Anuraag Dwivedi writes: The Government of India launched an online botnet cleaning and malware analysis centre called “Cyber Swachhta Kendra” on 21 Feb 2017.The website is operated by the Indian Computer Emergency Response Team (CERT-in) and is a part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.
The need to protect citizens against cyber crime is of paramount importance for the success of government’s less cash economy and Digital India initiatives. The spike in digital transactions post demonetization has however got reversed and the momentum is stalling. The reasons, arguments and solutions can broadly be classified under the following two categories :-
- Digital payments are not easy to make as compared to cash (ie convenience)
- Digital payments are vulnerable to cyber crime (ie safety and security)
The first reason (convenience) is most important and the government has taken a number of logical steps including introduction of payment utilities like the Bharat Interface for Money (BHIM) as also monetary incentives to encourage digital transactions and proliferation of point of sales machines. Laws have also been promulgated to discourage high value cash transactions but these are more relevant to tax evasion. Success of these measures is largely a function of convenience. If the buyer and seller find greater convenience in doing digital transactions then they will do so, else not. The second aspect (safety and security) is equally important if digital transactions have to become popular.
An analogy with transportation helps understand the underlying mechanisms better. The first requirement (convenience) is akin to a well planned network of roads with proper road signs so that we can reach our destination via the shortest possible route and without too many red lights. Without this the journey is painful. The second aspect (safety and security) is ensured in multiple ways. Firstly the roads must be well maintained, secondly there must be laws and traffic police to ensure compliance and thirdly we must have ambulances and insurance in case an accident takes place. Last but not the least there must be individual protection in the form of vehicle fitness, safe driving habits and protective seat belts or helmets. Each of these aspects is vital and needs to be replicated on the digital highway.
The “Cyber Swchhta Kendra” website corresponds to the individual protection element of the above described safety matrix and provides online scanning and anti-virus tools for securing individual computers and smartphones. Critics may argue that it is incorrect to focus on user responsibility without catering to other vital aspects of safety but on roads as well as on the digital highway, most accidents occur because of driver error. It is the responsibility of users to ensure that their smartphone or computer is free of virus and they adopt safe browsing habits just as it is the responsibility of drivers to wear a helmet or fasten their seat belt and practice safe driving.
As of now the actionable link on the Cyber Swchhta Kendra website takes one to the webpage of Quick Heal anti-virus where a free scan and bot removal tool is offered for download. A contrary banner on the Quick Heal homepage warns that “Free wala anti-virus mehenga padta hai”. There are also several useful free tools by Centre for Development of Advance Computing (C-DAC) available for download alongwith cyber security best practices and advisories from the CERT-in website. Some criticism is possible and the tools are inadequate for comprehensive real time protection across all types of hardware and operating systems but expecting the government to provide free anti-virus to everyone is like asking that government should fit seat belts and air bags in every vehicle and issue free helmets to every citizen. This is illogical and impractical.
All in all the nascent Cyber Swchhta Kendra is a step in the right direction. The next essential step is to make the website available in regional languages and as a mobile app so that it can be used by a layman. The second (and slightly out of the box) step towards incentivising individual cyber security would be to convert the Cyber Swachhta Kendra into a digital marketplace for software and cyber security. Genuine software and security solutions from a large number of reputed firms (and supporting maximum types of hardware and operating systems) can be made available through the website at wholesale prices in addition to the free offerings. An Aadhaar cum mobile authenticated free trial download and suitable cash incentives credited into linked bank accounts for every purchase or renewal of license can be a possible methodology. Considering the economies of scale, such a government sponsored software and cyber security marketplace is a win-win solution for users as well as software firms plagued by piracy. Reporting cyber crime, cyber grievance redressal and integration with Bharat Interface for Money (BHIM) can be the final medium term objective and will create a comprehensive digital ecosystem.
The above recommendations fit into the larger construct of Critical Information Infrastructure (CII) and national security described in an earlier blogpost here. The Cyber Swachhta Kendra not only enables the Digital India dream, it can also contribute to national security. Individual cyber security is like empowering soldiers on the forward edge. Including cyber security firms and hardware manufacturers as stakeholders is the essential fire cover. We cannot afford to lose sight of either.