Cybersecurity: Government wants more Indian software

0
320

May 27, 2013

The country's top security agencies are not happy that they have to rely on foreign-made security software from the likes of Symantec and McAfee to protect India's critical information technology infrastructure.

May 27, 2013

The country's top security agencies are not happy that they have to rely on foreign-made security software from the likes of Symantec and McAfee to protect India's critical information technology infrastructure.

The call to move away from popular commercial anti-virus and security software to home-grown solutions came at a recent inter-agency meeting on cyber security organised by the National Security Council, and attended by officials from the Intelligence Bureau, Research and Analysis Wing, Cyber Emergency Response Team, and the defence forces.

According to the minutes of the meeting reviewed by ET, officials raised concerns that the currently used security software are not foolproof and can leave critical information vulnerable to attackers. "Home-grown solutions will probably be more trusted so that they don't leave any kind of malware," said J Satyanarayana, secretary in India's Department of Information Technology. "Eventually, we have to be self-sufficient in all aspects of cybersecurity."

The push for Indian-made security software comes at a time when there is a rise in cyberattacks by renegade and state-sponsored groups looking to gain access to government corporate networks.

The government's love for Indian security software was first made known in the national cybersecurity policy draft in 2011. Two years hence, nothing has changed and security officials in the government are still complaining. "The intent is good, but the government needs to understand that developing a security product requires a lot of time and R&D related expenses," said Sanjay Dhawan, technology leader at the Indian arm of PricewaterhouseCoopers.

Hyderabad agency developing software

"Therefore, it would require someone with deep pockets to develop such products for the India market." For now, Indian security software makers have an opportunity but few Indian names are competent enough to take up the challenge.

"We have received queries from different government quarters as they want Indian software to protect sensitive data," said Sanjay Katkar, CTO, Quick Heal Technologies, one of the few known Indian names in the security software market.

Data Security Council of India, an industry initiative that works with the government to improve data protection standards, said though there not many well-known Indian names in security software market, there are several Indian firms manufacturing security products such as firewalls, as well as intrusion detection and prevention devices.

Kamlesh Bajaj, CEO of the council, was hopeful that the new thrust of industry body Nasscom, of which the council is a part, to encourage software product startups will see the rise of software names in the security sector. Besides waiting on the private sector to step up, government has been leaning on in-house organisations to develop reliable security software. Hyderabad-based Centre for Development of Advanced Computing is in the advanced stages of releasing malware detection software that the government is pinning its hopes on.

According to a government official, there have been a lot of thrust in cyber security at the academic and industry levels but it will take more time to produce tangible results. "We started late, but we are alive to the requirements and responsibility," the official said.

Symantec, one of the leading global security software-maker said it is a client's prerogative to choose what kind of software they need to protect critical assets. "Every group, whether government, business or individual is within their rights to take decisions based on their needs and we appreciate that," said Shantanu Ghosh, vice-president and MD for India product operations at Symantec. "It is not unique to cyber security; it happens in every area."

Even the government acknowledges that it is not easy to replace foreign-made commercial software at short notice. "In the beginning, it is not possible to exclude the globally proven antivirus solutions. We cannot leave them out completely. But we need to work on indigenous security solutions," Satyanarayana said.


Courtesy: ET