An overview on cyber security policy in India

An overview on cyber security policy in India
x
Highlights

Cyber security is an increasingly important domain from the warfare and law and order point of view. The flip side of the freedom of the internet is that there are few rules to prevent wrong acts.

Cyber security is an increasingly important domain from the warfare and law and order point of view. The flip side of the freedom of the internet is that there are few rules to prevent wrong acts.

Countries attack each other to steal sensitive information, and criminals fool customers into giving them financial information. In the recent U.S. elections, Russia was accused of hacking and releasing damaging documents from the Hillary Clinton’s campaign. This shows the impact that hacking can have.

  • Recent increase in hacking events, from phishing attacks on 26 Indian banks to Rahul Gandhi’s twitter account being hacked
  • An increasing number of Indians are going digital and doing transactions online, and these hacking incidents expose the country’s cyber security vulnerabilities
  • There has been a surge of about 350% of cybercrime cases registered under the Information Technology (IT) Act, 2000 from the year of 2011 to 2014
  • As more Indians embrace online banking, criminals are following them online
  • Another trend is the increasing no. of attacks designed for mobiles

In view of the above, Central government has come out with National Cyber Security Policy, to protect the nation and its citizens from cyber threats.

National Cyber Security Policy Vision: To build a secure and resilient cyberspace for citizens, business and government.

Objectives:

  • To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace.
  • To strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem.
  • To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure.
  • To create scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.
  • To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.
  • To create workforce of 5,00,000 professionals skilled in next 5 years through capacity building skill development and training.
  • To provide fiscal benefit to businesses for adoption of standard security practices and processes.
  • To enable effective prevention, investigation and prosecution of cybercrime and enhancement of law enforcement capabilities through appropriate legislative intervention.

Creating a secured ecosystem

  • To designate a national nodal agency to coordinate all matters related to cyber security in the country, with clearly defined roles and responsibility.
  • To ensure all organizations earmark a specific budget for implementing cyber security initiatives.
  • To prevent occurrence and recurrence of cyber incidents by way of incentives for technology development, cyber security compliance and proactive actions.

Strengthening the regulatory framework

  • To develop a dynamic legal framework and its periodic review to address the cyber security challenges.
  • To enable, educate and facilitate awareness of the regulatory framework.
  • Creating mechanism for Security Threats Early Warning, Vulnerability management and response to security threat
  • To operate a 24*7 National Level Computer Emergency Response Team to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.
  • To conduct and facilitate regular cyber security drills and exercises at national, sectoral and entity levels.

Securing E-Governance services

  • To mandate the implementation of global security best practices
  • To encourage wider practice of Public Key Infrastructure

Human resource development

  • To establish cyber security training infrastructure across the country by way of public private partnership
  • To establish cyber security concept labs for awareness and skill development in key areas.

Information sharing and cooperation

  • To develop bilateral and multilateral relationships in the area of cyber security with other countries.
  • To enhance national and global cooperation among security agencies, CERTs, Defense agencies and forces,
  • Law Enforcement Agencies and the judicial systems.
  • Developing effective Public Private Partnership
  • Creating cyber security awareness

Assessment of the Policy:
Positive features: The policy aims to sensitize organizations toward the need to enhance maturity of security practices.

  • It aims to elevate the security function within organizations esp. in critical sectors and e-governance.
  • Enhanced collaboration between government and industry on cyber security matters.
  • Increase in demand for security professionals including implementers, managers, auditors, trainers. Hence, creation of new jobs.
  • Increased investments in security giving boost to cyber security products and services market in India.
  • Better coordinated R&D through collaboration of government, industry and academia.
  • Sensitization of citizens, consumers and employees on cyber security threats and basic and best practices.
  • Sensitization towards protection of personal information against cyber threats and in pursuance of security programs.

Limitations of the Policy:

  • Mandatory security measures through regulations may create problems for those sectors (businesses) that are not mature in security implementations.
  • The declared cyber security policy has proved to be a paper work only with no actual implementation till date.
  • Although policy seeks to protect the critical infrastructure of the country but it doesn’t specify that what (sectors/orgs) would come under “critical infrastructure”.
  • Indian cyber security policy has failed to protect civil liberties of Indians including privacy rights as various instances of cyber fraud can be seen e. g. recent debit card transaction issue.
  • Although one of the objectives of NCSP is to safeguard the privacy of citizen’s data, no specific strategy or activity to achieve this objective has been mentioned in the policy.
  • The offensive and defensive cyber security capabilities of India are still missing.
  • It will be a Challenge for ICT Supply Chain in the country towards positioning of indigenous products as more secure products.
  • International cooperation and advocacy are not given due prominence. The policy does not seem to fully establish the leadership role that India should play in the international arena.

Conclusion: The cyber security challenges in India would increase in the future as India has adopted the Digital India initiative and India must be well prepared to deal with the same.

Nevertheless, National Cyber Security Policy (NCSP), is an affirmative step in the right direction. The policy will enable integration of ongoing and new activities and programs under an umbrella framework with a cohesive vision.

However, it must be implemented in letter and spirit to build a secure and resilient cyberspace for citizens, business and government.

By: Gudipati Rajendera Kumar
(The writer is Deputy Statistical Officer, Planning Department, Telangana State)

Show Full Article
Print Article
Next Story
More Stories
ADVERTISEMENT
ADVERTISEMENTS