The U.S. has reported to have passed a new legislation that will require the state department to disclose how it controls the sale of cyber tools and services abroad. The move by the US is a fall-out of an investigation by the Reuters news agency which revealed that American intelligence contractors clandestinely assisted a foreign spying operation in the United Arab Emirates. This inturn had helped the UAE monarchy to crack down on internal dissent which was reportedly simmering within the hierarchy.
The new law will impose restrictions on sale of the tools in Cyber Domain that is home-grown. It will entail the State Department to report to Congress within 90 days on how it regulates the spread of cyber tools and what actions it has taken against any companies that violated its policies. The new reporting directives were a part of the State Department’s 2020 budget bill that President Donald Trump signed into law in the latter part of December 2019.
Effect on India
The unprecedented growth in technology has transformed the way we work and also the cyber crime dynamics within India. In the recent past, dependency on cyberspace has been growing exponentially with our constant adoption of digital services, tools, and applications. In terms of Digital solutions, India is said to be world’s second-most populous country after the US. Our dependency on American tools in the Digital Domain is growing by the day. India’s judiciary as well as the government is also not yet well equipped to standardise the cyber tools and still borrow the NIST and NIJ benchmarking and guidelines.
The availability of Indigenous Tools is also a question. Despite the increasing demand for cyber professional and rapid indigenisation of tools and applications, India lack the vision and boost from the hierarchy. NASSCOM has indicated that despite India having the largest IT talent pool, there is a clear lack of skilled cyber professionals.
A matter of “Conflict of Interest”
The Reuters investigation also found that a group of former NSA hackers joined Project Raven (Project Raven was a confidential initiative to help the UAE surveil other governments, militants, and human rights activists. Its team included former U.S. intelligence agents, who applied their training to hack phones and computers belonging to Project Raven’s victims) to help the United Arab Emirates engage in surveillance of other governments, militants, and human rights activists. Members of the U.S. Congress also found that the State Department granted permission to three companies (reportedly: Harbor, cybersecurity company CyberPoint International, and defence contractor SRA International) to assist the Emirati government in surveillance, reported Reuters. This actions in the US is seen to be a conflict among the different stakeholders of the US Democracy as the matter has been linked to Human Right concerns.
The Renewed India Vision
In India, massive digitisation drive especially in the financial sector and mobile phone penetration has exposed banks and other financial institutions including e-initiatives, to significant waves of cyber attacks and fraud. Online fraud is on the rise, and the infrastructure is struggling to cope up with the sheer volume of online transactions. India should look at Indigenisation and training its manpower to reduce or nullify its dependency on foreign tools and applications in the overall digital domain. The renewed vision will also help to combating the challenges that we are facing today, as also the actions of third world countries like the recent US action to ban sale of tools to others.