India-UK cyber security cooperation: The way forward
A strategic expert points out areas that the UK and India can focus on to improve cyber security cooperation.
Highlights:
Cyber issues constitute an important aspect of the India-UK security relationship.
Non-state entities based in Russia, China and the US are the main sources of cyberattacks against India due to their domination in areas including the smartphone market and fibre optic routes.
UK and India need to engage more deeply on countering online radicalisation, extremism and terrorism.
It is not well known that cooperation on cyber issues constitute an important aspect of the India-UK security relationship. Opportunities to enhance cyber cooperation relating to threats, challenges, defence, crime, international law, diplomacy, governance and prosperity could ensure substantive bilateral security convergences post-Brexit.
Both India and the UK share a common vision and principles for cyberspace. These include a commitment to a free, open, peaceful and secure cyberspace; recognition of the importance of cooperation for combating cyber threats; promotion of cyber security; and a commitment to the multi-stakeholder approach to internet governance.
These are especially important for India's 600 million internet subscribers and 650 million mobile phones, of which nearly half are smartphones. India's e-commerce of nearly $30 billion is expected to increase with the introduction of the Fifth Generation (5G) cellular network technology. But this also means considerable targeted cyber threats and challenges. Non-state entities based in Russia, China and the US are the main sources of cyber attacks against India due to their domination in areas including the smartphone market and fibre optic routes.
India-UK Cyber Dialogue
Following India's Ministerial participation in the London Conference on Cyberspace in 2011, the first India-UK cyber dialogue between their foreign ministries was held in New Delhi in November 2012. Both sides agreed to cooperate on reducing the risk of threats from cyberspace to international security; tackle cyber crime; raise mutual resilience; build skills and capacities; and create a global multilateral, democratic and transparent system of internet governance.
In November 2015, as part of the new UK-India Defence and International Security Partnership, both sides also agreed to establish a Cyber Security Training Centre of Excellence.
India-UK cyber cooperation was boosted in April 2018 with the signing in London of a five-year 'framework agreement' during Indian prime minister Narendra Modi's visit. The fourteen areas of cooperation included exchanging information and strategies for effective cyber security, crime, international law, incident management and threat response; promoting cooperation in the fields of cyber security-related research and development, and cyber security product development; and developing a common and shared understanding of international cyber stability, and destabilising cyber activity.
As a result, four working groups were set up covering cyber diplomacy, cyber crime, incident response and the digital economy. The only other country to have an annual cyber dialogue and associated joint working groups with India is the US. The UK and India also agreed to work together to provide practical support to help Commonwealth member-states boost cyber security capacity.
The Fourth foreign ministry-led multi-ministerial India-UK Cyber Dialogue in June 2018 exchanged views on the international cyber threat landscape and their respective national cybersecurity efforts and strategies. Both sides agreed to promote and improve cybercrime cooperation against non-state actors through the bilateral treaty on Mutual Legal Assistance in Criminal Matters. Speaking in New Delhi in January 2019, UK Cabinet Secretary and National Security Advisor Sir Mark Sedwill urged thinking of cyberspace “not as a thing but as a place” and called for partnerships between countries committed to the “global rule of law”.
Limited cooperation
The UK's National Cyber Security Centre (made operational in 2016) has been a model that India follows closely in the development of its own National Critical Information Infrastructure Protection Centre (NCIIPC), set up in 2014. Both countries continuously engage with each other over cyber crime. In March 2016, an MoU was signed between their respective Computer Security Incident Response Teams. Alumni of the British Cyber Chevening fellowships for a 10-week course in the UK now include more than 30 cyber security experts.
But, the Cyber Security Training Centre of Excellence has not been established, even as British Telecom opened a global cyber security operations centre in Gurugram (next to Delhi) in July 2018. The four government-led joint working groups have not been operationalised and the Fifth UK-India cyber dialogue, scheduled for this year, has not been held. It is no surprise, therefore, that in June 2018 the report of the Foreign Affairs Committee of the UK House of Commons titled
recommended a “resetting” of bilateral ties including closer cooperation on cyber security. Similarly, a 2018 report of the International Relations Committee of the House of Lords on UK foreign policy recommended that the UK Government should “seek to reset and elevate its relationship with India by focussing on strategic priorities such as cyber security and maritime issues in the Indo-Pacific”.
More needs to be done - and quickly
Clearly, more needs to be done - and quickly - to enhance India-UK security cyber security cooperation.
Capacity building towards the protection of critical information infrastructure has tremendous potential. This includes prospective UK investments in Skill Development on cyber issues in India as well as the establishment of cyber laboratories for the testing and certification of cyber security equipment and products. Also, cyber security training, including sharing best practices, evolving critical doctrines and concepts, and working out hardware and software solutions to challenges from emerging technologies in the field of encryption and communications, including 5G.
Both countries could seek to upgrade their current system of paper-based Mutual Legal Assistance Treaties (MLATs) into electronic (E-MLATs) as well as prioritise the use of Artificial Intelligence; and focus on the protection and safeguarding of the fibre-optic cables that run through regional maritime sea lines of communication to secure the transport of cyber and digital data between the two countries. Both sides also need to engage more deeply on countering online radicalisation, extremism and terrorism.
Diplomatically, the UK could also potentially play a role in universalising - through the UN - the Budapest Convention, which provides a legal and enforcement framework against cyber crime. Multilaterally, the WTO provides tremendous scope for an India-UK joint development of a harmonised system of classification for prospective electronic commerce. As a start, the Fifth UK-India Cyber Dialogue needs to be held and the four working groups need to be operationalised. These should take place shortly after the new British government takes over in the New Year. It is also likely that engagement with India's National Security Council Secretariat (NSCS), a separate and powerful entity under the recently-publicised Allocation of Business Rules of the Indian government, will be key as cyber security is now under its purview.
Rahul Roy-Chaudhury is Senior Fellow for South Asia at the International Institute for Strategic Studies (IISS), London.