Analysis: Government's Cybersecurity Indigenization PushIs India Doing Enough to Boost Local Security Companies?
The government of India should use more security products from domestic companies to help resolve cybersecurity issues through innovation. Besides ensuring customized development and security by design in fighting new threats, increasing the use of domestic products would reduce the presence of backdoors, reducing vulnerability to attacks.
And encouraging domestic cybersecurity production could spur job growth India, just as the boom in service outsourcing led to a surge in local IT jobs.
It's good to hear that the government is moving forward with initial steps to require the use of domestic products for its defense and aerospace sectors - the latest in a series of steps to boost the use of Indian security products.
So it's good to hear that the government is moving forward with initial steps to require the use of domestic products for its defense and aerospace sectors - the latest in a series of steps to boost the use of Indian security products.
This was brought to light by Ajay Kumar, India's defense secretary, during an event organized by the Aeronautical Society of India in Hyderabad last week. He stated that one of the best ways of dealing with cybersecurity is by using domestic products.
"Given that testing technologies are far behind people's ability to insert malware ... the safest and best way is having your own products," Kumar said, the PTI news agency reports.
Kumar reiterated that the government is formulating a policy to create a road map for indigenization of products in the defense and aerospace sectors.
A clear policy framework is being worked on under which indigenization can be taken up by the Defense Research and Development Organization, service organizations and others, Kumar said.
The government has said that domestic companies makers will be given preference for 90 categories of products used in the defense public sector units.
In July, the Ministry of Electronics and Information Technology issued an order to all the government, both national and state departments, stating preference shall be provided by all procuring entities to domestically manufactured/produced cybersecurity products.
Plus, the government has been taking initiatives to encourage use of domestic products in other sectors.
For example, Telecom Secretary Aruna Sundararajan said earlier this year that telecom security products will be developed by Centre for Development of Telematics, or C-DoT, India's telecom research and development wing. "The same will be transferred to localized manufacturing partners to undertake commercial production, which would cut down reliance on multinationals," she stated (see: India Wants Home Grown Products for Telecom Security).
In another initiative, the government is hiring small start-up companies to help build components of an IoT security framework, turning to those who specialize in data security and secure data transmission.
The Telecom Regulatory Authority of India is working with 65 start-ups at the Indian Institutes of Technology and International Institute of Information Technology to develop products ensuring security by design for IoT needs.
Meanwhile, collaboration between government and academia is planned to develop skills in big data and artificial intelligence (see: IoT in India: Ensuring Security).
But the government hasn't done enough to spur the use of Indian security products, argues C.N. Shashidhar, founder and CEO at the consultancy SecurIT.
"It's always considered foreign players are better and deployed their products," he says. "Unless we give local firms the opportunity, without impractical regulatory hurdles, the intended measures will remain on paper. The government should lead by example by buying local products."
Sahir Hidayatullah, CEO at Smokescreen, an Indian security company that spends millions in research and development, argues that the government should provide companies tax benefits, via subsidies, to help them cater to domestic needs or build volumes.
Government agencies need to improve collaboration with local manufacturers in product innovation, providing them with funding to build better products that can compete with international brands.
The National Informatics Center should collaborate with local manufacturers to help them to embed new technologies and also insist that they practice "security by design." It must also involve academia to bridge the skill gap.
In fact, all government-owned research institutions and academia should collaborate to drive the domestic development of innovative security products.