Cyber Security and the Fouth Industrial Revolution
Excerpts from the Key Note Address given by Prof V Kamakoti, Department of Computer Science & Engineering, IIT, Madras on, ‘Cyber Security and the Fourth Industrial Revolution.’
Industrial Revolution 1.0 started with steam and then proceeded to electric power as Industrial Revolution 2.0. It further evolved and more of automation came as part of Industrial Revolution 3.0. Today, Industrial Revolution 4.0 is governed by data, next gen communication and connectivity. When we say data, there will be many sources of data. These sources are going to come from all digitization initiatives, starting from smart cities, telehealth, 3D printing, monitoring of agriculture and irrigation, ocean engineering, vaccination and so on. Even Covid hotspot prediction is modelled on data. The most important thing is communication and connectivity. A lot of collaborative effort is required in Industry 4.0 to get the best outcomes. Next generation communication, including 5G and 6G, will drive this whole effort. In healthcare, it is now possible to do remote surgery. For these applications, some of the biggest challenges are getting low latency and high bandwidth communication. That is precisely where the next generation communication is taking us forward. When control is being exerted from a remote place, communication has to be extremely reliable with low latency involving a lot of data exchange.
Once we think of that, immediately cyber security becomes extremely important. The security of anything is directly proportional to the number of elements or components that we have in the system. If we have a low number of components, reliability will be high. If we have more components, there will be a higher chance of failure and a higher risk of being intruded by a hacker.
In 5G and 6G, the number of components will be at least 10X of what we have seen in 4G, especially in number of base stations, small cells, etc. Many things are going to come up. Once we have such a very complex environment, then it is going to be a very complex affair to deal with cyber security, and that is why the government has taken a lot of initiatives.
One such very important initiative is the National Telecom Security Committee headed by the Deputy NSA, which looks at the trustworthiness of the components introduced into a telecommunication network inside the country. This is a very proactive measure that the government has taken.
Need for Atmanirbhar
Next gen communication is driven by software. That is precisely the reason why more people today talk of indigenous software in their own country. This software will run on commodity servers. We can now decouple hardware and software and have different vendors for each. Is this a boon or bane?
Having different vendors mitigates the risk of a bigger attack on the network. That is a boon. We, as a country, have been developing complex software over a period of time and so we can have an atmanirbhar communication network.
But on the negative side, since it is software driven, there can be more attacks. We need to have a high level of security in the compute infrastructure that we put as part of next-generation communication network. For example, a core today has a lot more compute which runs on the commodity server. The compute infrastructure needs to be highly secured.
Our mobile phone is a compute infrastructure that needs to be secured. There are many things coming up in this direction. 5G and 6G are going to be very important factors for our success in Industry 4.0 and there is no doubt about it. Once that comes up, there are going to be more cyber security issues. There is an immediate necessity for us to build many more atmanirbhar components to see that we are secured and we can gain confidence in this direction.
One of the recent developments is the release of drone regulations. Regulations must also ensure is that there is ease of doing business. Security and ease of doing business are two ends and we need to find out a proper balance.
The government policies are extremely crucial for this. The government has come up with important policies, including personal data protection regulations and non-personal data protection regulations. Data is the oil of the next century. It is a wealth of information from which we could get many things, both commercially and strategically.
Drone and Space
Then there are a lot more of enablers that come for Industry 4.0, especially unmanned aerial vehicles and some autonomous vehicles. One of the recent developments is the release of drone regulations. Regulations must also ensure is that there is ease of doing business. Security and ease of doing business are two ends and we need to find out a proper balance. We cannot compromise on security and this is one major challenge, both from strategic and civilian ends. The recent drone regulations are favourable to the industry.
Today, space also has become very important. Last week, there was a launch of the Indian Space Association–INSPACe. When we talk about space, again there is a lot more of connectivity that is coming up which will be 6G driven. We need to regulate the data transmission from an Indian entity to another Indian entity such that it doesn’t go out of India to a foreign nation.
Life in a Cyber Physical World
We are going to live in a cyber-physical world. Recently, Mahindra and Morris Garage have come up with AI-driven vehicles which will be completely connected. We have around 8 to 10 cars today which are connected. We can even track these vehicles. One important mission of the government—The National Mission on Interdisciplinary Cyber Physical Systems (NMICPS) was launched a couple of years ago with an outlay of close to half a billion dollar. All the IITs and some IIITs have set up Technology Innovation hubs to work on the different verticals, starting from A for agriculture to O for Ocean engineering. There are many vertical sectors. IIT Madras is involved in sensor networking actuators and control systems. We call it SNACS. We welcome members who are interested to reach us. Interestingly, these innovation hubs are formed as not-for-profit companies. It is involved in incubating startups to make and deliver systems for the next generation cyber physical world. Cyber security essentially has to be an underlying enabler or a building block for this.
Today, a lot of things including communication itself are more of computation. The interesting thing is that the hardware and software need not necessarily be from the person who is doing the business.
The last point that I want to talk of is about compute. Today, a lot of things including communication itself are more of computation. The interesting thing is that the hardware and software need not necessarily be from the person who is doing the business. For example, if I am doing banking, I really can’t do the hardware or the software. I depend upon some external vendor to give me this. The bank owns the data but one who can interpret it and do a lot of things on the data would be essentially a system integrator. Essentially, this means that there needs to be some sort of confidence. That is where the notion of what we call ‘Separation Kernel’ comes up.
We had earlier seen only one such in the world. Now, there is an Indian company which has this separation kernel today and it is successfully working; a piece of software that exists between the hardware and the operating system. This can control the use of hardware from the operating system. So, a lot more of security can be introduced in this. We are trying to put this all the way from a small mobile phone to a large-scale high performance computing server in a super computing environment or on a cloud. This could give us a very high level of security.
Covid: The Test Bed
A lot of unfortunate things happened because of Covid. But one thing that Covid has done is that it has created a test bed for all the things that we discussed. There was a work from home challenge. Banks have today employees who have to work from home. That means, their core banking has to be given some access. The Stock Exchange has worked with employees working from home. If they don’t work, the entire economy of the country will tank. Telemedicine did work. Online meetings worked. We don’t know whether these meetings can be tapped by someone but then, this gives us a test bed on which we can start experimenting and put sound cyber security systems in place.