Monday Nov 25, 2024
Monday Nov 25, 2024
Thursday, 27 June 2013 01:14 - - {{hitsCtrl.values.hits}}
Q: A lot of countries are doing different things to protect themselves from cyber attacks – could you share some insights into this?
Bavisi: Many think that cyber preparedness is dealing with hacking but the fundamental solution is much wider. First, we need to look at the legal issues. In different countries, there is the need to think of the Data Protection Act – does the government have the rights to play the role of Big Brother? The US is threatened by China and is dealing with a country on a completely different terrain.
What are going to be our laws, how will we deal with it, are we going to snoop on our own people? There is also the need to think of education policies, national security policy – does there need to be a silent command? There is also no central repository to which everyone can connect to. Having a national cyber security strategy is one of the core issues that should be considered.
Q: Can you talk about a national cyber security strategy from a telco perspective – what are your expectations of a safe place to do business?
Wijayasuriya: I’m not a CEO who postpones cyber security – I take it very seriously. We have been talking about closing doors in quarantine, basically protecting the environment. Our calling as telcos are to open doors and increase the number of services to millions of people, thereby creating social equity and that’s an exciting place to be. Telcos have a dual challenge – they are called upon to open up not to only the general public but also to the developer community.
The differences between a computer and mobile phone are disappearing. The more primitive phones were the safest. We are living in a high speed environment now. Just compare it to any other high speed environment, air travel for instance. It is the safest industry in the world and the safest form of transportation. This has been possible because there is a lot of discipline and compliance so I think we need to grow up – maturity is important. We need to follow the rules and be open to new rules and change as well. I feel we need to realise that automation around us is not one-sided. We need to be disciplined.
Q: National infrastructure protection is key. Could you share three takeaway points to jumpstart this process?
Bavisi: It depends on who the stakeholders are. A utilities company with a SCALA structure is different from being listed on the CSE. On size does not fit all. Every organisation needs to be self motivated rather than being motivated by force. If you are following the de-minimalist principle, you will be in trouble. The regulatory frameworks are there to provide you with minimalistic protection. The question is how do you develop motivation – this is where CEOs are very important. How will the leader of the organisation make this a widespread requirement of the company?
Android has been a growing source of malware inflictions but there is no motivation to make sure the apps are secure whereas Apple has that sort of motivation which also helps developers grow. Small or medium business whose employees have no clue what a malware is or how a firewall works could have an end-user cyber education program, which is free, and when you meet that assessment, you at least know that you are compliant. A lot of countries are beginning to do this by tying HR to security because they know this is their weakest link.
Q: Is jumping onto the ICT wagon without analysis a bomb waiting to explode?
Wijayasuriya: I wouldn’t describe it as a bomb but there is a need for a much more heightened level of awareness, preparedness and ability to react quickly and take compliance seriously, internal motivation to be skilled. With all that, then we have a situation very similar to any other form of development.
I think the telecom sector is reaching out to give individuals much more power. You can’t sit in an ivory tower and have a business. Increased awareness, compliance, discipline and admission that this is not a sport but a serious way of life needs to become part and parcel of the DNA of organisations, and maybe next year we will be talking about personal cyber security and cyber health – it’s a new language and expert interventions and guidance are required.
Q: Are all governments using technology as a form of cyber security?
Bavisi: There is a serious change in the taxonomy of war. Earlier it was a known assailant against a known victim. The new war is called cyber war and it has a completely different taxonomy. You do not know when it starts or stops, you have no idea who the assailant or victim is – governments need to deal with an entire new concept.
The truth is that the time for debate is 60 seconds. You need to quickly determine what your strategy is. Governments realised that they need to have offensive capabilities. Cyber wars can cause the same damage as physically assaulting another country. A country deals with cyber attacks by creating cyber armies – the entire concept of having a cyber command will become a clear interface in the war systems of governments.
India’s biggest weakness is that they didn’t have a cyber command and they don’t really communicate. In a cyber war, you will all be attacked together and so for that, you need a unified command. What are corporations going to do? If I were to attack you online, you can’t attack me back because you don’t know who I am and secondly, if you did, you would be breaking the law. I think countries will see cyber commands and cyber armies being formed – you are already seeing that. The next model is a change of law to allow early pre-emptive strikes to protect countries in an act of self defence – I think that’s where technology is moving.
