Partner Cyber Advisory and Threat Intelligence, Deloitte, Australia
Senior Research Fellow Technology, National Security & Science, Heritage Foundation, US
Dr. Madan M. Oberoi
Special Commissioner of Police (Special Cell and Technology Cell) Delhi Police, India
CTO Bhujang, India
Lead Analyst, Cyber Initiative IPAG
Kukreja, in his Keynote Presentation, underlined the significance of viewing data as a key asset. He further emphasised that breaches are inevitable but what really matters is that people are not subject to extortion and ransomware, their services are not denied and there is no disruption. He was of the opinion that the solutions for cyber security cannot be sought at the policy level discussion. He rather suggested that such breaches can only be resolved by individuals as a group as security is a chain of individual decisions and is a shared responsibility.
Mr. Kitchen, in his Keynote Presentation, highlighted three key trends in the cyberspace – we are innovating faster than we can secure, the security burden is migrating from the state to the private sector and, the illusion of “neutrality” is being stripped away. He highlighted that there prevails a kind of techno-idealism which assumes that technology is the key driver of progress, and that economic, social and political bumps and refinements caused by technology should be sparked not avoided. Kitchen also underlined the rise of ‘digital mercantilism’ due to the coercive economic policies followed by certain countries particularly China. The key recommendations made by Kitchen are that the government which enjoy exclusive information, capabilities and authority should use it better by sharing it with the industry and acknowledge the presence of other stakeholders in security issues and that the industry must shed its techno-idealism.
Pukhraj Singh asserted that cyberspace is a contested territory and rather than viewing it as an object of offence and defense, it should be seen in terms of control and non-control because all nation- states try to establish a modicum of control over cyber space. Furthermore, according to him privacy laws such as the General Data Protection Regulation (GDPR) are a defeat since it concedes to the fact of giving up on the agents who consume information and to the agencies that analyze that information.
Mr. Singh underlined that there is no difference between observability and identifiability in the cyber space, and control, ownership, and possession of assets in data in cyberspace do not overlap. This is where cyber offence comes into being because it is mathematically impossible to figure who controls the data. On data sovereignty and the possibilities for India, he was of the opinion that India cannot take a middle stand and either has to submit to the hegemonic stand of existing nation-states which control the internet or create a dystopian state which is founded on data sovereignty.
Rafiqul Islam also agreed that the pace of innovation is moving ahead of policy and law-makers and therefore, there is a need to protect and secure different data layers from others as there is no trust in the cyber space. Further, he stressed on the need of having strong law enforcement mechanisms to deal with cases of technology and data breaches.
During the panel discussion the Moderator, Dr. Oberoi, initiated the discussion by observing a dichotomy between the physical space, where there is no trust and the regulation is expected from the law enforcement forces, and the cyber world, and an inherent faith in the goodness of people to self-regulate. He questioned whether it is an open admission of insufficiency to be able to enforce our own norms. As a response to this, the issue of ‘no trust’ in cyberspace was discussed and need for having control mechanisms in place to monitor and report was emphasized. Another guiding question was whether the need for sovereign cyber space is actually about sovereign Balkanized cyber space. Pukhraj Singh responded that notions of territoriality and causality that lead to proportionality, and the dimension of legality fail in cyber.