Forbes India 15th Anniversary Special

The dangers of India building its own internet

A top Niti Aayog official reportedly claimed the government would back efforts to build an isolated Indian internet, in response to a question on CoWIN data breach, to have a more secure ecosystem. This plan would be at odds with the government's push to position India as a technology powerhouse, say experts

Published: Jun 28, 2023 02:14:56 PM IST
Updated: Jun 28, 2023 03:18:53 PM IST

The dangers of India building its own internetImage: Shutterstock

Can we imagine a world where India’s internet access is isolated to its own sovereign network?

An alleged data leak in the government’s CoWIN vaccination registration portal exposed sensitive health information of those vaccinated against Covid-19. When the Mint newspaper questioned Vijay Kumar Saraswat, NITI Aayog member and former head of the Defence Research and Development Organisation (DRDO), about improving data security, Saraswat proposed that India build its own national network to escape global cyberattacks.

The statement, while not an official government stance, comes at a time when Prime Minister Narendra Modi made what is touted as a historic US state visit—the outcome of which include serious investments from the likes of Google and Elon Musk.

Would building its own internet protect India from cyberattacks? If yes, what does India stand to lose in the bigger picture? We asked experts some pertinent questions.

How vulnerable is India to cyberattacks, versus other countries?

In the first quarter of 2023, cyberattacks in India shot up by 18 percent in comparison to the same period in 2022. Each organisation saw an average of 2,108 weekly attacks, according to CheckPoint Research. This is 2.5 times more than the global increase in average attacks per week.

In the first quarter, weekly attacks rose by 7 percent. The average number of attacks on an organisation globally is 1,248, far lower than India’s numbers, the report said. The uptick in the number of cyberattacks on India also exceeds the number for the Asia-Pacific region, which witnessed an average of 1,835 attacks per organisation, marking a 16 percent increase.

After the education and research sectors, the government and military organisations were the most targeted sectors. The former saw an average of 2,507 attacks per organisation per week in the quarter, showing a 15 percent growth over the same quarter last year. The latter saw an average of 1,725 attacks a week, showing a 3 percent increase from the previous year.

According to CloudSEK XVigil research, India, along with China, the US, and Indonesia continued to be the most targeted countries in the last two years, accounting for 40 percent of the total incidents reported in the government sector.

Would India be safer from cyber threats with its own sovereign network?

Here’s what Prateek Waghre, policy director at the Internet Freedom Foundation, said:

“It’s important to look at this in terms of degrees. If you cut yourself off from the internet, are you less vulnerable to attacks that come in from outside the country? You can make that case, but it's a question of to what extent are you going to take that security posture.

All your communications are in some ways susceptible to be intercepted. Do you just stop communicating entirely? No. You take measures to reduce the risks that you can to the extent possible. If you feel that companies are tracking your personal information, do you completely stop being on the internet? No, you can't. You have to participate in society. You have to participate in world affairs. So cutting yourself off is not necessarily the answer. That's one aspect of it.

Then there's the bigger question: Can you demonstrably say that you will not be susceptible to other forms of cyberattacks? Again, that's not the case because you can still have incidents happening from inside the country.

The internet is not designed to operate in geopolitical isolation. It doesn't recognise borders of countries. If you're limiting yourself just to the infrastructure within the geographical boundaries of one country, are you then also able to accommodate all the internet traffic that's happening there? How do you manage those capacity concerns? There's a lot to consider.

There's also the broader context that we're not only using Indian or local websites all the time. We are communicating globally. So will just cutting ourselves off from a global internet make us safer? I think that argument needs evidence, because there's a lot of other factors to consider.”

How will isolating ourselves digitally impact our economic prospects?

Here’s what Vinayak Godse, CEO of the Data Security Council of India, said:
“Access to the internet is becoming increasingly seamless, enabling ambitious plans of digitisation for personal, financial, public service delivery, and economic transactions, as we are witnessing in India. Not only does the fortune of the Indian technology industry along with millions of job it creates and supports, but also billions of dollar inward investment in tech sector depends on the technology revolutions we brought around by the most pervasive and cost effective Internet access. In the G20 presidency year, we are demonstrating Indian ways of digitising economy to the world and observing growing interest among global geographies to emulate it. We have to examine the idea of building own internet on this backdrop.

For very sensitive sectors, ideas like air gap network or building a highly secure network makes sense. Also, for resiliency purposes, it would be prudent to check how much transactions we can process locally in a rare possible outage of internet pipeline. However, it is difficult to envision this for more generic purposes such as email services and other digital spaces, we see around us.”

Which other countries have their own networks?

With an intent to control information and increase national security, many countries have built national intranets or versions of the internet with blocked access—walled garden networks generally maintained by the government as a local substitute for the global Internet. The residents of these countries cannot access the global internet in the same way as those in other regions can. Countries like North Korea, Iran, Cuba, Russia, and China have their own, heavily controlled internet services, monitored by the government.

Where does the law stand on such a crackdown?

Here’s what Abhishek Malhotra, managing partner, TMT Law Practice, said:
“Theoretically speaking, India can too replicate the ‘Great Chinese Firewall’ by imposing greater restrictions, censors on the content that may be accessed only by an Indian IP address. This will allow the government to block access to any websites which is not in conformity with the pre-requisites set out by the government. Further, with fewer touchpoints, connected systems, the digital space will be more secure, with fewer vulnerabilities, for hackers or non-state elements to access for disruption. As we speak, there are several high courts in India that have passed blocking orders against websites, which host illegal, pirated, or pornographic content, and are detrimental to the interests of Indian internet users.

Accordingly, state and judicial bodies have sought to maintain a risk-based approach to censorship, and have not been in favour of unilateral blocking, censorship measures, for its effect on competition, industry, and market forces in India.

It is absolutely essential to consider the trajectory of the Indian government and private sector, which led to the prominence of an IT and innovation hub. It will not be a prudent move, to cordon off all connected activities. It would invariably lead to a negative impact on the economy, which has been benefited from interconnectedness in past.

With our growing IT literate demographic, special economic, technology parks, and expenditure to develop the Digital Public Infrastructure, the government has been transparent with their intention to democratise end-user services by digital innovation and cooperation. Where other countries are looking towards our models to implement services like UPI, and where the Monetary Authority of Singapore has also decided to partake in this ecosystem across nations, to suddenly introduce these rigorous mechanisms will be undoing that which has put the nation on the map as a leader in innovation.”