THE BLOG
10/25/2012 05:39 pm ET Updated Dec 25, 2012

U.S.-India Cyber Diplomacy: A Waiting Game

This week, the Indian National Security Council Secretariat released recommendations by a joint public-private working group on cybersecurity aimed to strengthen India's cybersecurity capabilities to combat the rising threat from cyberspace. One of the key recommendations is the establishment of a "Joint Committee on International Cooperation and Advocacy" to promote "India's national interests at various international fora on cybersecurity issues." This begs the question: what exactly are India's national interests in cyberspace?

This question of India's national interests in cyberspace is especially important to US foreign policy makers, given the recent emphasis by the United States to strengthen the US-Indian relationships. Diplomatically, India is caught between the China-Russia bloc and the West; it enjoys close military ties with Russia, strong economic ties with China (China is the largest trading partner of India), but is moving cautiously towards the United States and the West on a number of key cybersecurity issues, such as norms for cyber conflict. India, however, before openly committing to either side, has a clear national interest in streamlining its internal cyber capabilities evidenced by the establishment of the public-private sector group under the auspices of the National Security Council.

During his visit to India in the summer of 2012, US Defense Secretary Panetta mentioned the need for cooperation on legal questions posed by cyber warfare; however, despite official statements of cooperation on cybersecurity, real cooperation between the two nations has been slow. India and the US conducted a second round of cyber consultations in June 2012 within the framework of the US-India Strategic Dialogue. They previously agreed on cooperation between the Computer Emergency Response Teams (CERT) of both countries, and India participated in an international cyber war game hosted by the US Department of Homeland Security. There also is an ongoing US-India Information and Communications Technology (ICT) Dialogue, and Indian and US experts collaborated in developing some recommendations for norms of behavior and confidence-building measures in cyberspace for the United Nations Group of Governmental Experts (GGE) on Information Security. Conversely, substantive progress has been slow because of the wider diplomatic discrepancies between the two nations.

The United States' principal objective in realigning its forces in Asia is to contain China through regional alliances in which India plays a pivotal role. Nevertheless, the Indian foreign policy establishment still harbors deep suspicions vis-à-vis the United States, which is the result of various factors. First, India must balance its relationship with China carefully, of which it too is suspicious, but which it approaches pragmatically. After all China and India are neighbors with an unsettled border dispute and the legacy of short war in 1962. Second, the relationship with Russia, India's biggest weapons supplier, is of great importance to the growing Indian military and cannot be jeopardized in the short run. Third, the United States stance on Iran is perplexing to India and she shows very little understanding about the rationale behind sanctions, given that Pakistan, a nuclear armed state and home base to radical Islamists, enjoys US support. Finally, the legacy of India's role in the non-alignment movement during the Cold War continues to influence policy makers in both countries.

All of this pervades the bilateral dialogue on cybersecurity. In addition, the threat perception vis-à-vis the West's adversaries in cyberspace, Russia and China, differs substantially between Washington and New Delhi. For example, one of the biggest contentions between the United States and China is cyber espionage--Advanced Persistent Threats--a subject barely mentioned by the Indian private sector but of huge importance for the United States. This is the result of denial as private sector companies are reluctant to share data on this subject and genuine lack of awareness in Indian board rooms, but principally, however, it is the product of India's economic development. In 2011, R&D expenditure in India was only 0.7% of GDP, with government expenditure accounting for 70% of that figure, according to a report released by IDSA. As of now, the attitude of New Delhi is comparable to the Mozart Opera Cosi Fan Tutte (Thus Do They All); industrial espionage is committed by all countries, but it hasn't reached the level and intensity as in the United States because there are comparatively less interesting targets to Chinese intruders than in North America. Also, in comparison to Western countries, the government rather than the private sector is taking the lead in India in raising cybersecurity awareness, which given that 90 percent of India's critical information infrastructure is in the hands of the private sector, will progress slowly. This will naturally impact Indo-US cyber diplomacy.

The first sign of true progress will be when India joins the European Convention on Cybercrime (the Council of Europe extended an invitation to India in 2009), something that "India is carefully watching," according to a panelist at the press conference of the National Security Council Secretariat on October 15 in New Delhi. The rationale behind this is that China and Russia oppose the convention on various grounds, and consequently, it has become one of the principal determiners of alliance structures in cyberspace. The US State Department and the Indian Ministry of External Affairs already formed a working group to further discuss the issue of international norms in cyberspace and global Internet governance, including discussions on the European Convention on Cybercrime, a sign that the discussion is moving in that direction. Notwithstanding Kipling's words "East is East and West is West and never the twain shall meet...," going forward, India's economic development mandates closer diplomatic ties to the West in the field of cybersecurity.

A version of this article has appeared in The National Interest.