Dr Debabrata Nayak, chief security officer, Huawei
As an increasing number of enterprises are undertaking digitisation and using the internet of things (IoT) and cloud services, the need to protect their networks and systems from cyberattacks has become more pressing than ever. Cybersecurity has emerged as an integral part of the digital strategy adopted by companies globally as well as in India. Dr Debabrata Nayak, chief security officer, Huawei, talks about the evolving cybersecurity landscape in India, and the key trends and practices…
What are your views on the current cybersecurity landscape in India? What are the key emerging trends?
We are on the cusp of a digital revolution in India today. With initiatives like Digital India, the Smart Cities Mission and BharatNet in place, India is rapidly moving up on the digital curve. But as technologies evolve, so do the threats. The nature of cyberattacks has evolved with the recent ransomware attacks shaking the core of IT infrastructure not just in India, but globally too. The nature of these attacks makes it necessary to take a relook at the existing cyber safety valves and infrastructure.
What role do CSOs and CISOs play in managing the cybersecurity of enterprises?
Digital transformation is no longer the sole responsibility of the IT department; it is now an organisation-wide need. With all business processes getting digitised and technologies like cloud and IoT becoming the new normal, the need to adopt secure cyber practices is becoming extremely important. Chief security officers (CSOs) and chief information security officers (CISOs) play a key role in drafting various cybersecurity policies and establishing business continuity programmes.
How is the adoption of IoT likely to impact the cybersecurity space?
IoT is slowly transforming the way we operate and function in our day-to-day lives. From health care to smart homes and now smart cities, various sectors are being transformed by the IoT wave. The government is investing heavily in creating a $15 billion IoT market by 2020. In addition to enhancing the lives of consumers through smart refrigerators, self-driving automobiles and wearable fitness trackers, it will devote at least half of the overall IoT investment to industrial, commercial and machine-to-machine applications.
With the advent of IoT and other similar technological advancements, businesses are suddenly faced with the challenge of securing everything that can send and receive data, and that is basically anything that has a sensor or a chip in it. While there is still no simple answer or solution to the cybersecurity challenge arising from the advent of IoT, or for that matter any new disruptive technology, there are steps that the global community as well as individual organisations can take to drive demonstrable progress in reducing cybersecurity risks.
What is Huawei’s approach to managing cyber risks?
As an organisation, Huawei has zero tolerance for cyberthreats and all the activities are being administered from the top. There is no complacency when it comes to cybersecurity, and IT heads are always vigilant in this regard. There is definitely a need for technology advancement as the threat mechanisms are constantly evolving. In line with this, Huawei has established a comprehensive supplier management system that can identify and minimise security risks during the end-to-end process starting from the procurement of material to customer delivery. Huawei selects and qualifies suppliers based on their systems, processes and products, preferring those that contribute to the quality and security of the products and services procured by Huawei. The company continuously monitors and regularly evaluates the delivery performance of suppliers and checks the integrity of third-party components during the procurement, production and delivery processes. Huawei has also established a visualised traceability system throughout the process. We have set up cybersecurity offices in several countries around the world, including the US, the UK, India, Germany, Japan and France. These offices are responsible for implementing corporate cybersecurity policies, managing compliance, performing emergency responses, handling major incidents, and establishing communication channels to promote communication with stakeholders.
What are your views on the existing regulatory and policy framework for cybersecurity in the country?
Cyber safety is a dynamic concept, as cyberattackers can leverage unrecognised vulnerabilities even as system safeties are upgraded. In this regard, the government should partner with firms that have global expertise. Organisations like Huawei can provide such a partnership with its high-end products and services that can help gain holistic control on the production of critical software items and systems.
