[Answered] With cyber threats capable of undermining our critical infrastructure, industry, and security, a comprehensive cybersecurity policy is the need of the hour. Elaborate.

As India is moving towards digitisation, every critical infrastructure, from transportation, power and banking systems, would become extremely vulnerable to cyber-attacks.According to CERT-In (India Ransomware Report), there has been a 51% year-on-year increase in ransomware incidents. A majority of attacks are on data centres.The attack on AIIMS and on the parent’s company of Solar Industries Limited are some of the examples.

Challenges associated with cyber threats:

• The most serious problem comes from organized cyberattackson large data repositories and critical public infrastructure such as AIIMS.
• India is the cheapest placein the world in terms of data tariff. It is also the nation with the highest per capita data consumption which allows it to generate a huge amount of data.
• The data generation is likely to rise furtherafter the launch of 5G and satellite broadband.
• Digital platforms such as the Digital India initiative, the Unified Payments Interface and the Open Network for Digital Commercehave all caused an increase of the data online.
• Although the government has set up National Critical Information Infrastructure Protection Centre (NCIIPC), it is yet to identify and implement measures to protect critical information infrastructure.
• Globally, India ranks 2^ndin terms of the number of Internet users after China (Internet World Stats, 2017). However, India has a negligible base of cyber-security specialists, when compared to internet user base.

India has started several initiatives likeIndian Computer Emergency Response Team (CERT-In):Cyber Surakshit Bharat Initiative etc.to address the issues.However,a comprehensive cybersecurity policyshould include following points:

• Personal data protection law:offer the citizens both adequate protection and the chance of recompense for damaging data leaks.
• Proper cyber risk management: not only preventing breaches but also placing guidelines regarding the process to be followed once there is a cyberattack. This will help minimise financially and mitigate reputational damage when a breach occurs.
• Human resource: increase the number of experts who can effectively manage the cyber security of the country.Further, duties and responsibilities should be defined clearly for smooth functioning and better coordination among departments and stakeholders.
• R&D:Investments should be made on R&D to develop more innovative technologies to address increasing cyber security threats.
• Strengthening Private Partnership:It is important to strengthen the public- private partnership on cyber security.
• There is an urgent need to build capabilities and capacity for application, equipment and infrastructure testing.

Cyber-security is needed in the present era of increasing connectivity. It is important to bring a robust policy and effectively implement the same.