Opinion: Deeper India, US ties should include cybersecurity, too
In the last year of the Obama administration, it's time for India and the US to formulate a cybersecurity partnership so both sides protect their mutual interests in the digital realm.
With plenty of fanfare in Delhi, Indian Prime Minister Narendra Modi announced in January the $1.5 billion Start-up India to enhance India's economic growth and expand Internet access nationwide.
It seems that Mr. Modi rightly believes in the power of technology to facilitate his country's economic development. Increased connectivity can help Indians deliver goods and services across the country and participate in the global economy.
Yet the march of technology is not all wine and roses: Expanding connectivity brings increased vulnerability to cyberattacks, including to critical infrastructure, such as the recent attack on Ukraine’s power grid that resulted in widespread blackouts. India faces real cybersecurity challenges that could impact its national security and economic wellbeing.
That's just one of the reasons why Washington and New Delhi should move swiftly to develop a robust and multifaceted cybersecurity relationship. Given the vitality of the United States-India partnership and the increasing cyberthreat to the national security and economic interests of both countries, the time is right for the two countries to expand their cybercooperation.
There's strong strategic rationale for doing so. The US's and India’s shared democratic values form the foundation of an already strong Strategic Partnership – announced in 2014. The two countries cooperate on an array of issues from stability in Afghanistan to curtailing climate change and strengthening maritime security. They share close people-to-people ties and cultural values, as well as a commitment to growing their technology sectors and ensuring an open, secure, and resilient cyberspace.
India has already publicly signaled its embrace of a free, open, and secure Internet through its commitment to a multistakeholder model of Internet governance. It can build off of that foundation by working with like-minded states to set and abide by transparent rules of the road for state actions, including military operations, in cyberspace.
India already plays a key security role in the Asia-Pacific and is a vital part of the US long-term diplomatic and military engagement in the region. Increasing collaboration between the two countries in cybersecurity is a natural next step in building a regional security system that emphasizes cooperation over competition, clarity over uncertainty.
Closer US-India cyber cooperation makes sense for economic security too. Today the US economy derives anywhere from 3 to 15 percent of business value add from the tech sector. In India, more than 10 million people are employed in technology, which is growing at 11 percent annually and expected to top $350 billion by 2025.
What's more, strong links already exist between the US and Indian technology sectors: Microsoft earns approximately $1 billion a year in India through its 5,000-person team based there. The company recently opened a cybersecurity center in Gurgaon to help protect India's critical infrastructure. India is succeeding in attracting other leading technology companies to India as well – Uber has a strong presence and Netflix launched in January.
Collaboration between India and the US could help both countries make better policy decisions on pressing topics, including the balance between strong encryption and law enforcement requirements, norms of responsible state behavior in cyberspace, and deterrence.
India's influence in the developing world and its key voice in international venues give it credibility that the US can sometimes lack. Civil society groups in both countries – think tanks, universities, and nonprofits alike – have a critical role to play in developing policies in partnership with government and the private sector. Together these groups can help find the right balance among different values and interests – in privacy, commerce, and security – that are all implicated in cybersecurity policy debates in India and the US.
India and the US should take several concrete steps to deepen their cyber cooperation in 2016:
First, they should commit to building ties between the people and organizations entrusted by government, the private sector, and civil society to keep cyberspace open, secure, and resilient. This includes nurturing the talent required to carry out the seven core functions identified by the US National Cybersecurity Workforce Framework.
It also means training the developers and programmers demanded by the private sector, as well as the policy and legal experts required by government and civil society. Experts should ideally be educated in a multidisciplinary setting such that they are conversant in both the technical and nontechnical aspects of cybersecurity. Collaboration between multidisciplinary cybersecurity programs such as UC Berkeley’s Center for Long-Term Cybersecurity and leading Indian educational centers can help in this endeavor.
To succeed, both countries must create opportunities for capable engineering and cybersecurity talent from the private and academic sectors to serve the public interest. For cyber positions, India struggles with attracting talent away from nicer climates, offering more lucrative salaries, and the often more dynamic private sector work environment.
The US faces similar challenges in convincing leading technology talent to step away from high-salary jobs in places like sunny California to serve in government or the nonprofit sector.
Leaders in both countries should encourage their citizens to join government for temporary cyber-related duties and make it easier to do so through mechanisms akin to the US Digital Service. In addition, the Department of Defense recently launched Innovation Unit-X to engage with US tech companies. India could create a similar mechanism for outreach in Bangalore or Pune.
Second, the two countries should cooperatively develop concepts for cyberdefense and national security strategy in cyberspace. Shared concerns about China's cyberactivities provide a good starting place for conversation. Discussions should also include the development of clear agency responsibilities, the governance of offensive cyber operations, the role of declaratory policy, and steps for managing conflict escalation.
Think-tanks in both countries should play a key role in helping develop cyberstrategies. Several think-tanks in the US, including the Carnegie Endowment for International Peace through its project on norms for offensive cyber operations, are helping governments explore questions of cyber strategy. The upcoming US-India Track 1.5 Dialogue is a perfect opportunity for US and Indian experts from academia, civil society, and the government to think through strategic issues.
Third, the two countries should hold exercises to deepen their understanding of the threat and identify roles for public and private organizations to play during an incident. Exercises should focus on information sharing and contingency planning for preventing and if necessary responding to a destructive cyberattack. Companies are a first line of network defense in an incident, but there may come a time for government to step in as well.
The final year of the Obama administration offers a promising opportunity for India and the US to deepen their cybersecurity cooperation. Taking meaningful steps to help ensure and defend an open, secure, and resilient cyberspace will promote both nations’ national security, but also their economic prosperity.
Jonathan Reiber is a senior fellow at Berkeley’s Center for Long-Term Cybersecurity and former chief strategy officer for cyber policy in the Office of the US Secretary of Defense. Follow him on Twitter @jonathanreiber.
Eli Sugarman is the Cyber Initiative program officer for the William and Flora Hewlett Foundation and formerly a foreign affairs officer at the US Department of State. Follow him on Twitter @EliSugarman.