1. Shared Principles
Cooperation on cyber issues is a key component of the bilateral relationship between India and the United States. The two countries have created a wide-ranging strategic partnership that reflects their shared values, democratic traditions, national security and economic interests, and common vision and principles for cyberspace. Consistent with their respective domestic laws and international obligations, shared principles for the U.S-India cyber relationship include:
- A commitment to an open, interoperable, secure, and reliable cyberspace environment;
- A commitment to promote the Internet as an engine for innovation,
economic growth, and trade and commerce;
- A commitment to promote the free flow of information;
- A commitment to promote cooperation between and among the private
sector and government authorities on cybercrime and cybersecurity;
- A recognition of the importance of bilateral and international
cooperation for combating cyber threats and promoting cybersecurity;
- A commitment to respect cultural and linguistic diversity;
- A commitment to promote international security and stability in
cyberspace through a framework that recognizes the applicability of
international law, in particular the UN Charter, to state conduct in
cyberspace, and the promotion of voluntary norms of responsible state
behavior in cyberspace during peacetime;
- A commitment to the multistakeholder model of Internet governance
that is transparent and accountable to its stakeholders, including
governments, civil society and the private sector, and promotes
cooperation among them;
- A recognition of the leading role for governments in cybersecurity
matters relating to national security;
- A recognition of the importance of and a shared commitment to
cooperate in capacity building in cybersecurity and cybersecurity
research and development;
- A commitment to promote closer cooperation among law enforcement
agencies to combat cybercrime between the two countries;
- A commitment to promote, protect, and respect human rights and fundamental freedoms online;
- A desire to cooperate in strengthening the security and resilience of critical information infrastructure;
- A commitment to support the development and use of international standards and best practices for technology products and services.
In light of these shared principles, India and the United States recognize the value of establishing an institutional framework for their broad-based cooperation on cyber issues.
2. Main Areas of Cooperation
India and the United States seek to cooperate in the following main areas:
(1) Identifying, coordinating, sharing, and implementing cybersecurity best practices;
(2) Sharing information on a real time or near real time basis, when practical and consistent with existing bilateral arrangements, about malicious
cybersecurity threats, attacks and activities, and establishing appropriate mechanisms to improve such information sharing;
(3) Developing joint mechanisms for practical cooperation to mitigate cyber threats to the security of ICT infrastructure and information contained therein consistent with their respective obligations under domestic and international law;
(4) Promoting cooperation in the fields of cybersecurity-related research and development, cybersecurity standards and security testing, including accreditation process, and cybersecurity product development, including further consultations on such issues;
(5) Elaborating and implementing practical measures that contribute to the security of ICT infrastructure on a voluntary and mutual basis;
(6) Continuing to promote cooperation between law enforcement agencies to combat cybercrime including through training workshops, enhancing dialogue and processes and procedures, and setting up consultations as needed;
(7) Improving the capacity of law enforcement agencies through joint training programs, including equipping them to draft appropriate requests for electronic evidence in accordance with the respective laws and regulations of the United States and India;
(8) Undertaking skill development and capacity building programs jointly in the fields of cybersecurity, efforts to combat cybercrime, digital forensics, and legal frameworks;
(9) Promoting the applicability of international law to state conduct in cyberspace and further exploring how it applies to state conduct in cyberspace;
(10) Promoting voluntary norms of responsible state behavior in peacetime, including the norms identified by the UN Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security;
(11) Promote adherence and commit to voluntary norms under which
a) A state should not conduct or knowingly support online activity that intentionally damages critical infrastructure or otherwise impairs the use of critical infrastructure to provide services to the public,
b) A state should not conduct or knowingly support activity intended to prevent national Computer Security Incident Response Teams (CSIRTs) from responding to cyber incidents. States should also not use CSIRTs to enable online activity that is intended to do harm,
c) A state should cooperate, in a manner consistent with its domestic law and international obligations, with requests for assistance from other States in investigating cybercrimes, collecting electronic evidence and mitigating malicious cyber activity emanating from its territory,
d) A state should not conduct or knowingly support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors;
(12) Cooperating mutually on telecom security related issues such as telecom equipment security standards and testing, including accreditation of entities;
(13) Developing a common and shared understanding of international cyber stability, and destabilizing cvber activity;
(14) Discussing and sharing strategies to promote the integrity of the supply chain to enhance user’s confidence in the security of ICT products and services;
(15) Continuing to promote dialogue on incident response best practices;
(16) Facilitating joint tabletop exercises covering priority cybersecurity scenarios to advance specific cooperation;
(17) Supporting the multistakeholder model of Internet governance;
(18) Continuing our dialogue and engagement in Internet governance fora, including ICANN, IGF and other venues, and to support active participation by all the stakeholders of the two countries in these fora;
(19) Holding consultations and taking steps towards improving the effectiveness of transnational cybercrime cooperation;
(20) Strengthening critical Internet infrastructure in India;
(21) Working to ensure shared understanding of technology access policy, including dual use technologies sought to be controlled by either country, including through such mechanisms as the bilateral High Technology Cooperation Group;
(22) Any other area of cooperation mutually decided upon.
3. Main Forms and Mechanisms of Cooperation
(1) India and the United States intend to continue to meet under the High Level Cyber Dialogue mechanism led by the Special Assistant to the President and Cybersecurity Coordinator of the United States and the Deputy National Security Advisor, Government of India, and hosted by the Coordinator for Cyber Issues at the U.S. Department of State and the Joint Secretary for Global Cyber Issues at the Ministry of External Affairs, India. The High Level Dialogue mechanism is expected to review cooperation on cyber policy issues, including the implementation of this framework. Other mechanisms of cooperation include the ICT Working Group, led by the U.S. Department of State and Ministry of Electronics and Information Technology, India and Homeland Security Dialogue between the U.S. Department of Homeland Security and the Ministry of Home Affairs, India among others.
(2) The United States and India may implement practical interaction by designating a Point of Contact (PoC) in specific areas of cooperation provided for in this framework. Within 60 days after this framework becomes operative, the Participants intend to exchange information through diplomatic channels on their Authorized Agencies and Point of Contacts.
(3) The Participants intend to continue to promote CERT to CERT cooperation, including through established mechanisms.
(4) The Participants intend to continue to promote and improve cybercrime cooperation, including through established mechanisms, and, in particular, the Treaty Between the Government of the United States of America and the Government of the Republic of India on Mutual Legal Assistance in Criminal Matters.
(5) The Participants may also establish Sub-Groups to carry out and implement practical cooperation, as appropriate.
4. Period of Framework
(1) This framework is expected to remain in place for a period of five years from the date of its signature.
(2) The Participants may modify this framework by reaching a mutual understanding. The Participants expect that such an understanding would be in written form.
(3) This framework may be discontinued by either Participant at any time in any manner, but preferably not earlier than 90 days after it becomes operative. The Participants expect the Participant discontinuing this framework to provide written notification, through diplomatic channels, to the other Participant of its intention to do so.
(4) If this framework is discontinued, the Participants intend to continue to protect information as well as to implement previously decided joint activities and projects carried out under this understanding and not completed upon discontinuation of this understanding.
In witness whereof, the following representatives duly authorised by their respective Governments have signed this Framework in two originals in the English language.
Signed at New Delhi on August 30, 2016.
For the Government of the For the Government of United States Republic of India
Name : H.E. Richard R. Verma Name : Dr. Gulshan Rai
Designation : Designation : National Cyber
U.S. Ambassador to India Security Coordinator