Government measures to secure supply chains of Information and Communication technologies are increasingly common and threaten to fragment the global digital landscape unless implemented in a manner that builds trust and confidence in partner nations, according to a recently published report by the Esya Centre, a New Delhi-based tech policy think tank, titled—Securing ICT Supply Chains: An Evidence Based Approach.
The report is situated in the context of the increasing importance of ICTs to the functioning of governments, businesses and, individuals. This increase in importance brings with it heightened security risks, in the form of data leaks, ransomware and denial of service attacks etc. Ensuring the security of ICT systems is, therefore, of paramount importance for nations.
However, securing ICT supply chains is a particularly complex and challenging task. This is a result of the fact that supply chains are globalised with different component of ICTs being created in different countries. The absence of centralized control makes it difficult for governments to test, verify, and ensure that each component is safe and has not been compromised or infected at the time of creation.
The complex task of securing ICT supply chains can push nations to adopt simplistic and targeted approaches. An example of such an approach are the aforementioned bans on Chinese apps by the India and the US. Both bans target a pre-determined set of Chinese companies without clearly establishing the threat posed by them.
You might also like: EXCLUSIVE | Is Ideology Driving Tech Policy? – Ep 1 of The Impact Interview from ESYA Centre & MediaBrief
As a result, the bans appear reactionary and ad-hoc, and are not in consonance with the democratic ethos prevailing in both nations. Such actions are likely to denude trust and confidence in digital relations between India, the US, and other like-minded nations.
Instead, there is a need for an approach that balances national security interests with the preservation of global linkages in digital. Indeed, the new US administration under President Biden has withdrawn the app bans due to its discretionary nature and replaced it with a systematic framework that provides an evidence base for any measures that it adopts to secure ICT supply chains.
The evidence base is created through a continuous system of reports and threat assessment by different US agencies working in concert. The new framework is also consistent with principles of due process, specifically the requirements of a fair hearing and transparency in administrative decisions.
The brief concludes that Indian policymakers can draw valuable lesson from the actions of the Biden administration. For instance, the framework for consultation and collaboration between different US agencies dealing with cybersecurity provides a model that Indian cybersecurity agencies, such as CERT-In and NCIIPC, can readily adopt.
The procedure followed for issuing blocking orders, under s. 69A of the Information Technology Acts, can also be made for transparent by mandating pre-decisional hearings and publication of orders.
In pursuit of its digital aspirations, India must consider the ramifications of its action on future relations with other like-minded nations. To ensure that its actions do not discourage other nations from partnering with and investing in India, it must ensure that actions taken to protect ICT supply chains are backed by evidence and imposed in a transparent and accountable fashion.