- This article is about information technology field in which india needs to become sovereign as we know India is a sovereign nation; is it digitally sovereign, too? In This article examines the degree to which India is self-reliant in electronic hardware. After all, for a country to be self-reliant in the information age, it has to either attain indigenous capability in electronic manufacturing and services or be equipped to protect data and mitigate the threats associated with supply chain vulnerabilities. This article refers to self-reliance in electronic hardware as ’electronic sovereignty or ’e-Swaraj’.
- Information and communication technologies (ICT), and the Internet in particular, have become major driving forces of socioeconomic development: by one estimate, a 10-percent increase in mobile and broadband penetration increases the per capita GDP by 0.81 percent and 1.38 percent, respectively, in developing countries.India, too, has taken steps to utilise ICT for development. Transforming the country into a digitally empowered society and knowledge-driven economy is at the heart of ‘Digital India’, which is among the Modi government’s flagship programmes.
- The initiative seeks to guarantee the availability of government services and information on a 24×7 basis irrespective of the user’s geographical location. For this programme to succeed, it is necessary to set up information networks and ensure their interconnection with almost all systems of the state like transport, energy, railways, banking, government institutions or public services. This interconnection is bound to deepen with the advancements in technology and Internet of Things.
- ICT systems and digital technologies are the mainstay of an information society as these networks and physical infrastructure form the digital highways on which data flows. Most equipment and technology for setting up such infrastructure in India are currently procured from global sources.
- These systems are vulnerable to cyber threats just like any other connected system but perhaps the most important known attack vector is through the digital ’supply chain’, information infrastructure and various networks and systems of government and the private sector that extensively leverage latest technology and commercial electronic components, viz. hardware, software and firmware sourced from global sources. Global procurement has an inherent advantage of getting state-of-the-art technology at competitive prices.
- Lack of Indigenous Capability
- Lack of Policy Guidelines:
- Non-Availability of Testing Facilities:
- Lack of Coordination:
- Non-Availability of Standards:
The National Cyber Security Policy promulgated in 2013 also articulates the method for reducing supply chain risks:
- Create and maintain testing infrastructure and facilities for IT security product evaluation and compliance verification as per global standards and practices.
- Build trusted relationships with product/system vendors and service providers for improving end-to-end supply chain security visibility.
- Create awareness of the threats, vulnerabilities and consequences of breach of security among entities for managing supply chain risks related to IT (products, systems or services) procurement.
Role of digital india programme:
- The government has launched the Digital India and Startup India programmes to boost digital economy and local entrepreneurship ecosystem. Indian companies which saw growth a few years ago are today facing competition from international companies which have deep pockets and access to technology.
- To have a thriving local digital economy and technology, the government must implement policies that enable and nurture local digital talent and give domestic companies a level-playing field.
The main challenges being encountered in mitigating the supply chain are enumerated as under:
- Cost: The most preferred approach is to look inward, i.e. indigenous software, hardware. These involve an additional cost in R&D. And R&D is both capital and time-intensive. Are we as a nation willing to wait till an indigenous capability is developed, which may take decades? The economies of scale will also weigh against this route.
- Public Private Partnerships (PPP): It is a well-known fact that the private sector has expertise and the wherewithal that is not available with government. Hence involvement of private industry as a partner with government is of paramount importance. PPP is required in fields associated with incident sharing, R&D and remedial action.
- Multiple Agencies: Supply chain has multiple stakeholders spread across a vast spectrum of engineering, technology, procurement agencies, system integrator and maintenance organisations. It is not humanly possible to have a security vetting of all processes and associated people.
- Indigenous Capabilities in Manufacture: Current indigenous capability is at a nascent stage. According to the Minister of Communication and Information Technology, the government will push for setting up chip-manufacturing facilities in India.The government also offered sops for electronics manufacturing in eight cities.
- User Awareness: The common user may not be aware about the implication of security features, and may want cheaper electronic items. The cheaper an item, the more are vulnerabilities. Most equipment, objects and services currently available do not have the level of data security that enables them to avoid an incident.
- Information security has a direct bearing on national security and the threat landscape is going to increase further with more and more systems getting interconnected. Following are some of the measures recommended for achieving self-reliance in core technologies and to mitigate the threats to information systems:
- Follow Good Practices:
- Import through a Central Agency
- Import Classification:
- Masking the End-User:
- Malicious Code Certificate:
- ‘Make in India’: The Make in India initiative should give impetus to the indigenous design, development and manufacture of system, sub system, components and software. This, however, should be restricted to sensitive portfolios only for the reasons mentioned above in the paper.
- Testing Capability: At present, there is only one STQC facility, that in Kolkata. This can be replicated in other locations. The fact that import of high-end equipment will only increase underlines the need for setting up more domestic testing facilities. Till indigenous facility is built, testing could be undertaken of random samples at third country premises.
- Policy and Guidelines Formulation: These are a must for developing indigenous capabilities as well as for streamlining import procedures, including testing of electronic inventory. Policies are the pillars for mutual trust between the government and private industry.
- Data Protection: Protection of a data is important, especially when the data available on the internet is residing outside the geographical boundaries of the country.
- Network Providers: Data rides on networks created by telecom service providers(TSPs). TSPs should be held accountable for providing communication channels free from malware infections. TSPs should devise measures to ensure that only malware-free devices are hooked to their network.
- Public- Private Partnerships: The expertise lies with private industry while formulation of policies is the domain of the government.
- Trusted Agency: Incorporating the Defence Research and Development Organization and Department of Electronics and Information Technology in strategic projects from conceptual stage to mitigate the problems.
- India is experiencing a rapid transition to a digital technology-driven country. Although this shift carries enormous possibilities for the country’s growth, it also exposes it to cyber threats. The government has launched ‘Digital India’ and ‘Make in India’ programmes to digitally empower the society, but it has apparently failed to articulate on India’s data and digital sovereignty As the world becomes increasingly interconnected, the protection of privacy, data and digital infrastructure of the nation would assume utmost importance. These factors would play a vital role in its digital sovereignty—or believing that a nation has attained e-Swaraj.