AMCHAM organized a conference on ‘Cyber Security for Critical Infrastructure: U.S.-India Partnership’ on January 28th at the Taj Mansingh, New Delhi. Ms. Ranjana Khanna, Director General CEO, AMCHAM, opened the conference by highlighting how future warfare will be fought in cyberspace rather than with traditional defense equipment. In his opening remarks, Mr. Salil Gupte, Chairman, AMCHAM and President, Boeing India & South Asia, stressed the need for U.S.-India collaboration in developing robust cyber security frameworks. In his keynote address, Lt Gen M.U. Nair, National Cyber Security Coordinator, Government of India emphasized India’s position as a digital powerhouse with over 1.2 billion users and 56 million M2M devices. Mr. Vishak Raman, Vice President of Sales, India, SAARC, SEA, and ANZ, Fortinet presented an overview of the cyber security white paper ‘Securing the Digital Future: Strengthening Cybersecurity in ICT through U.S.-India Partnership’ that was released at the conference, highlighting the challenges and opportunities in combining U.S. technology innovation with India’s digital leadership. Mr. Sandeep Aurora, Group Director & Head of Public Policy & Government Affairs, Microsoft India & South Asia provided closing remarks for the inaugural session, emphasizing the need for U.S.-India collaboration in building a safe and secure digital future.

The first session, ‘Deep Tech Solutions for Fraud Prevention: Cross-Border Vulnerabilities, Data Security, and Payment Systems’ moderated by Mr. Mandar Kulkarni, National Security Officer – India and South Asia, Microsoft, featured key insights from multiple experts. Ms. Ashima Chaturvedi, Director, National Security Council Secretariat, Government of India, emphasized the importance of international cooperation and collaboration, particularly in addressing cyber threats to critical infrastructure sectors, while advocating for robust public-private partnerships. Mr. Vipin Surelia, Head of Risk Services, India and South Asia, Visa, detailed how payment systems evolved from a four-party model to today’s complex multi-party system and outlined Visa’s “4P” approach – protect, partner, promote, and prepare. Ms. Usha Seetharaman, Director of Engineering, Google Pay, Google revealed how AI implementation helped prevent fraudulent transactions worth ₹13,000 crores in 2023-24. Mr. Vishak Raman, Vice President of Sales, India, SAARC, SEA, and ANZ, Fortinet highlighted the importance of threat intelligence sharing and platform-based security approaches.

In the second session, ‘Cyber Security and Preventive Technologies: Next-Generation Tools for Securing Critical Infrastructure – Power, Data Centers, Hospitals, Transport, and Supply Chain’ moderated by Mr. Ashdin Bharucha, Cyber Solutions Leader, Honeywell, Major General Ravi Chaudhary, Former Scientist H, Government of India, drew from his 42 years of service experience to provide deep insights into the evolution of cyber threats since 1995. He emphasized how every transaction today has a digital footprint, noting that while we live in the physical world, we primarily transact in the virtual world where our assets, data, and identities are stored in cyberspace. Mr. Amit Pradhan, Regional Consulting Leader – India, Japan & Korea, Practice Leader APJ – Offensive Security, Google Cloud discussed how AI is currently used primarily in initial attack phases, while Mr. Vishak Raman, Vice President of Sales, India, SAARC, SEA, and ANZ, Fortinet shared insights about the threat landscape and emphasized how 22% of ransomware attacks were targeting the BFSI sector. Mr. Rahul Choube, Head of Acceptance Solutions & Urban Mobility, India and South Asia, Visa contributed perspectives on payment security and urban mobility challenges. Mr. Anshuman, Tripathi, Member, National Security Advisory Board to the National Security Council, Government of India mentioned the importance of understanding organizational blind spots and vulnerabilities in cyber security strategy. The discussion emphasized the importance of micro-segmentation in network architecture, proper integration of IT and OT (operational technology) systems, and the development of robust backup strategies as essential components of cyber resilience. Dr. Pavan Duggal, Advocate, Supreme Court of India provided a critical analysis of India’s legal framework, characterizing current cyber laws as fragmented and highlighting the need for comprehensive cyber security legislation. 

Mr. Narendra Nath Gangavarapu, Joint Secretary, National Security Council Secretariat, Government of India shared how the National Critical Information Infrastructure Protection Center (NCIIPC) is taking comprehensive steps to strengthen India’s cyber security posture, starting with the release of a National Cyber Security reference framework in November 2024 that has been shared with over 100 critical sector entities. The government has implemented a dual approach to security, combining equipment certification with trusted vendor evaluation, initially in the telecom sector and now expanding to railways and power sectors. Sector-specific Computer Security Incident Response Teams (CSIRTs) have been established across finance, telecom, and power sectors, while a robust personnel development framework is being implemented alongside annual national cyber exercises, with sector-specific training programs set to begin at the National Cyber Range in Ahmedabad from February 2025. Infrastructure development includes creating digital twins for hands-on training, while emerging technology initiatives focus on developing evaluation frameworks for AI and blockchain security, implementing AI-based threat detection, and planning quantum encryption migration strategies. The approach emphasizes phased implementation with sector-specific customization, ensuring both immediate security needs and future technological challenges are addressed while maintaining business continuity, with penalties up to ₹50 crores per breach in regulated sectors to ensure compliance.

Dr. Pavan Duggal, Advocate, Supreme Court of India characterized India’s current cyber laws are fragmented and without cohesive strategy, highlighting critical gaps in the 25-year-old Information Technology Act 2000. He emphasized alarming statistics, noting that every nine seconds a company in India faces a ransomware attack, with losses exceeding 2,000 crores to digital fraud in just four months. He stressed India’s urgent need for a comprehensive cyber security legal framework, particularly pointing out the lack of legal recognition for AI and the absence of a defined cyber sovereignty doctrine compared to countries like China and Vietnam.

The third session, ‘Advanced Detection Technologies: AI-Powered Threat Intelligence and Real-Time Response Systems’ was moderated by Mr. Mandar Kulkarni, National Security Officer – India and South Asia, Microsoft. Ms. Hiral Sharma, Head of Solution Architecting, Public Sector, Fortinet shared her views on advanced detection strategies, Mr. Satyajit Roy, Senior Director and Global Head, Cyber Fusion Centre, S&P Global provided insights on processing 78 trillion security signals daily, while Mr. Ranjan Verma, Technical Specialist, IBM Security Practice discussed the importance of SOC automation. Mr. Rishi Chhabra, Country Manager, Visa India revealed how their systems process 65,000 transactions per second, evaluating over 500 attributes in milliseconds.

Throughout the summit, a consistent theme emerged from all speakers about the critical need for public-private partnerships. The discussions consistently emphasized the need for enhanced cyber resilience frameworks and deeper international cooperation between the U.S. and India in addressing emerging cyber security challenges. Cyber threats and vulnerabilities have no boundaries, demanding collaborative efforts that transcend geopolitical limitations and require innovative, joint approaches to secure our interconnected digital ecosystem, and under President Donald Trump, U.S.-India relations could find a stronger starting ground in cyber security policy-making. The conference was well attended and supported by: Fortinet (Cyber Security Partner), Microsoft (Innovation Partner), Visa (Strategic Partner), IBM (Technology Partner) and S&P Global (Supporting Partner).