Not by fines alone

Posted on July 31, 2010 | View 595 | Comment : 1

Cyber security needs holistic action.

It is welcome that the government is waking up to the requirement of cyber security, the proposal to levy a fine on any telecom operator that installs any piece of equipment containing any malicious capability, the amount of the fine being equal to the value of the contract through which the equipment was procured.

It is expected that the telecom operator would incorporate clauses in their contract with the equipment vendor to pass on the cost of the fine to the supplier. This is welcome as a minimum deterrent.

But much more needs to be done to safeguard our data networks that today embrace all kinds of vital infrastructure in energy, commerce, transport, governance, education, healthcare and finance, making them more efficient at lower cost, but also exposing them to data theft, manipulation and potential takeover of control by hostile actors.

These hostile actors could be states, states within states, or non-state actors who are lent technological capability by state actors. We need a comprehensive strategy, laws, budgets, professional cadres and dispersed awareness to secure the safety of our communication networks. But while these are being put in place, we cannot hold up expansion of the telecom network.

Hence, the current proposal to levy fines for breach of ethical standards and to mandate submission of source codes and design of equipment installed in the network are welcome. Now, physical equipment by itself cannot create a network.

Several overlays of software reside over the physical network to enable communication. The feasibility of mandating that the hardware and the software overlay be unbundled and sourced from separate, unconnected companies from different countries needs to be examined, even if it raises network costs a bit.
The internet was not designed for safety, the designers aspiring for a global commons where malice had no role. Software is not written with security in mind.

Engineering courses do not train students to integrate cyber security into the basic design and coding of software. All this must change. That calls for coordinated action on multiple fronts, including legislation, setting up new institutions for coordination, public-private partnership and, why not, creating markets for systemic cyber security.

Post Comment


Comments (1)

  • Dear Sir
    It is very important step by the Govt. The communication is a vital component of any command & control structure. It is also well known , powerful nation do gather COMINT always of other nation.
    It would be prudent by all Mobile company to respect this for a national cause. The case as pointed by you " many layers of SW" is not correctly defined. The security concerns are to be first understood ....
    ...See More

    Posted by Mani Shankar Prasad,Head India Operations at NeoAccel Inc|02 Aug, 2010

User Picture Open the doors to organised retail Development of organised retail would be good for India, even if it is likely that the sector would .. Sumant Sinha Read full story
The Economy Times

About Us | Terms & Conditions | Contact Us

Copyright © PeerPower.com 2010. All rights reserved.

powered by PeerPower