Cyber security threats on rise, pvt sector needs to do more: Sandhu
Deputy National Security Adviser Nehchal Sandhu asked the private sector to actively participate and cooperate with the government in developing cyber security standards.
New Delhi: Deputy National Security Adviser Nehchal Sandhu Tuesday expressed serious concerns over growing threats to cyber security and said the private sector needs to do more to insulate itself against such threats and spread awareness among the public.
"We have a suspicion in government... Some corporate managements are relatively unaware of the need to ensure the cyber security. They do not yet understand what kind of damage can be caused to their business and commercial earnings...," he said at a summit on cyber security.
He also asked the private sector to actively participate and cooperate with the government in developing cyber security standards.
The detected cyber security incidents increased to 22,016 in 2012, which was some 70 percent more than the previous year. Four years ago, he said, the number was around 400.
He said the threats have mutated and now come in the form of small but highly dangerous malware. "Small malware which is slim, little bandwidth being used... It has high velocity and high spread. It does not register on your profile but still has high effect...," he said.
He maintained through the Joint Working Group, the government was looking forward to participation from the private sector on developing cyber security standards.
"Now that India has become an authorising nation under the CCRA regime, we now have the ability to further authorize testing laboratories. They are going to have a similar arrangement through PPSC, Bangalore and the private sector has an opportunity to establish testing laboratories for validation," Sandhu said at another event on similar topic.
He said that as per the national cyber security policy there are talks of creating 500,000 cyber security professionals in the next few years.
The private sector needs to avail this sort of business opportunity. Besides National Institute of Electronics and Information Technology, there are institutions like NIIT and Aptech which could get into of trainig cyber security professionals.
"We are in the process of initiating the processes of testing and certification of such cyber security professionals so that once they emerge from these institutions, they are good enough to assume duties at the practical level," Sandhu said.
Stressing how the private sector can further cooperate with the goverment, Sandhu said the Principal Scientific Advisor to the Prime Minister has been given sizable funds to promote R&D and there is sufficient scope within that scheme for private enterprises to present their projects and to partake the funds the government has made available.
Sandhu, however, said awareness about cyber security is something that is retained at the middle level of corporates. CEOs of companies do not necessarily have the kind of awareness in essentials of cyber security.
The former Intelligence Bureau Director rejected suggestions offered by some experts that recognising content is essential to deal with malware, saying they are not in consonace with Indian laws, which do not allow the "intrusion" unless a valid reason exists.
He said there is a real threat to cyber security and therefore "there is a need to recognise the threat for what it is and also to put in place a mechanism which will insulate us from the threat".
Cooperation across the border would be an essential prerequisite for preventing cyber attacks as different countries are being used as platforms to launch attacks, he said.
"International cooperation is a must if we want to investigate cyber security incidents and get to its root. Attribution has become a big problem. This is an area where there needs to be cooperation," Sandhu said.