/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2016/08/Converged-Infrastructure-101_700x400.png)
Critical infrastructures have been a bullseye for bad actors in 2021, bringing the integrity governing these operational technology systems under heightened scrutiny on the heels of large-scale cyberattacks targeting water facilities, gas pipelines and meat processing plants.
Closer to home, the cyberattack on the power grid in Mumbai among other incidents have a huge bearing on the trust and credibility of critical infrastructure. Any downtime of operations can cost millions of dollars but also has the potential to have serious economic impacts — food security issues, fuel and electricity shortages and contaminated water supplies. Time, resources and money going into responding to an attack on critical infrastructure are other factors that need to be considered. The constantly evolving threat landscape calls for a robust cybersecurity policy, one that allows for public-private collaboration.
In a workshop earlier this month, Lt. Gen Rajesh Pant, India’s National Cybersecurity Coordinator, was accurate in saying that India’s National Cybersecurity Strategy requires a common differentiated responsibility and the onus is on all involved parties, including corporate organisations and the government.
Cybersecurity is everyone’s responsibility and neither organisations or the government can address it alone. Here are reasons why public-private partnerships are crucial to creating a more cyber-resilient nation:
Shared management: In India, critical infrastructure in sectors like telecommunications and power are owned and operated privately. If governments view owners and operators as essential partners in protecting critical infrastructure, it addresses several challenges. Government and industry often have access to unique sets of information. When this information is shared, the stakeholders get a holistic picture of their threat surface. Public-private partnerships (PPPs) are essential to identify potential threats, understand how the risks can be managed and determine actions to address these risks.
Supply-chain security: The ripple effects of the SolarWinds attack has only made it more important than ever to have a cyber-resilient supply chain. The challenges that supply chains pose call for scalable solutions and PPPs can be pivotal. Since supply chains are increasingly global, policies that exclude technologies based on vendor or product nationality prevent the adoption of cutting-edge security solutions developed across the world to be adopted within the country.
Policies: One of the critical takeaways from recent cyberattacks is that cybersecurity strategies need to be weaved into the planning and maintenance of critical infrastructure. For instance, as the Indian government plans to digitise citizen services, having policies that require the government and its contractors to include cybersecurity strategies, can significantly improve their overall security posture. PPPs also allow stakeholders to make more informed decisions about how to protect networks and mitigate risks that may have repercussions across networks.
Law enforcement: In India, there are a number of cybersecurity cases that go unresolved as law enforcement requires extraterritorial access to electronic evidence. To make investigations and prosecutions more efficient a public-private partnership that allows information-sharing strengthens these mechanisms.
Cyber hygiene and skill improvement: As governments and organisations emphasise the importance of cybersecurity, it’s led to the demand for more cybersecurity professionals. A recent study by recruitment company Michael Page showed that India is set to have over 1.5 million unfulfilled job vacancies in cybersecurity by 2025. It is important to encourage the growth of this skillset and increase organisational awareness across the government and industry verticals that face cybersecurity challenges. Increased funding or a public-private collaboration to encourage students to take up STEM fields is not only valuable for creating the next generation of cybersecurity professionals but can also help to promote vocational and mid-career education programs for STEM.
No longer a pipe dream
Just a few years ago, one would have thought that public-private partnerships for cybersecurity were a pipe dream. In 2021, private entities and governments report the risk of cyberattacks as one of their top priorities that require attention. The first step is to forge a partnership, discover common ground for effective communication and identify the differences that need to be addressed. Partnerships focused on strong cybersecurity measures to effectively mitigate the risk of cyberattacks can build a more cyber-resilient India in the years to come.
The author is Kartik Shahani, Country Manager, Tenable India