 2023).
[xxiii]Ibid.
[xxiv]“7th Round of India-Bangladesh Joint Consultative Commission,” Cyber Digest, MP-IDSA, July 2022, Available at https://www.idsa.in/system/files/page/2015/Cyber_Digest_July_2022.pdf (Accessed on 30th September 2023).
[xxv] “Annual Report,” Ministry of External Affairs, 2022, Available at https://www.mea.gov.in/Uploads/PublicationDocs/36286_MEA_Annual_Report_2022_English_web.pdf (Accessed on 1st October 2023)
[xxvi] “India-ASEAN Digital Work Plan 2022 approved at 2nd ASEAN Digital Ministers (ADGMIN) meeting,” Press Information Bureau of India, January 29, 2022. Available at https://pib.gov.in/newsite/PrintRelease.aspx?relid=231114 (Accessed on 1st October 2023).
[xxvii]“Quick Impact Projects,” Mekong-Ganga Cooperation, September 4, 2012. Available at https://mgc.gov.in/qip (Accessed on 2nd October 2023)
[xxviii]“CERT-In hosts Cyber Security Exercise “Synergy” for 13 countries as part of International Counter Ransomware Initiative- Resilience Working Group,” Ministry of Electronics and IT, August 31, 2022. Available at https://pib.gov.in/PressReleasePage.aspx?PRID=1855771 (Accessed on 2nd October, 2023).
[xxix]“Annual Report,”Ministry of External Affairs, 2019-2020. Available at https://www.mea.gov.in/Uploads/PublicationDocs/32489_AR_Spread_2020_new.pdf (Accessed on 2nd October, 2023).
[xxx]“Annual Report,”Ministry of External Affairs, 2020-2021. Available at https://www.mea.gov.in/Uploads/PublicationDocs/33569_MEA_annual_Report.pdf (Accessed on 2nd October 2023)