Global understanding has dawned that by bringing together our strategic capabilities, we will be able to address current and emerging cyber threats. Cooperation and coordination between member states through the United Nations, is indispensable to reach a consensus on global strategies and involve all relevant bodies and stakeholders.

The boundaries between cyber crime, cyber terrorism and cyber warfare are blurred. The 21st century living is already dependent on the internet and hence cyber threats will only multiply. It is increasingly apparent that other than individual and syndicated cyber crime, cyber terrorism and cyber warfare are being conducted by nation states, often through so called non-state actors. Cyber threats have been expanding exponentially over the years and have become as dangerous as nuclear war. As far back as 1998, Russia had proposed a treaty to ban the use of cyberspace for military purposes but given the difficulty in identifying the source of attack, it did not come through. A report in the US talked of 25 million new strains of malware created in 2009 itself. That equals a new strain of malware every 0.79 seconds. The report underlined how the current cyber threat environment is dramatically changing and becoming more challenging as the clock ticks. Despite cyber threats magnifying over the years, it is only sometime in the middle of 2010 that some semblance of collective efforts became visible in bringing order to cyber space and in confronting the scourge of cyber terrorism. Last year, therefore, may be paged as another modest beginning towards a global cyber security mechanism when a US led 15 nation group reached an agreement to make collective recommendations to the United Nations in July 2010. Consensus within this group itself ironically took five years of deliberate efforts commencing 2005. The recommendations clearly indicated the willingness to engage in reducing the threat of cyber attacks on computer networks, calling upon the United Nations to create norms of accepted behaviour in cyberspace, exchange information on national legislation and cyber security strategies as also strengthen the capacity of less-developed nations to protect their computer systems.

Homeland Security & Cyber Security

The US and the world at large realised the globalisation of terror post 9/11. However, cyber crime, cyber terrorism and cyber war required no specific incident like this. Cyber threats were borderless, omni-directional and omni-present from the very outset. India that has been facing cross border terrorism since over past two decades has also been subjected to cyber attacks, mainly from China and Pakistan. Osama bin Laden had been giving calls for strikes “through all possible means”, obviously also targeting economic centres, infrastructure and the like. It was perceived that while Laden had his finger on the trigger of his AK-47, his successor’s future lineage will have the finger on the mouse. The focus would be to attack the economy of a country. Therefore, homeland security has to go far beyond than merely providing physical protection of life and property. Cyber security may be considered the flip side of homeland security and must now be synonymous to both economic security and homeland security. Without adequate cyber security, it may not be possible to enjoy the full benefits of globalisation and a developing economy. Homeland security will not be effective without protecting our cyber space in order to enjoy our freedom at home and advance our interests abroad. Therefore, steps need to be taken from the national level right down to the community and individual levels to protect us against cyber threats.

Critical infrastructure

Protecting critical infrastructures from disruption is not a new concept. The need to manage the risks arising from physical attacks and service disruptions has existed for as long as there have been critical infrastructures. The change that has taken place now is that as a result of advances in information and communications technology, there is a threat to critical infrastructures that goes beyond that of physical attacks. Critical infrastructure assurance is an essential element of our overall approach to homeland security. Industries, institutions, and distribution networks that provide a continual flow of goods and services essential to the nation’s defense and economic security, the functioning of its government, and the welfare of its citizens constitute the critical infrastructure. It would include information and communications, transportation, electric power, oil and gas storage and distribution, banking and finance, transportation, water supply, emergency assistance, etc. These are deemed critical because they are the enablers of economic activity as well as essential to the delivery of vital government services. Their disruption can have a debilitating regional, national, or even international impact. Information systems and networks of the infrastructure sectors that facilitate commerce also are increasingly vulnerable to cyber attacks and heightened services disruption, the cascading effect of which can even bring daily life to a standstill and cause grievous damage to our economy. Cyber attacks on critical infrastructures can cause mass disruption at regional, national and even international levels. Access to the internet has the potential through cyber attack to wreak havoc on an entire network or infrastructure. This requires unprecedented partnership between private industry and government especially since there are no boundaries in cyberspace and because a large part of the nation’s critical infrastructures are privately owned and operated. There is a requirement of off-the-shelf solutions in managing risks posed to critical infrastructures and raise awareness that massive disruptions due to deliberate cyber attacks are a risk management problem that companies must solve with government playing a supporting role. Organisations must institutionalise the process of identifying critical assets, assessing their vulnerabilities, and managing the risks associated with these vulnerabilities. Cyber security is essential to business assurance and continuity. Regulations by themselves cannot ensure proper implementation of cyber security within complex organisations. The private sector must play a major role in securing our economy from cyberbased attacks.