In September 2015, in a much-publicised visit, United States Secretary of State John Kerry and Secretary of Commerce Penny Pritzker met India’s External Affairs Minister Sushma Swaraj and Minister of State for Commerce and Industry Nirmala Sitharaman for the first U.S.- India Strategic and Commercial Dialogue held in Washington D.C.
Representatives of both countries expressed support for an ‘open, inclusive, transparent, and multi-stakeholder system of internet governance and planned to work together to promote cyber security, combat cyber crime, and advance norms of responsible state behavior in cyberspace’.1 Both countries welcomed the decision to convene a ‘Track 1.5’ program, where government officials would work together with the industry, to further cooperation on internet and cyber issues and contribute to the goals of Digital India initiative. They also commended the resumption of the U.S.-India Cyber Dialogue towards intensified cooperation on cyber matters. This Dialogue was affirmed additionally in the September 2015 U.S.-India Joint Declaration on Combatting Terrorism between Kerry and Swaraj, which recognised cyber security and information sharing as an integral requirement of the joint front against terrorism. Efforts to finalise a bilateral agreement to expand intelligence sharing, terrorist watch-list information and mutual legal assistance were noted and commended in the declaration.2
The U.S.-India Cyber Dialogue which found mention in the September 2015 talks had resumed in August 2015 in Washington, D.C. after a while of neglect.3 Here, the two countries identified areas of co-operation and expressed their intention to pursue an action-oriented plan to intensify their cybersecurity partnership and achieve concrete outcomes. There was informal dialogue with industry, attracting participation from the U.S.-India Business Council. Leading industry representatives submitted recommendations calling for the ‘need to protect cross border data flow, facilitate remote access, provide for strong encryption standards, and reduce cybersecurity threats through targeted public-private partnerships’.4
Bi-lateral diplomacy efforts in the area of cybersecurity, cybercrime and counter-terrorism between the governments of India and the United States thus seem to have found fresh steam recently. But the engagement between the two countries on these matters is not new: in addition to ongoing discussions to counter terrorism, dialogue on how to deal with cyberthreats in particular has been taking place at least since 2001. What are some of the key events of engagement between the two countries in various fora? We trace these cybersecurity-specific bilateral initiatives for you.
The Early Years
The first U.S. India Cyber Security Forum was established in 2001, growing out of the ongoing counter-terrorism dialogue between the two countries, and focused particularly on the need for securing critical infrastructure systems from attacks.5 As India was growing to become the main outsourcing hub of U.S. companies, it was mutually beneficial to both countries to address common concerns around security of networked systems. The private sector was closely involved in these talks since the beginning. In the second meeting of the Forum held in Washington, D.C. in November 2004, five joint working groups were established to cover the issues of legal cooperation and law enforcement; research and development; critical information infrastructure, watch and warning and emergency response; defense cooperation; and standards and software assurance.6
There was not much in the way of developments until the third meeting of the India-U.S. Cyber Security Forum in 2006, when two more important areas of co-operation – transportation and financial sectors systems – were discussed to be included within the scope of the forum.7 The Confederation of Indian Industry collaborated with its U.S. counterpart to set up the India Information Sharing and Analysis Centre, similar to the Information Sharing and Analysis Centre set up three years earlier in the United States under a Presidential Directive.8 An arrangement called the Anti-bot alliance was also set up in order to increase awareness about threats, but ironically, there is not much information available publicly about this initiative and its success or lack thereof. Further, the Cyber Emergency Response Team-In (CERT-In) and the U.S. National Cyber Security Division agreed to share expertise in artifact analysis, network traffic analysis, and exchange of information. The defence services of both countries agreed to enhance their interaction through exchange of experience in organisational, technological and procedural aspects.
Also in those early days, in 2002, the U.S.-India High Technology Co-operation Group was formed, which sought to provide a forum for discussing high-technology trade issues and building the confidence necessary to facilitate trade in ‘sensitive items’.9 On its agenda was promotion of strategic trade, i.e access to dual use items through easing of controls on exports of such goods to India and promotion and facilitation of bilateral high technology commerce.
While a range of initiatives thus took place in the early 2000s, a renewed urgency in such cooperation was felt in the aftermath of the Mumbai terror attacks in November 2008. Indian and American delegates convened for the U.S.-India Strategic Dialogue in Washington, D.C. shortly after, from December 5-9. The delegations of both countries had roundtable discussions around defense partnerships including various approaches to cyber security, given the increasing reliance of crucial infrastructure on Internet and communication technology the world over.10
No major developments ensued until 2010, when President Obama visited India for another round of U.S.-India Strategic Dialogue. During this visit, a Homeland Security Dialogue was announced to deepen operational cooperation, counter-terrorism technology transfers and capacity building.11
The first edition of U.S.-India Homeland Security Dialogue was held in 2011, where Home Minister P. Chidambaram and his American counterpart Janet Napolitano started initial deliberations on measures to strengthen agency-to-agency engagement in the areas of intelligence exchange, information sharing, forensics and investigation, access and sharing of data relating to terrorism and security of infrastructure, among others.12 They agreed that the two sides would designate points of contact and establish protocols for engagement. Following up from here, and importantly, both governments signed a Memorandum of Understanding for the exchange of critical cybersecurity information and expertise through the CERT-In and US-CERT in July 2011.13 It was the first comprehensive bilateral dialogue on homeland security issues.
In this series of engagements, the second U.S.-India Homeland Security Dialogue was concluded between Union Home Minister Sushil kumar Shinde and U.S. Secretary of Homeland Security Janet Napolitano in Washington, D.C. in 2013.14 Here, arrangements were concluded about capacity building of Indian officers by learning from their U.S. counterparts in the areas of cyber security, megacity policing and forensics, critical infrastructure protection, financial terrorism and anti-terrorism intelligence. Training of Indian officers would take place at Federal Law Enforcement Training Centres (FLETC). The officials sought to be trained included persons from law enforcement agencies and government departments, including the National Security Council Secretariat, the National Investigation Agency, the Intelligence Bureau, the National Technical Research Organisation, the Central Bureau of Investigation, the paramilitary and State police forces, and the Ministry of Telecom and Information Technology. Training modules were to include best practices in cyber security and cyber forensics, advance course in technical surveillance counter measures, control systems security programme for end-to-end network and systems security for servers, routers, switches, transmission and all information and communication technology (ICT) hubs and facilities.15
The HTCG first established in 2002 includes an industry component with key private sector players of both countries, who have benefited from these long-standing ties. In another boost for them in 2014, the U.S Department of Commerce recorded plans to create a Homeland Security Subgroup under the HTCG to facilitate increased access to homeland security-related technology to India.16 When the HTCG convened later in November 2014, this was operationalised by shaping a cooperative agenda on high technology goods, including export control-related trade in homeland security technologies.17
By this edition of the HTCG meeting, a new government had already come into place in India, and as recent events have highlighted, cybersecurity seems to be high on its agenda. Obama and Modi met for the first time as premiers of their countries in September 2014, when they issued an elaborate joint statement to affirm co-operation on matters of defense and national, regional and global security. The statement laid the roadmap for the bilateral events which have ensued in the last two months.18 The countries said that they would build an enduring partnership with each other, where both sides would treat each other ‘at the same level as their closest partners’. Further, both countries committed to enhancing exchanges of civilian intelligence along with military intelligence and terrorist watch-lists. They also pledged to strengthen co-operation on extradition and mutual legal assistance. The law enforcement agencies of both countries acting together aim to inhibit the use of cyberspace by not only terrorists and criminals, but also a vague category of ‘those who use the Internet for unlawful purposes’.
These goals set in September 2014 were closely followed by a joint statement released by the two countries during Obama’s January 2015 visit to India.19 Obama and Modi again noted their growing cooperation to tackle matters of cybersecurity and cybercrime and identified a variety of opportunities for increased collaboration on cybersecurity capacity-building, cybersecurity research and development, combatting cybercrime, international security, and Internet governance. Out of this visit also emerged the India-U.S Delhi Declaration of Friendship, which affirmed in grand terms the cooperation on matters of security and defense.20 The declaration states that secure hotlines between the Prime Minister of India and the President of the United States of America and National Security Advisors would be established. The elevation of strategic dialogue to strategic and commercial dialogue was also announced in this declaration.
These key developments – starting from the early 2000s, finding shape recently and intensifying in the last year – have led us to the bilateral talks held over the last two months. India’s shift from its earlier position of supporting a multilateral21 model of internet governance to embracing multistakeholderism is likely to have played an important role in helping forge close ties with the United States.22 Michael Daniel, Special Assistant to the President of the United States and Cybersecurity Coordinator, explicitly said that India’s alignment with the multi-stakeholder model to internet governance, a model the U.S. endorses, was encouraging in the context of bilateral ties between the two countries.23
India’s ability to tackle matters of cybersecurity, cybercrime and counter-terrorism requires preparedness on its own part as well as cooperation with governments of other countries. While stronger ties with the United States are encouraging, the US has been known to commit flagrant privacy violations and increasing communications surveillance in the name of counter-terrorism. It therefore remains to be seen how much of this ever-increasing co-operation will be effective in furthering understanding of networked systems and threats by government agencies in a way that actually serves the interests of citizens of their respective countries and how much of it would be duplicating and supporting the U.S. script of widespread communications surveillance.