Threat Intelligence Blog

Posted March 17, 2016

As leading global powers seek to have a hand in influencing Internet governance, India is slowly emerging as a potential key player and ally. As early as 2002, India has engaged with the United States on cyber security issues and cooperation under the auspices of the U.S.-India Cyber Security Forum. In 2011, both governments signed a Memorandum of Understanding to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cyber security. The MOU established best practices for information exchange and key cyber security organizations on a wide range of cyber issues. In 2015, the first U.S.-India Strategic and Commercial Dialogue was held, focusing on priority issues of defense and commerce. During this period, India’s position appeared in line with the United States, favoring an open, inclusive, transparent system of Internet governance.

The need to get likeminded allies is important as leading cyber powers seek to influence how the Internet is run and governed. There are two primary camps engaged in promoting their solutions. Generally speaking, the United States and largely Western nations favor a multi-stakeholder driven approach where Internet policy is not determined by member states, but by the broader society. Governments like China and Russia (and a few others) endorse states’ sovereignty in cyber space with the right to establish and implement public policy and international policy on matters of Internet governance. Led by both of these governments, a proposal and its update were submitted to the UN General assembly in 2011 and 2015, respectively, supporting this position. Both sides continue to lobby for their interests among the global community.

India is in a unique position of being a major information technology manufacturing center. The Indian government has taken initiatives to support the country’s digital emergence through projects like Digital India. But also, and perhaps more importantly, India is a potential ally for both Western and Eastern interests in their respective quests to influence how the world uses the Internet. While India has already established a dialogue with the United States on cyber security, it is also part of the “BRICS” – the five nation association (Brazil, Russia, India, China, South Africa) of emerging economies that have a strong influence on regional and international issues. For states like China and Russia, BRICS can be used as a counterweight to U.S.-centric commercial and political interests.

India has walked a deft line between U.S. and Russian interests. During the June 2015 53rd meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), India’s statements alluded to its continued support of the U.S.’ vision of a multi-stakeholder approach to Internet governance. However, U.S. and Indian cyber engagements have been unsteady at best, with little to show for their efforts despite ongoing dialogues. Consequently, India may be looking to emerge from under the United States shadow to help shape global cyber initiatives.

At the December 2015 World Summit on Information Society (WSIS), India played a critical role in negotiations as a swing state in support of a multistakeholder approach to Internet governance. They were involved in the drafting of the final declaration, which was ultimately adopted by the UN General Assembly. In addition, India is set to become a full member state of the Shanghai Cooperation Organization (SCO) with accession expected to occur in a June 2016 meeting. The meeting will prominently feature cyber security issues, along with the release of a joint declaration to which India has been making significant contributions.

As a result, India may be looking for other potential partners that enable this goal. India and Russia have been in discussions on a “Memorandum of Understanding on Information Security” that could sway Indian backing to Russian and BRICS interests. The fact that the MOU uses the term “information security” rather than “cyber security” is an important distinction particularly because Russia (as well as China) sees information as much, if not more, of a threat than the technology it rides across, while the U.S. focuses solely on the technology aspect of security. Such a distinction is not lost on those following global efforts to come to consensus on these issues.

Should this MOU come to fruition, it would come on the heels of a September 2015 agreement for India and Russia to set up an expert group on cyber security, as well as a December 2015 landmark engagement that saw both governments sign 16 agreements on defense, nuclear energy, and other key areas of cooperation. In short, Russia may be assuming more of a special partnership role with India, which would position the second largest democracy behind their Internet governance efforts.

It appears that India is seeking a larger role as an impact player in the global Internet governance discussion, and is not interested in following another government’s lead. India has been aggressively seeking to establish its own cyber security-related agreements with other governments and organizations both inside and outside the region. In early 2016 India signed several bilaterals with the United Arab Emirates bolstering ties in cyber security, infrastructure, and other strategic areas. Additionally, in late 2015, India’s Computer Emergency Response Team (CERT-In) signed cooperative arrangements with counterparts in Japan, Malaysia, and Singapore to promote the exchange of threat information, best security practices, and more efficient resolution of computer incidents between India and these countries. Supporting a multi-stakeholder arrangement means understanding that all participants make viable contributions to the larger, common goal. Most importantly, it means knowing when to lead, and when to let others lead. The U.S. risks losing a stalwart partner by not letting it be more of an active contributor in its larger governance strategy.

Additional Posts

Advanced Threat Intelligence-Driven Security

Enterprise risk and security operations are seeking a tighter coupling and more automated and ...

CTO Perspectives, Part IV: Using Global Threat Intelligence to Improve Security Analysis Inside the Perimeter

  By Allan Thomson, LookingGlass Chief Technology Officer In the last few weeks I wrote a ...