By Shilpa Rao
India and the United States agreed on a joint cyber framework last month. This was at the second India-US Strategic and Commercial Dialogue held in New Delhi on August 31, 2016, which followed Prime Minister Narendra Modi and President Barack Obama’s discussion of such a framework in in June 2016.
In the US-India joint cyber framework, both countries commit to maintaining an open, interoperable, secure, and reliable cyberspace. The framework lists steps that will increase cybersecurity cooperation. It also highlights the need to leverage cyberspace to promote economic growth and development, innovation, and commerce on the Internet.
The framework is likely to impact the US-India relationship in the context of cyber-security and defence. It may also result in India maintaining a steady commitment to the multistakeholder model of internet governance, which is an issue on which India has a history of wavering.
What Cybersecurity and Defence Commitments have we made?
Both nations have agreed to promote close co-operation between their law enforcement agencies to combat cybercrime. They will share information on cybersecurity threats on a real-time basis, and will develop joint mechanisms to mitigate such threats. They will also conduct joint training programs for law enforcement agencies as a capacity-building measure.
These commitments are likely to help India gain support and assistance with the investigation of cybercrimes. This is much needed support that we have lacked, in part because of India’s refusal to sign the Budapest Convention, which arguably limited our ability to tackle several cybersecurity issues. This is particularly so in the context of the jurisdictional issues and information sharing for which the Convention creates a framework. The US-India Cyber Partnership commitments resemble the Budapest Convention (on Cybercrime), 2001 recommendations (contained within Article 23).
India and the US have been gradually focusing on developing cyber tools that enable innovation, improve defence mechanisms and mitigate attacks in cyberspace. The US-India Defence Technology and Trade Initiative (DTTI), which promotes co-development and co-production of technical equipment, is one such effort. Separately trade restrictions, including over cyber tools, will be eased through the bilateral High Technology Cooperation Group .
Why does the commitment to Multistakeholderism in Internet Governance matter?
India has gone back and forth on its position on whether it is the multistakeholder model or the multilateral model that is most suitable Internet governance. For example, at the Internet Governance Forum 2012 in Baku, India supported the multistakeholder approach to Internet governance. However, at the International Telecommunications Union Plenipotentiary Conference 2014 in Busan, India took the more multilateral stand that governments must play the major role in Internet governance. After this, India performed another volte-face, reiterating its support for a multistakeholder approach in June 2015.
In the India-US cyber framework India has clearly committed to the multistakeholder approach. This Indo-US partnership might encourage India to introspect on its domestic policies, which some may argue reflect India’s reluctance to embrace the multistakeholder approach. Nevertheless, the effectiveness of these bilateral ties in maintaining India’s commitment to multi stakeholder governance of the Internet remains to be seen.
What are the significant takeaways from the framework?
The US-India cybersecurity framework positions India as a key player in Internet governance and cybersecurity. India stands to benefit from the framework- particularly with regard to information sharing and co-operation between law enforcement agencies in combating cybercrime and enhancing cybersecurity.
However, some of India’s most significant cybersecurity threats emanate from its neighbours – China and Pakistan. To confront these threats, India would benefit from regional engagement, particularly in Asia, on multistakeholderism and cybersecurity co-operation. In light of this, a multistakeholder, cooperative approach towards cybersecurity may be necessary and practicable towards combating cybercrime.