Government develops new cyber security policy to defeat malware attacks
The government has formulated a new policy on cyber security amid increasing incidents of malware attacks in critical sectors such as hospitals and oil companies.
Lt. Gen. (ret.) Rajesh Pant, the national cyber security coordinator, said Monday that the 2023 National Cyber Security Framework (NCRF) had been approved and will be in the public domain. Speaking at an event, Pant said the NCRF policy would aim to help critical sectors like banking, energy and others with "strategic guidance" to address cybersecurity concerns.
“Presently, there is no system to guide organizations, especially in critical sectors, as to what are the best practices for creating cyber secure systems. There have been large-scale attacks recently—for example, on Oil India, a group in Nagpur, and an attack on a Tata Power plant. All of these are critical sector entities," he said.
He further added that the government had selected seven sectors as critical sectors, namely telecommunications, power and energy, banking and financial services, transportation, strategic enterprises, government enterprises, and healthcare. NCRF “has been created to provide organizations with strategic guidance to help them address their cyber security concerns in a structured manner," he said.
On February 20, Pant said at the India Digital Summit 2023 that the framework, previously called the National Cyber Security Strategy 2023, would be published soon. He also said that the policy would be based on a common but differentiated liability (CBDR) approach.
Industry experts said that NCRF 2023 is the first follow-up to the Ministry of Electronics and Information Technology (Meity)'s 2013 National Cyber Security Policy, which sought to offer companies best practice guidelines for preventing cyber-attacks and was scheduled for an update.