New Delhi: India’s computer emergency response team (Cert-In) is working with the ministry of electronics and IT (Meity), and the Department of Science and Technology (DST) on a framework to set-up quantum-safe communications networks in India. Work on the standards is being done as nations build up quantum computing capabilities—which stakeholders across government and private sectors expect will threaten current cybersecurity standards globally.
Speaking with Mint, Sanjay Bahl, director general of Cert-In, said that work on the standard is “already ongoing”. “There are active projects on this between Meity and DST. It is work in progress and will take its own due time, Cert-In is a part of the overall initiative,” Bahl said.
Read more: As audio streaming comes of age, companies turn to AI for a growth slingshot
Two senior government officials further reaffirmed the development. “Quantum-safe networks are not an option for the future—they are a necessity going forward as the likes of China and other neighbouring geographies present such threats.” As these threats increase, building quantum computing-standard communications networks will be key for governments to protect sensitive internal communications—and for financial institutions to keep transactions secure.
Post-quantum cryptography
To do this, a standard called ‘post-quantum cryptography’, or building a standard of encryption that can help existing ‘classical’ (or normal) computers and networks withstand attacks by quantum computers is being developed. Furthermore, quantum communications networks, or communications lines that can withstand attacks from quantum computers in order to protect information from being intercepted, are also in the works.
To be sure, quantum computing refers to a new standard of computing where a single unit of information can store information in multiple states—thereby increasing the computing capacity exponentially. In simple terms, quantum computers take a fraction of time consumed by classical computers in use now to break the current standards of encryption.
A second senior official affirmed that alongside the framework by Meity, DST and Cert-In, startups under the ambit of the National Quantum Mission, unveiled two years ago, are also engaged in developing quantum communications networks in partnership with academia. Once proven in trials, these networks will replace classical communications networks once quantum computing technologies build scale.
Bahl, on this note, said that alongside the quantum security framework, Cert-In is also working on improving the overall cyber hygiene and engineering capability at various levels of government agencies.
“The National Informatics Centre (NIC) has already deployed dedicated cybersecurity teams across ministry bodies to ramp up the security of government networks. When it comes to responding to cyber breaches and incidents, Cert-In’s engineers work on the cases. We are also working in partnership with private sector entities for various capability development and analytics,” Bahl said on the sidelines of the first national digital threat report’s launch on Monday.
Read more: Mint Primer: AI in the air: How gadgets will change forever
Private entities are also ramping up capacities. Dharshan Shanthamurthy, founder and chief executive of cybersecurity consultant SISA Infosec, said the company is “setting up a research and development (R&D) entity to develop quantum and AI security capacities.”
However, neither Bahl nor Meity commented on the increased deployment of Cert-In engineers across ministry agencies or a revision to India’s national cybersecurity strategy.
While Bahl did not offer numbers, he claimed that the 2022 Cert-In rules have “clearly increased cybersecurity reporting and proactive monitoring of cyber threats, keeping in line with breach timelines under the regulation.”
A senior official at Meity added that the myriad moves by Cert-In is in line with India’s national quantum mission, as well as Meity’s overall efforts to improve India’s cyber security posture. Earlier, as part of his keynote, S Krishnan, secretary at Meity, said that India’s digital security standards are particularly crucial in efforts to protect the mammoth financial services industry.
“Efficient, and effective response to and rapid recovery from a cyber incident by financial organisations are essential to limit these financial stability risks. Further, considering the interconnectedness and interdependency of financial entities and the borderless nature of cyber incidents, the cyber risk of any given entity is no longer limited to the entity’s owned or controlled systems, networks, and assets. Further entities which were not the primary target or source of disruption may also be affected. Hence, it becomes much more important for authorities to coordinate at sectoral or national level,” Krishnan added in the first Digital Threat Report 2024, released by Cert-In in partnership with Sisa Infosec on Monday.
