ET BureauI believe India’s future is digital. Indeed, mankind’s future is digital. I envisage a new India in the nottoo-distant future, where almost everything we do is digitally transformed…I see a new India which will use digital currency instead of paper money, for a more secure and convenient way to transact.
— Chairman Mukesh Ambani at Reliance Industries’ 39th annual general meeting in June 2013
After building world-class capacities in petrochemicals and petroleum refining, and working towards creating similar size and scale in organised retail and digital telecom services, where does a Rs 3.7-lakh-crore conglomerate look next for growth — growth that fits in with India’s largest private sector corporation’s four decades’ old obsession with all things large and scalable?
The opportunities for such growth for Mukesh Ambani, the 56-year-old chairman of Reliance Industries Ltd (RIL), are many. Just one of them: a billion-dollar game plan for aerospace and homeland security, headed by Vivek Lall, the former Boeing head honcho.
Lall may find himself once again burning midnight oil — along with Ambani and his core team — over yet another new venture, one that dovetails swimmingly well with homeland security and RIL’s strategy to deliver digital content, applications and services through a pan-India broadband network.
Cyber security is the newest blueprint on Ambani’s drawing board. And it is still getting its finishing touches. “After all the RIL chairman knows only too well the Chinese proverb that a journey of a thousand miles starts with a single step,” says a person close to the matter who vouches for the fact that RIL is pursuing opportunities in the cyber security sector, both at home and abroad.
“This is yet another single step for him,” says this person who emphasises that the billionaire had helped the company his father Dhirubhai built take many such “baby” steps before making giant strides in oil and gas exploration and production, refining and marketing, petrochemicals, retail and telecommunications.
Ambani’s reasoning for entering cyber security is as simple as simple can get, argues this person who didn’t wish to be named. As a company which is among the most vulnerable ones in India to cyber attacks thanks to the nature of businesses it is in, RIL will continue to aggressively build a cyber security network to protect its own assets and will then look for selling those security solutions in the market.
RIL, the operator of the world’s biggest oil refinery complex at Jamnagar in Gujarat, may launch a “cyber vertical” for this purpose, the person adds without giving details of what he calls Ambani’s “ambitious new” plan.
“All I can say is he has a vision in this segment and at a time when businesses are increasingly getting connected to the internet and in the process confronting challenges to secure their networks, it makes perfect business sense to be there,” he notes. An RIL spokesperson declined to comment on specifics of the cyber-security plan.
Critical Reasoning
Sunjoy Joshi, director of think-tank Observer Research Foundation, which is organising a major cyber security conference in Delhi next week, reckons that it is only a matter of time before the private sector takes a lead role in developing solutions to safeguard critical infrastructure and all types of businesses.
Big companies such as RIL, Tata and Bharti will naturally explore possibilities in the area, he posits. “Smaller players too will join the race…the government can’t manage things on its own. It will have to not only enlist the private sector but go beyond — by taking support from other organisations and individuals to rev up the country’s cyber security prowess.”
According to Rakshit Tandon, consultant, Internet and Mobile Association of India, companies such as RIL, Tata and Bharti, “as prime service providers to the cyber and IT infrastructure space, will surely play a vital role in sharing their learning and vulnerabilities, which will help India’s cyber-security framework become stronger”.
In fact, most of these companies need to keep safe their critical assets as they expand operations. For instance, RIL, which currently imports 300,000 barrels per day (bpd) of oil from Venezuela for processing at its twin refineries in Jamnagar, wants to increase these volumes shortly, possibly to 400,000 bpd, according to news reports.
Subramanian Ramadorai, a former CEO of TCS and now chairman of the National Skill Development Agency (NSDA), points out that many private companies in India have considerable experience in cyber security. “The offshoring model has now matured significantly with several top-of-the-line security controls and processes.
Private companies have a lot to share in terms of experience and in capacity building of relevant skills.” Ramadorai adds that Indian industry as an initiative has set up a not-for-profit company called DSCI to develop best practices in cyber security and “leverage the experience in private sector in the country for government purposes” (see Hire Ethical Hackers...).
At the Vanguard
RIL had, in early 2011, set up its homeland security and aerospace businesses by roping in then Boeing India chief Lall (when asked, Lall declined to comment on the specifics). As head of Reliance’s homeland security venture — which again has its genesis in the necessity to secure its own assets — Lall, 44, is seen as the natural choice to head the cyber security vertical once it is launched. Lall, a former Nasa scientist who had earlier worked in global firms such as Raytheon, refused to comment on any such possibility either.
Lall is currently member of a joint working group ( JWG) set up by the government of India to explore ways to build India’s cyber-security backbone. His JWG membership confirms the government’s willingness to tap the potential of private players, says a home ministry official. After all, the situation is grave, admits this official who asked not to be named.
Cyber security, a relatively nascent industry in India, has not kept pace with the growth of information technology in a country of 1.2 billion. According to Nasscom, the local IT industry touched $100 billion in revenues last year. “Cyber security in India is in a pitiable state,” says the home ministry official.
Of course, he is on the ball because cyber crime was categorised as a punishable offence only as late as 2008 when the government came up with the IT Act 2008. This, at a time when the country’s official data is getting increasingly stored online. Hostile neighbours and wily groups of global and local extremists are bracing themselves in no-holds-barred cyber warfare — not only China but Uncle Sam is also snooping on local official information and spying on core assets.
According to another home ministry official, the most frequently attacked networks include the Prime Minister’s Office and the Ministry of External Affairs. Though DRDO comes on this list of targets, the nodal defence research agency keeps issuing statements denying any attack on their networks. The number of cyber security attacks on India rose to 22,060 in 2012 from 23 in 2004, according to government data.
The country is also facing a huge shortage of cyber-security professionals: it requires 5 lakh such people, but has only 556 in comparison with 125,000 in China, 91,080 in the US and 7,300 in Russia, according to official data.
In those numbers lies a clear business opportunity in cyber security. According to PricewaterhouseCoopers, India’s digital information security market is expected to grow 18% a year as the country moves beyond mere installation of firewalls and anti-virus software. Interestingly, a huge number of companies have a newer set of CXOs — chief security officers (CSOs) — on their payroll.
Unsurprisingly, companies such are RIL would like to be at the forefront of the publicprivate partnership the Centre has envisaged to combat cyber crimes unleashed on the country. The government’s new cyber security plan — cleared by the Cabinet a few months ago — looks at bringing together organisations such as NTRO, defence and home ministries, CERTIn and so on to work towards a common cause.
The Central Initiative
The cyber security JWG formed under the national security adviser (NSA) has recommended the creation of a permanent JWG under the National Security Council Secretariat (NSCS) — which falls under the National Security Council headed by the prime minister – with representatives from the government and the private sector. This permanent JWG is meant to act as an advisory body and coordinate public-private partnerships (PPPs).
The mandate for private-sector companies would be to set up cyber security mechanisms across segments they are present in and then to share their learning with the NSCS. According to official reports, some of the NSA’s recommendations include the government and private sector jointly training almost five lakh cybersecurity professionals in five years.
The government — which, according to at least three defence officials, is covertly recruiting young hackers to man its cyber-offensive units as part of efforts to take on the Chinese and American onslaught — is also keen that local companies develop indigenous defensive software because they feel foreign-origin software is compromised.
The JWG also envisages the creation of testing and certification centres and pilot projects for conducting test audit on IT products. Officials are also deeply concerned that India is among the top five countries whose data has been compromised for years by the American NSA surveillance system.
Changing Times
Senior IPS officer Muktesh Chander, former director of National Critical Information Infrastructure Protection Centre (NCIIPC), says he is no admirer of the idea of critical infrastructure protection being handed over “indiscriminately” to the private sector. He sees dangers in such decisions.
However, Chander, an electronics engineer by training, says he would be glad to see Indian companies come up with path-breaking solutions and products such as routers (to lower reliance on US networking giant Cisco), or develop an encryption algorithm (which converts electronic data into a meaningless form that cannot be read or understood; it is reconverted with a user’s password), chips and so on to ensure much lower reliance on overseas companies.
Chips made abroad can be used by countries from where they are made to snoop on India, if they want to, notes Chander, who had earlier worked with Bharat Heavy Engineering Limited as a quality-control engineer.
Chander sees more private-sector companies managing critical infrastructure because more such companies are entering into the area which was once a preserve of the government. “Certainly there is a lot of scope for companies such as Bharti and RIL to tap the opportunity. Some solutions can only be developed by companies deeply involved in specific businesses. Their knowledge in enhancing cyber security is very valuable,” says this tech-savvy officer who is currently joint commissioner, Prime Minister’s security.
He is now pursuing a PhD in cyber security from IIT Delhi. Chander only hopes that such efforts to buttress India’s cyber security prowess don’t go the way of the country’s semi-conductor manufacturing initiative (which, he says, has reached nowhere) and the nuclear programme, which, he says, has gone astray. He suggests that private players work towards building new supervisory control and data acquisition (SCADA) industrial control systems, which are PC-controlled systems that monitor and control industrial processes.
Eavesdropping Inc
Bruce Schneier, a renowned American cryptographer and computer security expert, echoes Chander’s worries. However, he feels the problem is not imported semiconductor chips, but finished network hardware. “If you buy your network hardware from another country, like the US or China, then you are potentially vulnerable to whatever eavesdropping capabilities those countries might have built into the equipment.” He also says that since most of the internet is controlled by the private sector, protecting it requires the cooperation of the private sector whether it has begun late or not. The government simply can’t do it alone, he insists.
All this is why a senior domestic IT company official feels that Ambani clearly has his ear to the ground. “The opportunity in cyber security is certainly going to be huge,” he says, asking not to be identified because he doesn’t want to be seen as “complimenting someone before the success of a venture”. He adds: “It is a multi-pronged approach, for sure. Support the government, protect your own assets and sell solutions to others.”
Politically Driven Issues
There are internecine wranglings of sorts between various official agencies (see The Current Scenario) that hurt a coordinated approach in cyber security. A defence ministry official spoke on condition of anonymity that “nonappointment” of CERT-In chief Gulshan Rai as the first National Cyber Security Coordinator (NCSC), a job that entails him to coordinate among various agencies involved in cyber security, is thanks to such “an atmosphere of mild friction” among these departments. While Rai refused to comment, a former NTRO official confirmed that “for sure, there is a turf war”.
Notwithstanding such hiccups, private-sector players are expected to forge ahead with their plans — creating PPPs, developing security solutions and finally selling them — says Chander, who doesn’t see “any turf war” derailing the government’s moves to strengthen coordination among various agencies handling cyber security.
Admittedly, there are hurdles. The major challenges for entrepreneurs such as Ambani and government agencies themselves include the absence of a data privacy law. Nor do we have an Indian version of the anti-terror Patriot Act (that can be invoked in the time of a major cyber attack).
India isn’t a signatory to the Budapest Convention either — this first-of-its kind global treaty that aims to fight cyber crime through a general set of laws, enhancing inter-country cooperation and stepping up probes in such crimes.
The absence of all these makes it difficult to put in place a cyber-security mechanism, concedes Schneier who has watched the global scenario for long. “It’s difficult, of course, but if India wanted to make cyber security a priority, then it would be a priority,” he declares.
Scope for Hope
US-based cyber security expert Bruce Niswander says, in India, the stress must be on delivering commercial solutions that help other developing countries confront and resolve the same problems that India must deal with in its domestic markets. “Creativity and innovation must become a national obsession. This, in turn, will lead to an explosion in global commercial contracts and deals,” he adds.
Niswander also favours hiring ethical hackers to step up offensive capabilities. “It will be really helpful and is also important to recruit young talent and create a Young Indian cyber army. From my experience of creating awareness on safe [internet] surfing with more than 6.5 lakh students, we have found that lots of young enthusiasts, who claim to be ethical hackers, get monetary benefits from international sites. We should be able to replicate it in India, just to encourage them. First, we need to create a pool of these young ethical hackers and train them in the right direction. The government should recruit them or encourage them so that they can work for the nation.” Ambani, known to revel in scalable business opportunities, has already taken the cue.
— Chairman Mukesh Ambani at Reliance Industries’ 39th annual general meeting in June 2013
Elevate Your Tech Prowess with High-Value Skill Courses
| Offering College | Course | Website |
|---|
The opportunities for such growth for Mukesh Ambani, the 56-year-old chairman of Reliance Industries Ltd (RIL), are many. Just one of them: a billion-dollar game plan for aerospace and homeland security, headed by Vivek Lall, the former Boeing head honcho.
Lall may find himself once again burning midnight oil — along with Ambani and his core team — over yet another new venture, one that dovetails swimmingly well with homeland security and RIL’s strategy to deliver digital content, applications and services through a pan-India broadband network.
Cyber security is the newest blueprint on Ambani’s drawing board. And it is still getting its finishing touches. “After all the RIL chairman knows only too well the Chinese proverb that a journey of a thousand miles starts with a single step,” says a person close to the matter who vouches for the fact that RIL is pursuing opportunities in the cyber security sector, both at home and abroad.
Discover the stories of your interest
“This is yet another single step for him,” says this person who emphasises that the billionaire had helped the company his father Dhirubhai built take many such “baby” steps before making giant strides in oil and gas exploration and production, refining and marketing, petrochemicals, retail and telecommunications.
Ambani’s reasoning for entering cyber security is as simple as simple can get, argues this person who didn’t wish to be named. As a company which is among the most vulnerable ones in India to cyber attacks thanks to the nature of businesses it is in, RIL will continue to aggressively build a cyber security network to protect its own assets and will then look for selling those security solutions in the market.
RIL, the operator of the world’s biggest oil refinery complex at Jamnagar in Gujarat, may launch a “cyber vertical” for this purpose, the person adds without giving details of what he calls Ambani’s “ambitious new” plan.
“All I can say is he has a vision in this segment and at a time when businesses are increasingly getting connected to the internet and in the process confronting challenges to secure their networks, it makes perfect business sense to be there,” he notes. An RIL spokesperson declined to comment on specifics of the cyber-security plan.
 |
Critical Reasoning
Sunjoy Joshi, director of think-tank Observer Research Foundation, which is organising a major cyber security conference in Delhi next week, reckons that it is only a matter of time before the private sector takes a lead role in developing solutions to safeguard critical infrastructure and all types of businesses.
Big companies such as RIL, Tata and Bharti will naturally explore possibilities in the area, he posits. “Smaller players too will join the race…the government can’t manage things on its own. It will have to not only enlist the private sector but go beyond — by taking support from other organisations and individuals to rev up the country’s cyber security prowess.”
According to Rakshit Tandon, consultant, Internet and Mobile Association of India, companies such as RIL, Tata and Bharti, “as prime service providers to the cyber and IT infrastructure space, will surely play a vital role in sharing their learning and vulnerabilities, which will help India’s cyber-security framework become stronger”.
|
|
Subramanian Ramadorai, a former CEO of TCS and now chairman of the National Skill Development Agency (NSDA), points out that many private companies in India have considerable experience in cyber security. “The offshoring model has now matured significantly with several top-of-the-line security controls and processes.
Private companies have a lot to share in terms of experience and in capacity building of relevant skills.” Ramadorai adds that Indian industry as an initiative has set up a not-for-profit company called DSCI to develop best practices in cyber security and “leverage the experience in private sector in the country for government purposes” (see Hire Ethical Hackers...).
At the Vanguard
RIL had, in early 2011, set up its homeland security and aerospace businesses by roping in then Boeing India chief Lall (when asked, Lall declined to comment on the specifics). As head of Reliance’s homeland security venture — which again has its genesis in the necessity to secure its own assets — Lall, 44, is seen as the natural choice to head the cyber security vertical once it is launched. Lall, a former Nasa scientist who had earlier worked in global firms such as Raytheon, refused to comment on any such possibility either.
Lall is currently member of a joint working group ( JWG) set up by the government of India to explore ways to build India’s cyber-security backbone. His JWG membership confirms the government’s willingness to tap the potential of private players, says a home ministry official. After all, the situation is grave, admits this official who asked not to be named.
|
|
Cyber security, a relatively nascent industry in India, has not kept pace with the growth of information technology in a country of 1.2 billion. According to Nasscom, the local IT industry touched $100 billion in revenues last year. “Cyber security in India is in a pitiable state,” says the home ministry official.
Of course, he is on the ball because cyber crime was categorised as a punishable offence only as late as 2008 when the government came up with the IT Act 2008. This, at a time when the country’s official data is getting increasingly stored online. Hostile neighbours and wily groups of global and local extremists are bracing themselves in no-holds-barred cyber warfare — not only China but Uncle Sam is also snooping on local official information and spying on core assets.
According to another home ministry official, the most frequently attacked networks include the Prime Minister’s Office and the Ministry of External Affairs. Though DRDO comes on this list of targets, the nodal defence research agency keeps issuing statements denying any attack on their networks. The number of cyber security attacks on India rose to 22,060 in 2012 from 23 in 2004, according to government data.
The country is also facing a huge shortage of cyber-security professionals: it requires 5 lakh such people, but has only 556 in comparison with 125,000 in China, 91,080 in the US and 7,300 in Russia, according to official data.
In those numbers lies a clear business opportunity in cyber security. According to PricewaterhouseCoopers, India’s digital information security market is expected to grow 18% a year as the country moves beyond mere installation of firewalls and anti-virus software. Interestingly, a huge number of companies have a newer set of CXOs — chief security officers (CSOs) — on their payroll.
|
|
The Central Initiative
The cyber security JWG formed under the national security adviser (NSA) has recommended the creation of a permanent JWG under the National Security Council Secretariat (NSCS) — which falls under the National Security Council headed by the prime minister – with representatives from the government and the private sector. This permanent JWG is meant to act as an advisory body and coordinate public-private partnerships (PPPs).
The mandate for private-sector companies would be to set up cyber security mechanisms across segments they are present in and then to share their learning with the NSCS. According to official reports, some of the NSA’s recommendations include the government and private sector jointly training almost five lakh cybersecurity professionals in five years.
The government — which, according to at least three defence officials, is covertly recruiting young hackers to man its cyber-offensive units as part of efforts to take on the Chinese and American onslaught — is also keen that local companies develop indigenous defensive software because they feel foreign-origin software is compromised.
|
|
The JWG also envisages the creation of testing and certification centres and pilot projects for conducting test audit on IT products. Officials are also deeply concerned that India is among the top five countries whose data has been compromised for years by the American NSA surveillance system.
Changing Times
Senior IPS officer Muktesh Chander, former director of National Critical Information Infrastructure Protection Centre (NCIIPC), says he is no admirer of the idea of critical infrastructure protection being handed over “indiscriminately” to the private sector. He sees dangers in such decisions.
However, Chander, an electronics engineer by training, says he would be glad to see Indian companies come up with path-breaking solutions and products such as routers (to lower reliance on US networking giant Cisco), or develop an encryption algorithm (which converts electronic data into a meaningless form that cannot be read or understood; it is reconverted with a user’s password), chips and so on to ensure much lower reliance on overseas companies.
Chips made abroad can be used by countries from where they are made to snoop on India, if they want to, notes Chander, who had earlier worked with Bharat Heavy Engineering Limited as a quality-control engineer.
Chander sees more private-sector companies managing critical infrastructure because more such companies are entering into the area which was once a preserve of the government. “Certainly there is a lot of scope for companies such as Bharti and RIL to tap the opportunity. Some solutions can only be developed by companies deeply involved in specific businesses. Their knowledge in enhancing cyber security is very valuable,” says this tech-savvy officer who is currently joint commissioner, Prime Minister’s security.
|
|
Eavesdropping Inc
Bruce Schneier, a renowned American cryptographer and computer security expert, echoes Chander’s worries. However, he feels the problem is not imported semiconductor chips, but finished network hardware. “If you buy your network hardware from another country, like the US or China, then you are potentially vulnerable to whatever eavesdropping capabilities those countries might have built into the equipment.” He also says that since most of the internet is controlled by the private sector, protecting it requires the cooperation of the private sector whether it has begun late or not. The government simply can’t do it alone, he insists.
All this is why a senior domestic IT company official feels that Ambani clearly has his ear to the ground. “The opportunity in cyber security is certainly going to be huge,” he says, asking not to be identified because he doesn’t want to be seen as “complimenting someone before the success of a venture”. He adds: “It is a multi-pronged approach, for sure. Support the government, protect your own assets and sell solutions to others.”
Politically Driven Issues
There are internecine wranglings of sorts between various official agencies (see The Current Scenario) that hurt a coordinated approach in cyber security. A defence ministry official spoke on condition of anonymity that “nonappointment” of CERT-In chief Gulshan Rai as the first National Cyber Security Coordinator (NCSC), a job that entails him to coordinate among various agencies involved in cyber security, is thanks to such “an atmosphere of mild friction” among these departments. While Rai refused to comment, a former NTRO official confirmed that “for sure, there is a turf war”.
Notwithstanding such hiccups, private-sector players are expected to forge ahead with their plans — creating PPPs, developing security solutions and finally selling them — says Chander, who doesn’t see “any turf war” derailing the government’s moves to strengthen coordination among various agencies handling cyber security.
|
|
Admittedly, there are hurdles. The major challenges for entrepreneurs such as Ambani and government agencies themselves include the absence of a data privacy law. Nor do we have an Indian version of the anti-terror Patriot Act (that can be invoked in the time of a major cyber attack).
India isn’t a signatory to the Budapest Convention either — this first-of-its kind global treaty that aims to fight cyber crime through a general set of laws, enhancing inter-country cooperation and stepping up probes in such crimes.
The absence of all these makes it difficult to put in place a cyber-security mechanism, concedes Schneier who has watched the global scenario for long. “It’s difficult, of course, but if India wanted to make cyber security a priority, then it would be a priority,” he declares.
Scope for Hope
US-based cyber security expert Bruce Niswander says, in India, the stress must be on delivering commercial solutions that help other developing countries confront and resolve the same problems that India must deal with in its domestic markets. “Creativity and innovation must become a national obsession. This, in turn, will lead to an explosion in global commercial contracts and deals,” he adds.
|
|
Niswander also favours hiring ethical hackers to step up offensive capabilities. “It will be really helpful and is also important to recruit young talent and create a Young Indian cyber army. From my experience of creating awareness on safe [internet] surfing with more than 6.5 lakh students, we have found that lots of young enthusiasts, who claim to be ethical hackers, get monetary benefits from international sites. We should be able to replicate it in India, just to encourage them. First, we need to create a pool of these young ethical hackers and train them in the right direction. The government should recruit them or encourage them so that they can work for the nation.” Ambani, known to revel in scalable business opportunities, has already taken the cue.
Get Unlimited Access to The Economic Times
