Q. Now since you are vociferous in your appeal for strict enforcement of digital security laws, what are your recommendations from a technical viewpoint that lawmakers should take note of?
A.I would say that encryption should strongly be enforced at all levels. This should be followed by regular security audits.
Establishment of custom point of contact (PoC) is also imperative in today’s technical age. Most of the companies today (irrespective of scale) do not possess a technically competent PoC. This should be enforced upon by the government. In case of improper PoCs, even CERT shies away from contacting victims in case of security breaches.
Further there is a urgent need for Data Protection laws and Privacy laws to be in Force, otherwise users would lose trust in Digital Economy.
Q. Any other fundamental cyber security aspects which you think that the policy makers are missing out on now?
A. There are two aspects; awareness and specific enforcement. When you take the Aadhar database, the data over there is the most important; the data available is vital for any any business. The Aadhar database also seemingly looks like a target for cyber-criminals from other nations.
Any government wants data; this could lead to a situation where in a customer data leaks takes place; even on the lines of the ‘Big Brother Snooping Down’. I think that despite Digital India being an excellent initiative, there should be multiple layers of underlying security. There must be forums where Digital India initiatives such as e-payment gateways are tested for vulnerabilities. I think that the government of India should also reward developers and testers for coming out with bugs in the Digital India offerings.
