What does the Union Budget 2018 need to do to prioritize cybersecurity?

In 2016, a malware injection in Hitachi Payment Services caused 3.2 million debit cards to be compromised. As a result, FM Arun Jaitley announced in last year’s Union Budget that cybersecurity was to be an integral part of the financial sector. And a special Computer Emergency Response Team for Financial Sector (CERT-Fin) was proposed for the same.

It would be quite accurate to say that 2017 was a year riddled by global breaches and cyber-attacks, including the infamous WannaCry and Petya, highlighting the need for the government to look at cybersecurity as a real problem, and not just in the financial sector. The 2018 budget could result in the government allocating a whopping Rs 20,000 crore for digitization only, reports Business Standard.

Additionally, the paper also reports that the IT ministry might be allocated nearly Rs 5,418 crores in this year’s budget, compared to Rs 4,040 crores allocated in 2017.

Jamuna Swamy, industry veteran and ex-CISO of Hexaware Technologies, says, “With CIOs becoming more cognizant of the impact of the security incidents and thinking about how these can be postponed or deterred, a higher allocation on cybersecurity budget can be expected. We need to increase cybersecurity professionals at a faster rate as they are in short supply, and the cost associated with them also be more.”

“Post demonetization, while there has been a rise in digital transactions, cybercrime has also increased. Money needs to be allocated not just to enhance capacity building but to also increase cybersecurity and fight cybercrime,” says cyber law expert and lawyer, Pavan Duggal. The government now needs to focus on building a robust security system for the digital payment ecosystem, he adds.

Post the hue and cry of WannaCry and Petya, the union ministry of electronics and information technology (MeitY) asked all ministries to allocate 10 percent of their IT budgets to strengthen cybersecurity to beef up the IT infra of the country in order to protect themselves from future attacks.

When asked if this was enough, Swamy considers it a decent proposition considering that the industry average stands at six to eight percent. “We cannot pass a judgement on the number without understanding the basis,” she adds.

Duggal disagrees and says that the average is not an indication of India’s aspiration of becoming a global IT superpower. “We need to have at least 25 to 33 percent of our IT budget dedicated to cybersecurity in order to become a digitally empowered nation, as cybersecurity is the foundation fulcrum of IT and it must be given additional support,” he says.

Both Swamy and Duggal predict an increased spend in newer technologies like Internet of Things (IoT), blockchain and artificial intelligence (AI). Duggal adds that the country needs to focus both on existing and newer technologies in order to not fall behind.

The months following the havoc wrecked by WannaCry saw the government scrambling to get its cards in place with regards to bitcoin, leading to Jaitley holding an inter-ministerial meeting on the legality and risks surrounding bitcoin in June 2017. However, no decisions were made at the time. Earlier this month, however, the FM expressed his distrust in cryptocurrency and said that the technology has a “lack of dependence,” and functions with a “degree of anonymity.”

According to Duggal, cryptocurrency is the present and the future, but the country is yet to make up its mind and the time for allocation of adequate budget for the legal and security frameworks for it is not yet here.

But what if we are indeed raising our hopes high? Duggal is worried that the industry might be expecting too much from this Union Budget. “People have a legitimate expectation from this year’s budget as it is the last full-fledged budget of this term,” he adds.

According to Swamy, if proper controls are not implemented due to lack of budget allocation, risks can materialize at the earliest posing great challenges for the government. “But even if the adequate budget is available, it has to be properly invested in the security technology. Otherwise, this will also be a high risk item,” she says.