Technology
Cybersecurity
‘India has made some progress in cybersecurity research and development over the years, but there is still a long way to go.’
This was the broad consensus among cybersecurity experts from academia and industry who discussed the state of affairs as part of a panel at the Bengaluru Tech Summit 2020 on 20 November.
Cybersecurity relates to the defence of cyber space, more specifically computers, servers, electronic systems, networks, and, most important, data, from attacks mounted by malevolent digital players.
Although cybersecurity has always been important in the context of information technology, the high internet adoption rates, especially in India, means that it has been bumped up the priority ladder by many governments.
Covid-19 has only accelerated the jump to cyber space for individuals, businesses, and governments, and in lieu of the increased threats, governments are responding.
So, how is India doing at the moment?
“Although we have made forward strides, India is still not a leader as far as cybersecurity research and development goes,” says panellist Vinod Ganapathy, an associate professor in the Department of Computer Science and Automation at the Indian Institute of Science.
He says that while there are many multinational companies in India working on cybersecurity, the same can’t be said about home-grown organisations.
Self-admittedly striking a more “pessimistic” tone, Sandeep Shukla, a professor in the Department of Computer Science and Engineering at the Indian Institute of Technology Kanpur, says: “In terms of manpower, we are facing the biggest challenge because we don’t have the right knowledgeable people to lead and we don’t have the right knowledgeable people to teach in academia.”
He spoke about his early experience in India where people would mix up the terms cryptography and cybersecurity. “Even at a parliamentary committee meeting… MPs (members of Parliament) were asking me what is the difference between cybersecurity and cryptography.”
India has made progress since then, but a “leadership vacuum” persists, he says.
To bridge the gap with the more developed nations in cybersecurity research and development, academia, industry, and government have to lead the charge together.
Specifically for academia, Professor Ganapathy says it has a two-pronged role – a) research and b) training and teaching.
“Research starts from the universities and works its way to industry, and so I think that in order to have an innovation pipeline, we need to emphasise the need for research and actually have research universities.”
However, training and teaching is where most people in academia are engaged in India.
He says scales should tilt more in the direction of research. In addition, “practical skills” at the “conceptual level” need to be given more importance by teachers and trainers.
What else can be done?
“One way to remedy this is to have more and more video courses that leaders in the field can record and make available to the public for free, and emphasise the need for doing these kinds of courses that are practical, hands-on,” Professor Ganapathy says.
“One thing that we need to change in India, from even school-level education, is the ability to think critically and express and be curious,” says Professor Shukla.
“What I find in today’s toppers of JEE… is that their main goal in life, with a miniscule exception, is to find the best internship in their third year and then the best placement in their fourth year.”
He reminds the panel that “best placement” here relates to pay rather than work.
“That attitude is not going to create an innovation workforce,” he says.
Industry man Dr Dattatraya Kulkarni, who is a senior principal engineer at security software company McAfee, agreed with the points made by professors Ganapathy and Shukla. He says there is indeed a need for more trained engineers to join the workforce.
“The key skill I need in engineers is the ability to think big about what problems our users face, what does protection really mean for users or enterprises or government… what unmet needs are there… That level of thinking about the problem is actually a skill that needs to be developed in students.”
He also recommends that leaders in the cybersecurity industry work more with academia and recruit the best talent so that they can, in turn, serve as role models for junior engineers in the company, leading to the creation of a talent pool.
If industry leads the way by showing students what exciting projects are out there and how they can grow in their careers, students would “naturally gravitate towards the field”, he says.
Besides academia and industry, the government is a major player if cybersecurity research and development in India has to take off.
Professor Shukla, who heads the C3I centre at IIT Kanpur, where academia, industry, and government work together, says, “The government has certainly made available a lot of funds, but the leadership of organisations who provide those funds don’t understand technology, engineering, or policy.”
Also, the government’s push to get more cybersecurity startups going may not be the best way forward, he adds, because “point solutions by startups are not going to make it to the market”. The bigger, more established players have the capacity to provide more integrated solutions.
“Overall, I think the government’s role is important, and thanks to them they have made money available, but I think their vision and strategy are not well thought out,” he says.
On the occasion of the seventy-fourth Independence Day, Prime Minister Narendra Modi took cognisance of cyber threats and their harmful effects as technology use continued to grow during the pandemic. He announced a new, upcoming cybersecurity policy for India that is currently in the works.
The Karnataka government, which is spearheading the Bengaluru Tech Summit 2020, has also been taking steps towards cybersecurity. Just in May this year, it launched the state’s first accelerator programme for startups working on cybersecurity. It already had 21 startups on board by then.
Karnataka is also working on a new cybersecurity policy to protect its digitisation efforts in the state.
These steps are becoming ever more important as information technology pervades nearly all aspects of human life.
Ideas shared by the cybersecurity panel at the Bengaluru Tech Summit should give academia, industry, and government something to chew on.