WikiLeaks - PRODUCTIVE PREP TALKS POINT TO A SUCCESSFUL JANUARY CYBERSECURITY EXCHANGE

 Important Note: This is exact copy from WikiLeaks - Link. I have copy -pasted here because it deals with me directly. Credit of this blog-post lies completely with WikiLeaks.   

Date: 2006 January 5, 12:38 (Thursday)

Canonical ID: 06NEWDELHI93_a

UNCLAS SECTION 01 OF 04 NEW DELHI 000093 SIPDIS SENSITIVE SIPDIS STATE FOR PM ERUSSELL, MMARKOFF JUSTICE FOR ATEELUCKSINGH E.O. 12958: N/A TAGS: PGOV, PINR, KCIP, TINT, PTER, EFIN, ECPS, KTFN, EAIR, ELTN, IN SUBJECT: PRODUCTIVE PREP TALKS POINT TO A SUCCESSFUL JANUARY CYBERSECURITY EXCHANGE REF: NEW DELHI 9249 1. (SBU) Summary: A well-organized and highly motivated National Security Council Secretariat (NSCS) Information Security Specialist and head of the National Information Security Coordination Cell Commander Mukesh Saini met on December 20 with PM/PPA Deputy Coordinator for International Critical Infrastructure Protection Policy Erica Russell to block out the agenda for the January 16-17, 2006, Cybersecurity Forum in New Delhi. MEA Director (Americas) Gaitri Kumar also attended but offered no substantial inputs. In 90 minutes Saini and Russell reviewed the status and expected progress of the five working groups (WGs), discussed GOI proposals for additional WGs to address transportation and financial sector issues, and fleshed out GOI thinking on additional structures to advance the cybersecurity relationship (joint training, a joint operations fund, and a statement of principles.) The discussion was later joined by PolCouns and NSCS Joint Secretary Arvind Gupta; all sides reported satisfaction with the meeting and predict a productive exchange in January. End Summary. Where We Are, Where We're Going ------------------------------- 2. (SBU) Saini described the US-India cybersecurity relationship as evolving in the right direction: "The first plenary (in 2002) was a political statement, the second (in 2004) was getting to know each other and grasping the subject and its contours. Now, the third (January 2006) should be moving into exchanges of experts, documents, and technology." He recalled that the Cybersecurity Forum predates the Information and Communications Technology (ICT) WG and the High Technology Cooperative Group (HTCG). Russell reported that the WG co-chairs found the bilateral workshops and seminars held from April-September 2005 to be very useful, and that the USG interlocutors look forward to the January plenary. Structure for the January Plenary --------------------------------- 3. (SBU) Saini and Russell agreed that the Cybersecurity Forum would convene at Vigyan Bhawan (a large, modern, GOI-owned conference facility in central Delhi), which reflects the priority New Delhi attaches to this exchange. The group would meet in plenary on January 16; NSA Narayanan or D/NSA Nambiar will provide the opening address, followed by opening remarks from the GOI and USG delegation heads. For January 17, the WGs would meet for the first half of the day, and report their progress at the plenary's conclusion. Russell and Saini agreed that the focus of presentations should be on the way ahead, not on recapping past accomplishments. Three WGs Ready to Go --------------------- 4. (SBU) Russell passed Saini a list from Anthony NEW DELHI 00000093 002 OF 004 Teelucksingh of DOJ's Computer Crime and Intellectual Property Section outlining the topics DOJ wants to cover in January, and relayed that Teelucksingh was pleased with the progress to date. Saini responded that the list of topics appears to meet GOI's expectations. 5. (SBU) Russell told Saini that DHS Director for International Affairs and Public Policy (National Cybersecurity Division) Liesyl Franz and a US-CERT technical expert would attend in January. She added that Franz had difficulty contacting the Indian co-chair for the Watch & Warning/Critical Infrastructure Protection WG, but the two were now coordinating for the plenary. 6. (SBU) Saini reported "reasonably good progress" from the Standards & Software Assurance WG (which he proposed, and Russell agreed, to rename "Standards & Assurances WG"). Russell told Saini that WG co-chair Dr. Ron Ross of NIST's Computer Security Division could not attend the January Forum, but a DOC colleague -- Dan Hurley of NTIA -- who is well versed in Ross's portfolio would fill in. R&D WG on Hold but Long-Term Health Assured ------------------------------------------- 7. (SBU) Russell reported that there was no immediate successor to R&D co-chair Dr. Stan Riveles to attend the plenary, but a PM/PPA detailee, Dr. Bruce Averill, would come on board in early 2006 with the responsibility to revive the WG and to implement measurable initiatives with his counterpart. Saini was pleased that Riveles' replacement would have a two-year tenure. (NOTE: Saini's one abiding concern in recent months has been that frequent turnover in the GOI and USG would retard progress, forcing meetings to be postponed and the WGs to have to constantly get to know each other repeatedly. End Note.) Industry-Industry Dialogue, "Offshoring the Offshoring" --------------------------------------------- ---------- 8. (SBU) Saini and Russell agreed on the importance of increasing industry's role, with Saini highlighting that industry is where the innovation lies, and Russell noting that US industry owns and operates most of the country's critical infrastructure. Russell asked Saini if the topic of data protection in "offshoring the offshoring" (Indian BPOs farming out their business to third-country firms) would be too sensitive to include during the plenary, or if it should be discussed in private. Saini readily suggested having an Indian BPO firm speak on the topic during the plenary, and Gupta later seconded the approval. Saini requested a presentation on the role of the USG in Industry Sector Advisory Committees (ISACs). GOI Proposals for Financial, Transport WGs Moving Slowly --------------------------------------------- ----------- 9. (SBU) Saini outlined that the GOI's proposed Financial Sector WG would address both securing legitimate financial NEW DELHI 00000093 003 OF 004 transactions and tracking illicit finances (Reftel). Russell offered support for the proposal and is making the case to relevant USG agencies, but lining up appropriate partners is a slow process. Saini admitted he was having the same difficulty enlisting the Finance Ministry. The two agreed to invite US Treasury and Finance Ministry to the plenary as an educational exercise, and to work toward a Financial Sector WG later in 2006. (NOTE: US Treasury asked to meet with PM/PPA before the end of December to discuss possible participation in the Forum and international cyber security and CIP engagements in general. Russell will advise of the outcome of these discussions afterwards. End Note.) 10. (SBU) Saini acknowledged to Russell that the GOI had the greater need for transportation sector cybersecurity assistance. Both agreed that, as US-India direct air links expand, the importance of securing airline passenger and cargo data grows rapidly; however, Saini nodded to the enormous volume of Indian rail traffic that presents in his view a more likely target for a cyber attack. "Imagine if our national railway reservation system were locked for just one hour, the result would be chaos," he predicted. Saini stated the Railways Ministry is beginning to stand up a CERT, but he doubted if either it or Civil Aviation Ministry could actively participate in the January Forum. Saini and Russell agreed to encourage government and corporate transportation stakeholders to attend the plenary and the GOI-proposed January 20-21 seminar on Cybersecurity in the Civil Aviation Sector (Reftel) with an eye to forming a WG later in 2006. (NOTE: Upon return to D.C., Russell advised that she now has TSA contacts with whom she is discussing the administration's SIPDIS possible participation in the Forum and the subsequent GOI proposed Civil Aviation workshop.) GOI Joint Fund/Joint Institute Proposal: Looking for $$ --------------------------------------------- ---------- 11. (SBU) Russell told Saini that her office has been unable to locate funds in either the Department or DHS to support the GOI proposal for a Cybersecurity Joint Fund (Reftel), but they are still looking. Saini suggested the two sides first agree to the concept, and secure funds (at a 50-50 split) further down the road. He explained that the fund would help protect cybersecurity travel and training from the budget cycle. Russell replied that she would have an answer on conceptual agreement by January. On the Joint Institute, Saini reported that he would formally present a proposal after he fully clears the concept within the GOI. Something to Sign, Seal and Deliver ----------------------------------- 12. (SBU) To Saini's request to enshrine our cybersecurity relationship in an agreement or protocol as a post-Forum deliverable, Russell suggested a declaration of principles -- which creates no new obligations, retains flexibility, and would be much faster to clear through the inter-agency process than a Letter of Agreement or Memorandum of Understanding. Saini agreed to draft such a declaration. NEW DELHI 00000093 004 OF 004 Subsequent discussions with PolCouns and Gupta indicated the desire to announce the declaration during POTUS's upcoming visit in early 2006. January Follow-Up: NSCS Doing its Homework ------------------------------------------ 13. (SBU) In a January 5 follow-up conversation, Gupta informed PolCouns that the WG co-chairs would complete their draft agendas in the next 1-2 days. He expects 8-10 Indian participants for each WG, and requests that the US side field at least 3-4 to ensure productive exchanges. Characterizing the forthcoming event as an "open forum with a large GOI and industry presence," Gupta queried PolCouns to ensure a sizable delegation to represent US industry. A draft of the proposed POTUS deliverable should also be ready before the plenary opens, to allow the USG side sufficient time to consider the language. Comment: Cooperation at the Speed of Thought -------------------------------------------- 14. (SBU) It is clear that this relationship is progressing well and shows excellent potential for further growth. In many respects the only drags on the cybersecurity relationship are the constraints of money and bodies. The NSCS and most of the WGs are firmly on board, if not leading the way, and Saini and Gupta appear willing to push any lagging GOI elements to maintain the momentum. Saini's expansion plans for sector-specific interactions are generally of mutual interest, and he freely admits where Indian interests outweigh USG's (as in railways security). It is also noteworthy that NSCS clearly has the pen on this issue, with MEA along for the ride -- the Foreign Ministry simply does not have the expertise on this topic, although they are supporting it as best they can. The GOI is focusing on what is achievable, and is for now avoiding USG redlines (such as steganography) to avoid any bottlenecks. All signs point to mutually beneficial progress continuing in this area of our relationship. BLAKE