Data pilferage is a big issue in the cyber world; to contain it, a composite approach with technical and political acumen is called for
Data is the new oil. If refined like oil, it can be put to various uses. A valuable resource then that will and is already deciding the fate of individuals, organizations, corporates, and even countries. But till it is in the right hands it is innocuous and an asset but the moment miscreants get access to it, data becomes one of the biggest nightmares. Imagine an oil rig at the fire that becomes uncontrollable!
My data is my data and nobody has any business to use it in another way than the intended purpose. If you go into the dark and deep web, a lot of data is sold freely. And we are not even talking about sensitive information which is also available for a price. Anybody there can buy credit card info, get an Aadhar card, and even sensitive information of an individual which is bought and sold like veggies in the market. Chances are your credit card is already there for sale and you might never know about it. Ever wondered how cold marketing callers have precise info on your requirements? But the problem is nobody controls the internet and controlling the dark and deep web is almost impossible.
Cyber experts often say that you are secure till you are compromised. Everything is secure and nothing is secure. Sounds funny but that is a reality. No one can guarantee that its data cannot be stolen. All you need is a committed hacker with enormous resources and voila your data is gone. I have come across the Aadhar cards of foreign nationals. These Ids are created to snoop into systems, create telegram accounts for recruiting individuals for anti-national activities, and even incite riots and spread fake news.
The most dangerous war is not the one fought with weapons but waged clandestinely. Indeed we are vulnerable to cyber-attacks from all hostile players and countries. All you need is a will to do it and you can quickly put in place a piece of cyber-war machinery employing the best talent from across the world working in their own locations and collaborating on a project. Though having a protocol in place and laws to deal with data protection do help in a way but they have limitations. The data protection bill was a step in this direction. Though there is nothing wrong with it but it must be made more robust else it will not serve its purpose. We replicate and use European standards as a reference while making such laws but that does not always work. General data protection regulation GDPR in the western world and GDPR here are poles apart. Our bill was a copy-past of GDPR without taking into account our specifics.
Theoretically, we can say that government agencies must add filters to ensure data security. But that is easier said than done. And will not happen unless we have bilateral contracts across the globe because data doesn't remain static, it travels and traverses national boundaries. Your law is not enforceable there. until you have a bilateral. So an eco-system has to be developed where data is safe. This is the first step we must take. Our conditions are different from theirs, the character of data and stakeholders are different so are the conditions. Here sheer volume of data is mindboggling; which is next to impossible to keep track of. They can do it there but not possible here until we have a huge infrastructure in place. For instance, whenever data be it voice text or video etc. reaches European Union it is scrutinized on their parameters. They can track and fetch data legally from the signatory countries. India is not even part of the Budapest convention. So the biggest challenge is to integrate our system with the rest of the world. In a digital terms, the whole world is your playground and if you don't cover it there would always be grey areas where cyber criminals would take refuge.
Our data protection, as well as cyber war preparedness, leaves much to be desired. Interestingly enough we have even failed to screen the data thugs operating in broad daylight. A seminar is organized in India, duly cleared by the government. Many experts participate and get access to data to prepare a report. Turns out that the institute that organized it was a front for Beijing's cyber warfare.
The new technologies and AI makes the task easier and more difficult at the same time when employed to counter data theft it can be effective but when used by data thieves it becomes near impossible to even detect the crime let alone stop it. To ensure data protection and protect the country we need to have a two-pronged approach; first, establish a robust ecosystem in which we have tie-ups across the world and protocols are in place to follow in wake of data theft, and second of course building the technical capabilities which would give us the capacity to counter such incidents. Both would need political will and resources. The work must start now it might be too late to catch up!
This is second part of the series on cyber crime.
(Author is Chief Strategic officer and aerospace security. He is an eminent expert for counter-terrorism for West Asia & Middle East countries. The views expressed are personal)