National Security Policy Of India: Some Techno Legal Suggestions

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBNational Security is a very vast and complicated field to manage as it encompasses various facets of security. It includes traditional security of borders and infrastructure to Cyber Security of the Indian Infrastructure and Cyberspace. India has been lax on the front of National Security in general and Cyber Security in particular. The National Cyber Security Policy of India 2013 has been drafted recently and its actual and full implementation is still missing.

Further, various components of National Security are still operating in vacuum and independent of each other making the entire concept of National Security a façade. For instance, the Cyber Security Policy of India is still not a part of the National Security Policy of India. In fact, we have no National Security Policy of India that is presently implemented by Indian Government. The Cyber Security Policy of India must be an “Essential and Integral Part” of the National Security Policy of India.

DNA India has reported that the current UPA Government led by Prime Minister Manmohan Singh is set to unveil a draft of National Security Policy for public debate. The National Security Advisor Shiv Shankar Menon has already started working in this regard so that a well defined strategic policy framework can be adopted by the new Government after a public debate. It seems the intention is to make the National Security Policy of India operational after the 2014 Elections are over. This is logical as well as such crucial policies cannot be implemented at time of uncertainties. The National Security Council (NSC) has already proposed three pronged Cyber Security Action Plan for India.

The UPA Government has its own share of successes like securing Indian borders and avoiding any big threat from outside, getting the non-permanent member status of the UN Security Council, obtaining a permanent seat at the Arctic Council and a chair at G-8 negotiations, etc. So the “Failures and Achievements” of the present UPA Government are somewhat balanced in nature.

India already has a doctrine for its defence as well as strategic forces, both for conventional and sub-conventional wars. But the new doctrine will be over-arching, comprehensive and will incorporate elements of foreign and internal security policies.

Though the proposed draft of the Policy is still at the infancy stage yet it may act as a resource guide to deal with Indian National Security issues. The proposed Policy would look at all aspects of National Security including the Economic, Technological, Political, Cyber as well as Scientific. It would also streamline the Security Strategy and address the systemic lacunae in the absence of a clear and comprehensive policy.

A “Special Focus” upon Cyber Security is need of the hour. To start with a dedicated Cyber Security Law of India must be formulated. A robust and comprehensive Telecom Security Policy of India must also be immediately formulated. Further, Draconian and Disabling Laws like Information Technology Act, 2000 and Indian Telegraph Act, 1885 must be “Repealed” as soon as possible. Civil Liberties and National Security Requirements must be “Reconciled”. A dedicated Privacy Law of India must also be formulated immediately to strengthen Privacy Rights in India.

During the exposure of engagement of E-Surveillance by the National Security Agency (NSA) of U.S., James Clapper confirmed that NSA is targeting Foreign Citizens for Surveillance. This E-Surveillance is further “Combined” with Tactics and Techniques of Cyber Warfare, Cyber Espionage and Cyber Terrorism, etc. The traditional Cold War Era may be over but the Technology Assisted Cold War is still in vogue. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc have simply proved this point.

These Malware are not the tasks of a group or company but expert malware makers that are supported by Developed Nations. The United States has been accused of making these Malware in the past and it is also believed that U.S. is the biggest buyer of Malware in the World. U.S. has also been accused of using a combination of Radio Waves and Malware to spy upon other Countries. It is well known that Global Cyber Espionage Networks are being actively and covertly used to Spy on other Nations. This is evident from the fact that the Command and Control Servers of Malware FinFisher were also found in 36 Countries, including India.

These Malware used Cyber Attack Methods and Vectors that are far beyond the Capacity of Traditional Cyber Security Mechanisms to Trace and Prevent. This becomes a serious Cyber Security Issue when Critical ICT infrastructures are at stake. For instance, the critical Infrastructure Protection in India and its Problems, Challenges and Solutions (PDF) are still to be looked into with Great Priority by Indian Government. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India. Similarly, a Tri Service Cyber Command for Armed Forces of India is in Pipeline. Nevertheless, the Cyber Security Infrastructure of India is Weak and it must be improved as soon as possible.

Countries across the World have started to strengthen their Cyber Security Capabilities. While protecting their own Cyberspace domain, various Countries must understand that Cyber Security is an International Issue (PDF) and not a National one. Therefore, an International Cyber Security Treaty is Required (PDF). As far as India is concerned, the Cyber Warfare Policy of India (PDF) and E-Surveillance Policy of India (PDF) must be urgently drafted and implemented. Similarly, Self Defence and Privacy Protection in India must be ensured.

India’s own Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc are violative of Civil Liberties Protection in Cyberspace. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. The proposed National Security Policy of India must address this issue as well on a priority basis.