U.S.-India Cyber Diplomacy: A Waiting Game
New Delhi is playing a cautious game in cyberspace. Closer U.S.-Indian ties demand that Washington play along.
The Indian National Security Council Secretariat recently released recommendations by a joint public-private working group on cybersecurity that aimed to strengthen India’s capability to combat the rising threat from cyberspace. One of the key recommendations is the establishment of a “Joint Committee on International Cooperation and Advocacy” to promote “India’s national interests at various international fora on cybersecurity issues.” This begs the question: What exactly are India’s national interests in cyberspace?
Given the recent declaration by the United States that it wishes to strengthen the U.S.-Indian relationship, this question is especially important to U.S. foreign-policy makers. Diplomatically, India is caught between the China-Russia bloc and the West; it enjoys close military ties with Russia and strong economic ties with China (New Delhi's largest trading partner). At the same time, India is moving cautiously towards the United States and the West on a number of key cybersecurity issues, such as norms for cyber conflict. Before openly committing to either side, however, India must streamline its internal cyber capabilities; the establishment of the public-private sector group is evidence that this work has already started.
During his visit to India in the summer of 2012, U.S. defense secretary Leon Panetta mentioned the need for cooperation on legal questions posed by cyber warfare. But despite official statements touting cooperation on cybersecurity, real collaboration between the two nations has been slow. India and the United States conducted a second round of cyber consultations in June 2012 within the framework of the U.S.-India Strategic Dialogue. They previously agreed on cooperation between the Computer Emergency Response Teams of both countries, and India participated in an international cyber war game hosted by the U.S. Department of Homeland Security. There also is an ongoing U.S.-India Information and Communications Technology Dialogue, and Indian and U.S. experts collaborated in developing some recommendations for norms of behavior and confidence-building measures in cyberspace for the United Nations Group of Governmental Experts on Information Security. Conversely, substantive progress has been slow because of the wider diplomatic discrepancies between the two nations.
The United States’ principal objective in its pivot to Asia is containing China through regional alliances in which India plays a key role. Nevertheless, the Indian foreign-policy establishment still harbors deep suspicions about the utility of its relationship with the United States. First, India must carefully balance its relationship with China, of which it also is suspicious but which it approaches pragmatically. After all, China and India are neighbors with an unsettled border dispute and the legacy of short war in 1962. Second, the relationship with Russia, India’s biggest weapons supplier, is of great importance to the growing Indian military and cannot be jeopardized in the short run. Third, the U.S. stance on Iran is perplexing to India, which evinces very little understanding about the rationale behind sanctions, given that Pakistan, a nuclear-armed state and base for radical Islamists, enjoys U.S. support. Finally, the legacy of India’s role in the nonalignment movement during the Cold War continues to influence policy makers in both countries.
All these factors pervade the bilateral dialogue on cybersecurity. In addition, the perception of the West’s adversaries in cyberspace, Russia and China, differs substantially between Washington and New Delhi. For example, one of the biggest points of contention between the United States and China is cyber espionage—what experts call advanced persistent threats—a subject barely mentioned by the Indian private sector but of huge importance for the United States. This is in part the result of denial. Private-sector companies are reluctant to share data on this subject and there is a lack of awareness in Indian board rooms. But it is principally the product of India’s economic development. In 2011, research and development expenditure in India was only 0.7 percent of GDP, with government expenditure accounting for 70 percent of that figure, according to a report released by India’s Institute for Defence Studies and Analyses.
Today, the attitude of New Delhi is comparable to the Mozart opera Cosi Fan Tutte (Thus Do They All). Industrial espionage is committed by all countries, but it hasn’t reached the level and intensity seen in the United States because other targets are less interesting to Chinese intruders than America. Also, in contrast to Western countries, the Indian government is taking the lead in cybersecurity awareness, which, given that 90 percent of India’s critical information infrastructure is in the hands of the private sector, will progress slowly. This will naturally impact Indo-U.S. cyber diplomacy.
The first sign of true progress will be when India joins the European Convention on Cybercrime. The Council of Europe extended an invitation to India in 2009, and it is something that “India is carefully watching,” according to a panelist at the press conference of the National Security Council Secretariat held on October 15 in New Delhi. China and Russia oppose the convention on various grounds, and consequently it has become one of the principal determiners of alliance structures in cyberspace. The U.S. State Department and the Indian Ministry of External Affairs already formed a working group to further discuss the issue of international norms in cyberspace and global Internet governance, including discussions on the European Convention on Cybercrime, a sign that the discussion is moving in that direction.
“East is East, and West is West, and never the twain shall meet,” said Rudyard Kipling. But when it comes to the field of cybersecurity, India’s economic development demands closer diplomatic ties to the West.
Franz-Stefan Gady is a foreign-policy analyst at the EastWest Institute, which is holding the Third Worldwide Cybersecurity Summit on October 30-31 in New Delhi.