As the newest global commons, cyberspace is anarchic in nature, with no formal comprehensive governance framework. The interconnectedness of cyberspace, the low cost of launching a cyber attack, and the invisibility of cyber, makes it difficult to pinpoint the perpetrator with certainty. This is currently the great challenge to the global security establishment’s traditional notions of deterrence. Cyber attacks are on the rise, and now the dominant focus for international security, since the distinction between state and non-state actors has blurred.
Few attempts have been made by states in the last few years to create a global governance framework for cyberspace. The most prominent is the UN Group of Governmental Experts (GGE) process, begun in 2004. But fundamental disagreements between the major powers—US, Russia and China—on how to manage cyberspace have stymied the process of regulating cyberspace, and the GGE collapsed in 2017 amidst disputes over the applicability of specific international law principles for cyberspace.
In this global backdrop of flux, India is making a play to define a framework for the governance of cyberspace. New Delhi’s ministry of external affairs and ministry of electronics and information technology are stepping up their cyber diplomacy through four endeavours: the creation of cyber norms, managing internet governance, promoting the digital economy and emphasis on capacity-building.
India is entering this global commons through its historically active experience and involvement in international arms control and disarmament negotiations—an area where developing countries were often unheard and where India has often led. In cyberspace, India has both advantages—a unique digital profile and a relatively high internet user base (estimated at over 400 million and expected to reach nearly 1 billion by 2021)—as also the disadvantages of its peer nations—a lack of infrastructure and low internet speeds. Like other developing countries, India’s concerns in cyberspace reflect both the “pull” of economic development (beneficiary of the free flow of data) and the “pressure” of national security (concern with ever-increasing cyber attacks). This positions India as a legitimate representative for shaping the new cyber norms and their global governance.
So far, India has participated in the UN GGE process, where it advocated developing a common understanding on responsible state behaviour in cyberspace and the adoption of confidence-building measures by states to address cyber threats, cyber terrorism and cyber crimes.
India has supported other non-governmental efforts such as the global conference on cyberspace (hosted in New Delhi in November 2017) and the global commission on the stability of cyberspace, both of which are developing cyber norms. The newest effort comes from the UN secretary general, António Guterres, who has set up a high-level panel on digital cooperation, headed by China’s Jack Ma (Alibaba Group) and the US’ Melinda Gates (Bill & Melinda Gates Foundation). It will identify policy, research and information gaps, and propose ways to strengthen global digital cooperation. India is represented by Amandeep Singh Gill, a diplomat, who is an ex-officio member of this panel.
This is an area where the global community has found some success, attributed in part to the controversial revelations of whistle-blower Edward Snowden, about the US National Security Agency’s espionage and surveillance activities in 2014.
Here, India has been playing a positive role. Between 2014 and 16, the US gave up its control of the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the global internet infrastructure. The US wanted ICANN to be a multi-stakeholder body, incorporating national governments, business, civil society and academia, but Russia and China preferred a multilateral body, controlled by national governments. India announced its support for the multi-stakeholder model in 2015, and has encouraged Russian and Chinese support to the multi-stakeholder model, in particular through the BRICS (Brazil, Russia, India, China, and South Africa) forum. This has worked: successive BRICS declarations since 2015 have emphasised the need to involve relevant stakeholders in the evolution and functioning of the internet and its governance.
The G20 focus on global economic governance has resulted in the creation of a digital economy task force to guide countries through the era of digital transformation. India has been an important contributor to this process through its many domestic programmes: Digital India, the Aadhar national ID project, the BharatNet project, financial inclusion through the Pradhan Mantri Jan-Dhan Yojana, a new domestic payments system RuPay, all resting on an indigenously-developed and exportable digital infrastructure called IndiaStack.
These initiatives from a developing country are important at a time when the technology global majors are persuading governments to curtail “net neutrality”— open and equal access to the internet, which India has emphasised as non-negotiable. In July 2018, New Delhi announced the draft National Digital Communications Policy, which upholds net neutrality. India’s non-discriminatory approach is in sharp contrast to the U.S. where net neutrality has faced setbacks in recent months, and China, which despite a robust e-commerce market, still controls the internet through the state.
The key to tackle cyber threats and regulate cyber affairs is building capacity. In the last few years, as part of its cyber diplomacy, India has had bilateral cyber dialogues with eight countries and two organisations (European Union and Association of Southeast Asian Nations). These have included wide-ranging exchanges on information technology (IT) training programmes for India, threats posed by cyber crimes, cooperation between national computer emergency response teams (CERTs) and R&D in cybersecurity. India is also harnessing its IT expertise and shares its cyber knowledge, through bilateral agreements and MoUs with other developing countries like Bangladesh, Tunisia, Vietnam (see table below). There is also interest from countries like Rwanda, Morocco, and Sri Lanka on replicating India’s Aadhar-based national identity card project and the IndiaStack technology infrastructure.
These efforts are coalescing into an Indian vision for global cyber governance that will have greater resonance with developing countries that are just starting on the path of national digital transformation.