COMMENTARY
INTERVIEWS
SPECIALS
CHAT
ARCHIVES

The Rediff Business Special/ N Vittal

'Computerisation is the key to clean banking system'

Part I

After I became the CVC, one of the first things I did was to insist that by January 1, 2001, at least 70 per cent of the bank operations should be computerised. If it is done earlier it is better.

There are people who would say that funds would be a problem for computerisation. But I understand World Bank has been able to help some banks. Even otherwise, I would suggest that the customer in this country deserves a better treatment and there is no reason why outstation cheques should take two weeks to get encashed.

Computerisation incidentally will also have the benefit of increasing the velocity of business and reducing to some extent the working capital needs of the industry. As the CVC, my responsibility is only restricted to the vigilance angle.

From the purely vigilance angle there is an urgent need for computerisation. The issue had so far got bogged down between the unions and the management and the pace of computerisation was low.

But today, after the CVC's order, the choice before the public at large is: ''Do we want computerisation or do we want corruption in banks?'' Stated in this simple manner, the quibbling about difficulties of computerisation will disappear.

I am sure no one, even the greatest beneficiaries of our corrupt system, will dare to openly say that they are in favour of corruption. I am banking (pun intended) on the public opinion to shame the banks into computerising fast.

There are a number of problems, which are posed by those who are opposed to computerisation. The first is the availability of hardware and software. So far as the hardware issue is concerned, the National Task Force on Information Technology has already given valuable recommendations including rapid depreciation to the extent of 60 per cent in the first year itself for investments made in computers.

Especially when we have a national goal like India becoming an IT superpower, we cannot afford to have the banking sector crippled by a manual system.

Another important aspect in the banking sector is the need for secrecy and safety. This will call for excellent encryption systems. In this connection Dr Vidyasagar of the Centre for Artificial Intelligence unit of the Defence Research and Development Organisation in Bangalore has brought the following to my notice.

It is not enough merely to computerise the operation of each bank branch -- it is imperative also to computerise the transaction between branches and between banks. In other words, both intra-branch and inter-branch (as also inter-bank) transactions must be through a computer network so that the opportunities for fraud and delay are greatly reduced if not eliminated.

Once the computerisation of banking is adopted as an objective to be attained at top speed, we must all squarely confront the issue of security. There are at least two security-related issues to be addressed, namely, (1) the security of the network itself, (2) the security of the traffic being carried on the network.

The first item involves protecting the network against hackers who will try to disable the network, while the second item involves preventing anyone from understanding or manipulating the traffic on the network using tools such as encryption and decryption, digital signatures, message authentication, etc.

Unfortunately, most of the firewall products sold by commercial vendors for network security incorporate only very rudimentary packet level filtering, and can be compromised very easily. Indeed it is not an exaggeration to say that by providing a false sense of security, these weak firewalls are worse than having no firewall at all.

As for the security to the traffic, you may be aware that, by US law, no encryption software products can be exported from the US if they are too strong to be broken by the US National Security Agency.

To put it bluntly, only insecure software can be exported. When various multinational companies go around peddling ''secure communication software'' products to gullible Indian customers, they conveniently neglect to mention this aspect of US export law.

Another related point is, when we buy an imported software product that is a 'black box' to us, we cannot be sure that the software package does not contain a time bomb of sorts, to cause havoc to the network when an external command is issued by a hostile nation.

The only way to guard against insecure or booby trapped software product is to write our own software and to develop our own hardware. It so happens that both network security and traffic security are core competencies of DRDO. We have now (i) evolved a set of software tools that protect a wide area network against hostile attackers, and (ii) drawn up a plan of action for developing a set of software tools that provide security for the traffic passing through the network.

Our network security software tools give protection at several layers and thus provide much greater security than simple packet level filtering. As for providing secured communication between computers, fortunately the mathematics for encryption algorithms is well known and the ideas themselves are either not patented or else in the public domain since the patents have expired.

Thus it is possible to write our own code for encrypted communication. With the assistance of another DRDO laboratory in Delhi, we have begun to develop secure communication tools, and hope to have a prototype in place in three months time.

The encryption part of the software is already complete and only the communication protocols remain to be written. Since the software has been written by ourselves there is no upper limit in the security level provided by the encryption in contrast with software exported from the USA. Moreover, we can guarantee that the software is not booby trapped which one can never do with imported software.

'Indigenous software and hardware more helpful than foreign junk'

Business news