The discussion was conducted by the Institution of Engineering and Technology (IET), and moderated by S Raghotham, Assistant Editor, Deccan Herald.
“You probably will have no cybersecurity, unless you slow down and force a lot of debate to happen about it. The industry wants revenues and the public wants video streaming; nobody worries about security, and so the vulnerability you are getting into is enormous,” Tiwary said.
Tiwary explained that the ease with which devices could connect with each other poses an immense threat. “There is a huge problem because the current method of securing things -- issuing a digital certificate, putting it into a device, managing it and changing it if it is hacked, is very expensive. It is, in fact, difficult to configure on billions of devices (in a 5G environment). The cost of securing these devices would be a lot more than the device itself, making it unfeasible. Unless we simplify the technology of digital certificates and encryption, we are headed for a disaster.”
Arnab Chattopadhayay, Associate Director, IBM, said that the lack of security is not specific to 5G, but is something that already prevails. However, 5G, he said, would add to the already existing device authentication issues. “5G will add fuel to the fire as it will provide for a lot more devices to connect and exchange data.”
Tiwary proposed a shift in cybersecurity thinking toward what he called a ‘techno-legal’ approach to simplify the complexity involved. “The current cybersecurity framework is based on asking the user to do more and more to defend himself. Such transferring of responsibility to the user is effectively the denial of responsibility on the part of authorities,” Tiwary said.
“Law and order should be treated in cyberspace the same way it’s treated by traffic police. The traffic police does not wait for an accident to happen, if you are driving dangerously on the road, he will come and haul you up before you cause a disaster. Similarly, in cyberspace, network providers should shut down people exhibiting suspicious behaviour.
The Internet Service Provider should be made the local cyber policeman. The moment you start doing that and also impose cost and penalties on suspicious behaviour, the number of amateurs who are into hacking will go down, and then we can focus on bigger issues plaguing cybersecurity,” he added.