National Infrastructure is defined as ‘critical’ when it is believed that, disrupting its function would lead to significant socio-economic crisis with the potential to undermine the stability of a nation and thereby have political, economic and strategic implications. Even after six decades of Independence, India is still not able to manufacture a single mobile device or even our own Operating System (OS).
According to Global Innovation Index 2017, India stands at staggering 60th rank whereas Switzerland; just the size of an Indian state tops the list. Ironically India alone produces engineering graduates (per year) close to the entire population of Switzerland.
Yet, instead of contributing for the establishment of indigenous mobile manufacturing units many of the scientific gurus and political pundits say that manufacturing the devices on our own is ‘time consuming’ and at the same time inviting foreign companies to manufacture in India and exploit its resources and huge population base.
The Indian government had “identified 15 forms of encrypted communications, including Google’s Gmail, RIM’s Blackberry services, Nokia’s email offerings, Yahoomail and Microsoft Skype, among others, that it claimed could not be tracked by Indian law enforcement agencies.” This is just one of the many such case studies that demonstrate clearly the Indian government’s lack of understanding about even the basic tenets of information warfare. Sadly, without any concept of a comprehensive national security what is at stake is the very sovereignty of our country.
There are multiple facets of communication threats from China as well, although Chinese vendors marketing and waging electronic warfare in India is a recent phenomenon. Western firms like Nokia, Ericsson, Lucent, CISCO etc are already established in India conducting deep route penetration into India’s strategic communication and waging direct information warfare. Unfortunately in India there is no comprehensive study of Communication Infrastructure Security (CIS) keeping the above perspective in mind. Under the shiny haze of globalization and liberalization, India never understood nor designed the threat perceptions towards developed nations.
In Andhra Pradesh, after the separation from Telangana, CM Chandrababu Naidu has focused on development of the capital city Amaravati along with the infrastructure developments in other cities of Andhra Pradesh. It can be observed how, the Chief Minister of AP is concentrating on getting MNCs to operate in the state in order to create employment opportunities and to transform Andhra Pradesh into a manufacturing hub. In regards to making digitization a major project, the government of Andhra Pradesh has allocated the project to Cisco. As part of Digital India Initiative, Cisco is asked to design and implement a broadband project in Andhra Pradesh. But when looked into Cisco’s profile, a number of scams have been allegedly reported against Cisco. In the recent years, Cisco was involved in a scam with BSNL and Indian Army which was pushed since the time of UPA government.
Also, the internal database of Cisco was once hacked by the NSA and got access to confidential information in the company. Likewise, Cisco has a number of allegations against them, yet has been chosen by the Andhra Pradesh government for the biggest digitization project in India. It is surprising how CM Chandrababu Naidu chose a private MNC Cisco over Indian state-owned telecommunications and broadband company BSNL.
It is true, that there have been network and performance issues from BSNL, but how could a MNC with such a weak reputation be selected for a government project in India? Is the information secure this way?
How can Andhra Pradesh government maintain ties with a MNC that is involved with defense operations of United States? How can the government be so ignorant regarding the security of information of users in Andhra Pradesh? What if the information is lured away to the NSA, just like how the aadhaar information is being spied?
Also, the government of Andhra Pradesh has entered into an agreement with Alphabet (recently, Google) in order to get the Free Space optical communication technology to provide internet through the government’s Fiber-grid project. This contract as signed by the IT minister of Andhra Pradesh, Nara Lokesh during December 2017. Recently, Google secured a new contract to work on US defense department’s war initiative providing assistance with a pilot project to apply its artificial intelligence solutions to drone targeting.
Information segregation – Aadhaar linking everywhere
In the recent times, linking aadhar number to almost every entity related to you has become mandatory. Starting from your phone number to your bank account, LPG subsidy to passport procurement, every government service requires aadhaar card to be linked in order to get the customer request processed. Aadhaar number is also being linked to PAN number in order to make sure the income tax and returns filed are rightly done. Also, government claims that linking aadhaar and PAN helps them trace the multiple PAN accounts and use it to find out the black money that is persistent.
On the contrary, though aadhaar is being used as a mandatory identity for various government services, it is not an official Indian identity yet. Aadhaar card was compared to the Social Security Number (SSN) used in the United States. There has been a lot of haul regarding the leak of aadhar details recently. During 2017, WikiLeaks published secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).
The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services.
The question of the hour is, how the Indian government trusted a US product to record the information of Indians, which is expected to become an essential credential for every official move in India? There are a number of Indian companies that could provide the same service provided by the crossmatch that has been certified by the UIDAI. Now, FDI has access to data of millions of Indians. How did the government be so ignorant in this regard?
Physical banks are now taken over by digital banks such as PayTM payments bank handled by One97 communications Ltd. and Airtel payments bank handled by one of the leading mobile operator Airtel. Also, some other physical banks like Kotak Mahindra are shifting to digital accounts, which reduces the storage space and also the need for physical money. With the encouragement from the government for digital money, PayTM and Airtel are making a move by turning into payment banks. As part of Digital India initiative, government has mandated linking of aadhaar cards with all e-wallets in order to make sure the flow of money is tracked. Payments bank act as a bridge between the e-wallets and the banks, which is considered as the future of banking system, according to a report from Gartner.
Though government is encouraging the growth of payments banks and digital banks, but there are instances which prove the government is not ready to accept the change right now. In a recent event, Airtel had to pay a total sum of Rs.190 crore LPG subsidy that had flown into the unsolicited payments bank accounts of 31 lakh airtel subscribers. Airtel promised NPCI (National Payments Corporation of India) that it will pay back 190 crores, including the interest to the customers’ original bank accounts that were linked to the Direct Benefit Transfer.
The government acted swiftly in the matter and the Unique Identification Authority of India, late last week, temporarily barred the company from conducting Aadhaar-based SIM verification of mobile customers using eKYC process and e-KYC of payments bank clients. Suspending the ‘e-KYC licence key’, the Aadhaar issuing body UIDAI also ordered PricewaterhouseCoopers to conduct an audit of Bharti Airtel and Airtel Payments Bank to ascertain if their systems and processes are in compliance with the Aadhaar Act.
Payments banks and virtual banks are very new in India, which need some time to sink into the revenue system of India. In Andhra Pradesh, starting from pensions of senior citizens to registration of newly purchased vehicles, aadhaar cards are being used as a major proof of address and identity. Due to the existence of a number of street vendors and preference of customers to make purchases offline than online, it might take some time for the payments banks to settle down in the state. But, are the payments banks a necessity in the current situation? How secured are the details of the customers that have accounts in these payment banks? Amidst many bank scams, such as PNB scam in February 2018 where physical banks stand at zero security, can the payments bank provide efficient security to digital accounts without loss of information?
With increasing number of cyber-attacks, the need for information security is increasing day-by-day. Andhra Pradesh capital Amaravati is in its initial developing stages. Every project needs to be undertaken with utmost care to security. The MoUs signed with Cisco and Google for the fiber grid project are subject to many questions, given the history of allegations against cisco and the cyber-attacks against them. As google is collaborating with the NSA’s drone project, heavy measures need to be taken against the services provided by them. Is it okay to trust the foreign MNCs with such activities going alongside in their company, with the projects related to the capital city of Andhra Pradesh?
Also, the Real Time Governance by CM Chandrababu Naidu showcases nearly 33 government departments across the state and the real time data related to the developments in respective agencies. What are the measures taken in order to secure this information? How secure are the servers used for India’s first governance project? Is Andhra Pradesh going to set an example to all other states in India, with respect to the technological advancements in governance?
Aadhaar cards have been issued as a single-point identity by the UIDAI to nearly 105 crore Indians i.e., 80% of the population. There have been a number of instances where this aadhaar data was misused for sanction of loans, approval of projects and many such scams. Also, recently a French hacker, found out a way to break the authentication of the aadhaar app in smart phones, questioning the security of the UIDAI. In light of such events, isn’t government responsible for providing the security to the biggest bio-metric project in the country? What are the measures taken, after such events have come to the nation’s notice?
Payments banks are becoming the new trend in the banking sector. But why aren’t the public sector companies and government agencies ready to collaborate with the payments bank, trusting them with the financial transactions? How could airtel make such a bold move of creating payments bank accounts to the customers who have done their e-KYC to their mobile numbers? Is it an intentional move from one of the biggest cellular networks in India? Is it something similar to the Wells Fargo scandal that happened recently?
Stay tuned for much more information related to the individual topics covered in this article.