This article originally appeared in Deccan Chronicle.In the lead-up to the 2020 Budget, the industry looked forward to two major announcements with respect to cybersecurity. First, the allocation of a specific ‘cyber security budget’ to protect the country’s critical infrastructure and support skill development. In 2019, even Rear Admiral Mohit Gupta (head of the Defence Cyber Agency) had called for 10% of the government’s IT spend to be put towards cyber security. Second, a focus on cyber security awareness programmes was seen as being critical especially considering the continued push for ‘Digital India’.On 1^st February, in a budget speech that lasted over 150 minutes, the finance minister made 2 references to ‘cyber’. Once in the context of cyber forensics to propose the establishment of a National Police University and a National Forensic Science University. Second, cyber security was cited as a potential frontier that Quantum technology would open up. This was a step-up from the last two budget speeches (July 2019 and February 2019) both of which made no references to the term ‘cyber’ in any form. In fact, the last time cyber was used in a budget speech was in February 2018, in the context of cyber-physical weapons. When combined with other recent developments such as National Security Council Secretariat’s  (NSCS) call for inputs a National Cyber Security Strategy (NCSS), the inauguration of a National Cyber Forensics Lab in New Delhi, and an acknowledgement by Lt Gen Rajesh Pant (National Cyber Security Coordinator) that ‘India is the most attacked in cyber sphere’ are signals that the government does indeed consider cyber security an important area.While the proposal to establish a National Forensic Science University is welcome, it will do little to meaningfully address the skill shortage problem. The Cyber Security Strategy of 2013 had envisioned the creation of 500,000 jobs over a 5-year period. A report by Xpheno estimated that there are 67,000 open cyber security positions in the country. Globally, Cybersecurity Ventures estimates, there will be 3.5 million unfilled cyber security positions by 2021. 2 million of these are expected to be in the Asia Pacific region.It is unfair to expect this gap to be fulfilled by state action alone, yet, the budget represents a missed opportunity to nudge industry and academia to fulfilling this demand at a time when unemployment is a major concern. The oft-reported instances of cyber or cyber-enabled fraud that one sees practically every day in the newspaper clearly point to a low-level of awareness and cyber-hygiene among citizens. Allocation of additional funds for Meity’s Cyber Swachhta Kendra at the Union Budget would have sent a strong signal of intent towards addressing the problem.Prateek Waghre is a research analyst at The Takshashila Institution, an independent centre for research and education in public policy.

Susan Landau’s Listening In is an encyclopedia of cyber security, but misses out on the opportunity to set the stage for policy dialogue.

After the San Bernadino terrorist shootings of 2015, the FBI recovered an iPhone belonging to one of the attackers. FBI and Apple Inc came to loggerheads when Apple declined the FBI’s request to create software that would unlock the security protection on the iPhone. FBI wanted “exceptional access” to be built into the encryption systems on Apple’s iPhone, using the pretext of national security. However, Apple argued that in an age of cyber attacks, weakening of security should be the last thing to do, even if that means that the data of terrorists and criminals remain hidden from law enforcement. The basis of Apple’s argument was that security loopholes would be eventually found and exploited by hackers, presumably causing more harm to national security.Using the above case as the background for her book Listening In Cyber Security in an Insecure Age, Susan Landau, a cryptography and cybersecurity expert, studies the clash between the individual’s need for privacy and the law enforcement agencies’ need for access to information. Landau unequivocally bats for not weakening security standards, even if that makes government investigations difficult. She sets the stage for her argument for stronger encryption standards by narrating one example after another of cyber espionage, exploits and attacks, and how these have been getting more sophisticated over time. She traces the first cyber espionage to 1986. With the involvement of the CIA, KGB, and a student in Germany hacking into systems at an energy research lab at Berkeley, this story makes for a fascinating read.Read more here>