Security has grown into a big concern among corporates. Worldwide, especially
in the US, major initiatives have been taken to tackle security related
problems. Of late, there has been a growing awareness in India too on the
aspect. That the recently held World Economic Summit in New Delhi had a full
session dedicated to IT security, is a pointer to this.
One of the key speakers at the session was Shakil Kidwai, VP, global
information assurance services, EDS Worldwide. Kidwai has done pioneering work
on security paradigms for governments and corporates. He has served as an
adjunct professor at Virginia’s George Mason University and has been a regular
speaker at global cyber-security conferences. Within EDS, Kidwai has handled key
international positions including management positions on major projects in
Iran, Kuwait and Saudi Arabia. He spoke to DATAQUEST during his visit to New
Delhi to address the CII session. Excerpts:
What is your perception of cyber security threats in this highly networked
new economy?
Security is one of the major issues of this digital economy.
Today, security of transactional data, intellectual property and privacy have
become real-time issues. In old economy, business relations were limited to a
few trading partners, distributors and countries. The new economy business is,
however, happening globally and across several countries. This also means that
you are opening your business base to the world. While there are laws to deal
with physical terrorism across the world, there are none to deal with cyber
terrorism. Fortunately, the world is now unanimous in defining such acts as
cyber terrorism and agrees that there is a need to be legally equipped to be
able to prosecute such culprits.
What are the measures needed to address this?
It has to be a common law and something that the
international community can come out with together. Otherwise, the problem would
continue to stare at us. Just to give you an example, it might be possible that
India has a very protected system with stringent laws in place, but when you are
trading with another country via the Internet and that country does not have any
law to curb cyber crime, you are exposed. So all your trading partners are your
weak links in the whole Internet. If you are opening your network to a partner
or a country that does not have an adequate security mechanism, you are opening
your network to anything that can be done sitting in the remotest corners of the
world.
The European consortium, G-8, is already working towards
implementing laws for cyber security and privacy. This is a very good move, but
what we need are not laws by regions–the Asian laws, the American laws or the
European laws–because then we can never connect to each other in terms of
realizing our dream of a global economy. For true globalization we need very
clear global laws that are accepted across boundaries.
Don’t you think there is also a need for the United
Nations to take an initiative?
Ultimately it will get there. But the problem today is that
the technology is moving at a much faster than the processes. Also, everybody
would agree that the governments in general work slowly, irrespective of whether
it’s in the US or in India or in any other part of the globe. It is true for
the UN too. As a first step, what needs to be achieved is an understanding
between the major governments on the issue. India is one of the major trading
partners and so are the European countries, Japan and the US. These countries
should work together and create a draft paper before making a move at the UN.
Regarding the G8’s attempt to formulate cyber security
laws, how exactly are they going about it?
They are doing what needs to be done to secure the cyber
environment and are also looking at the privacy issues. But the problem is they
are looking at the whole issue more from the European perspective, and that is
not completely in sync with what the US or other countries are doing. While the
US is working closely with them, other countries are not at all involved in the
process. All this, I am afraid, will lead to lots of region-specific policies
and laws that would require a long time to integrate.
However, as this is a virgin area, the world has the
advantage of working together since the very beginning and creating policies
that would benefit all communities across the globe. So I believe the WTO and
the UN definitely have big roles to play. Also, regional forums like G8 and
SAARC need to think about how to work from a common platform.
How would you compare the cyber security scenario in the
US and other countries?
In the US they are taking it very seriously. The government
has set up a commission on protection of critical infrastructure, which has
already delivered a national plan to safeguard it. In fact, they are looking at
the whole issue from the national security perspective because they believe that
the next world war will not be fought on the battlefields but on the networks.
Hence, they are serious about protecting their networks and the country.
What are the other security tireats and how serious can
they be?
Security issues today are more than just hacking and what is
being reported as cyber crime is just the tip of the iceberg. What is happening
in the real world is very frightening. It is something that can impact a country’s
economy and cripple it. The accumulated loss inflicted by the "I Love
You" bug–from productivity to business to loss of credibility–is
estimated at several hundred billion dollars. Imagine, if all this was focused
on a single country like Singapore, it would be economically drained and dead.
Hence Singapore is taking up the issue very seriously. The Canadian and the
European governments are planning to adopt the US model. I believe, that is the
way one should proceed because these utilities and other services are indeed
national assets and need to be protected.
According to industry projections, nearly 40% of e-commerce
transactions will be wireless by 2004. This means that wireless security is
becoming a major issue. Singapore, Europe and certain Asian economies are
looking at the issues quite seriously. Unfortunately, the countries are doing it
on their own. What is lacking is the cohesive effort by all in this direction.
Shubhendu Parth in New
Delhi