Paper
Ananth Padmanabhan, R. Shashank Reddy, Shruti Sharma
{
"authors": [
"Ananth Padmanabhan"
],
"type": "other",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace",
"Carnegie India"
],
"collections": [],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie India",
"programAffiliation": "SAP",
"programs": [
"South Asia"
],
"projects": [],
"regions": [
"South Asia",
"India"
],
"topics": [
"Technology",
"Economy"
]
}
Source: Getty
Other
India Needs a Stronger Cybersecurity Framework
It is important that start-ups start thinking about cybersecurity from the time they begin developing a structural design for their company, and not in later stages.
Published on Dec 7, 2017
Source: Livemint
Regulators need to become enablers for the broader start-up and tech ecosystem and develop more light-touch regulations to enable innovation, according to Ananth Padmanabhan, tech and policy fellow at Carnegie India, a think tank, which is hosting the Global Technology Summit on 7 and 8 December in Bengaluru.
The summit will include sessions and discussions touching on a variety of topics, including the use of technology for governance, digitizing public services and creating regulations around new-age digital systems.
In an interview, Padmanabhan spoke about the challenge of developing light-touch regulations, how public-private partnerships are required for the benefit of the start-up ecosystem and the need to create awareness around cybersecurity issues. India needs a stronger cybersecurity framework, he said. Edited excerpts:
Many start-ups in the past have run into legal troubles with state authorities. Do you think centralization of certain laws like transport and road regulations can fix costly legal battles between aggregators and state departments?
Centralization of laws and regulations is not a fix. Centralization ensures that instead of multiple laws and regulations for each aggregator like an AirBnB, Cabs, you may have one law.
But if that law itself raises the compliance cost, it is really of not great purpose. So, I think the real challenge is developing light-touch regulations is the way forward for tech start-ups.
Even if we end up creating uniform regulations for each industry aggregator, we are solving only one part of the story, and the real challenge is equipping the regulatory institutions better with resources, training regulators to think more light-touch rather than developing fully regulated systems, especially for emerging technologies.
What does the Supreme Court’s recent Right to Privacy ruling means for regulators like the Reserve Bank of India (RBI) and Telecom Regulatory Authority of India (Trai)?
RBI is already disaggregating high value transactions from lower value daily transactions. And this was actually the approach in the early days, when the wallet industry was first evolving. But in the last 8-9 months, it (RBI) has become more of a watchdog in some ways for wallets.
The Watal Committee report, have put out some ideas like interoperability for wallets, and full-KYC compliance for mobile wallets that deal with only low-value transactions.
The way I look at it, it is better to leave a good part of this to the market to decide. There are also other things that regulators should step into and become enablers for the ecosystem. For example, grievance redressal. The second thing is a strong cybersecurity framework.
Do you think public-private partnerships can help tech start-ups?
I think private-public partnerships are always a great idea. But sometimes we make a policy decision and that policy decision is totally aligned to picking a technology winner rather than leaving it to the consumer or the market forces. Clearly, picking a technology winner over the other, like what’s happening with the UPI (Unified Payments Interface) isn’t working. Even though NPCI (National Payments Corporation of India) is batting for interoperability for its UPI system, there has always been somebody who is innovating outside this system and would like to sort of get out of that ecosystem and find a different answer. So we should allow different solutions to co-exist and not close loop them.
Should data protection and privacy regulations be created sector wise, or centrally developed at a trade level like in the US?
On the security front, there was an initial push to create the CERT-In (Indian Computer Emergency Response Team). That is the first sectorial push in bringing about cybersecurity regulations for each sector by creating an emergency response body for each sector. I think this is basically creating one more layer, and that layer will anyway have to report to the main CERT.
It may not by itself be problematic. But we have to be very careful, that you don’t end up creating more levels of authority and interfere with actual outcomes that bring about security in that sector.
How can start-ups be more self-compliant at a time when cybersecurity risks are on the rise?
I think we need a lot of awareness around cybersecurity issues. Because in many ways that is the first step. Awareness is also the reason behind our Carnegie event tomorrow (Thursday). Because you see in many instances, technologists don’t get the policy implications of what they do. Because most start-ups spend time in hitting growth targets and raising more funds to keep their company afloat.
It is even in your best interest to actually be engaged consistently with the policy implication of what you are doing, since we are no longer in the early stages of Internet adoption.
The government has largely been trying to play catch up with cybersecurity risks, today that’s not the situation anymore. So it is important that start-ups start thinking about cybersecurity from the time you start developing a structural design for the company/business, and not in later stages.
About the Author
Ananth Padmanabhan
Former Fellow, Carnegie India
Ananth Padmanabhan was a fellow at Carnegie India, based in New Delhi. His primary research focus is technology, regulation, and public policy, and the intersection of these three fields within the Indian context.
- Modern Biotechnology and India’s Governance Imperatives
- The Right Way to Nurture India’s Digital EconomyArticle
Ananth Padmanabhan
Recent Work
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie Endowment for International Peace
- Europe and the Arab Gulf Must Come TogetherCommentary
The war in Iran proves the United States is now a destabilizing actor for Europe and the Arab Gulf. From protect their economies and energy supplies to safeguarding their territorial integrity, both regions have much to gain from forming a new kind of partnership together.
Rym Momtaz
- The Iran War Is Also Now a Semiconductor ProblemCommentary
The conflict is exposing the deep energy vulnerabilities of Korea’s chip industry.
Darcie Draudt-Véjares, Tim Sahay
- The Other Global Crisis Stemming From the Strait of Hormuz’s BlockageCommentary
Even if the Iran war stops, restarting production and transport for fertilizers and their components could take weeks—at a crucial moment for planting.
Noah Gordon, Lucy Corthell
- India’s Foreign Policy in the Age of PopulismPaper
Domestic mobilization, personalized leadership, and nationalism have reshaped India’s global behavior.
Sandra Destradi
- Resetting Cyber Relations with the United StatesArticle
For years, the United States anchored global cyber diplomacy. As Washington rethinks its leadership role, the launch of the UN’s Cyber Global Mechanism may test how allies adjust their engagement.
Patryk Pawlak, Chris Painter
