Context:
In the wake of United State’s NSA leaks that suggested that US government agencies were spying on Indian users who had no legal or technical safeguard against it, government came out with National Cyber Security Policy, 2013 to protect the nation and its citizens from cyber threats.
Vision:
To build a secure and resilient cyberspace for citizens, business and government.
Objectives:
- To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace.
- To strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem.
- To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure.
- To create scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.
- To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.
- To create workforce of 5,00,000 professionals skilled in next 5 years through capacity building skill development and training.
- To provide fiscal benefit to businesses for adoption of standard security practices and processes.
- To enable effective prevention, investigation and prosecution of cybercrime and enhancement of law enforcement capabilities through appropriate legislative intervention.
Strategies:
- Creating a secured ecosystem
- To designate a national nodal agency to coordinate all matters related to cyber security in the country, with clearly defined roles and responsibility.
- To ensure all organizations earmark a specific budget for implementing cyber security initiatives.
- To prevent occurrence and recurrence of cyber incidents by way of incentives for technology development, cyber security compliance and proactive actions.
- Strengthening the regulatory framework
- To develop a dynamic legal framework and its periodic review to address the cyber security challenges.
- To enable, educate and facilitate awareness of the regulatory framework.
- Creating mechanism for Security Threats Early Warning, Vulnerability management and response to security threat
- To operate a 24*7 National Level Computer Emergency Response Team to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.
- To conduct and facilitate regular cyber security drills and exercises at national, sectoral and entity levels.
- Securing E-Governance services
- To mandate the implementation of global security best practices
- To encourage wider practice of Public Key Infrastructure
- Human resource development
- To establish cyber security training infrastructure across the country by way of public private partnership
- To establish cyber security concept labs for awareness and skill development in key areas.
- Information sharing and cooperation
- To develop bilateral and multilateral relationships in the area of cyber security with other countries.
- To enhance national and global cooperation among security agencies, CERTs, Defense agencies and forces, Law Enforcement Agencies and the judicial systems.
- Developing effective Public Private Partnership
- Creating cyber security awareness
Assessment of the Policy:
Positive features:
- The policy aims to sensitize organizations toward the need to enhance maturity of security practices.
- It aims to elevate the security function within organizations esp. in critical sectors and e-governance.
- Enhanced collaboration between government and industry on cyber security matters.
- Increase in demand for security professionals including implementers, managers, auditors, trainers. Hence, creation of new jobs.
- Increased investments in security giving boost to cyber security products and services market in India.
- Better coordinated R&D through collaboration of government, industry and academia.
- Sensitization of citizens, consumers and employees on cyber security threats and basic and best practices.
- Sensitization towards protection of personal information against cyber threats and in pursuance of security programs.
Limitations of the Policy:
- Mandatory security measures through regulations may create problems for those sectors (businesses) that are not mature in security implementations.
- The declared cyber security policy has proved to be a paper work only with no actual implementation till date.
- Although policy seeks to protect the critical infrastructure of the country but it doesn’t specify that what (sectors/orgs) would come under “critical infrastructure”.
- Indian cyber security policy has failed to protect civil liberties of Indians including privacy rights as various instances of cyber fraud can be seen e. g. recent debit card transaction issue.
- Although one of the objectives of NCSP is to safeguard the privacy of citizen’s data, no specific strategy or activity to achieve this objective has been mentioned in the policy.
- The offensive and defensive cyber security capabilities of India are still missing.
- It will be a Challenge for ICT Supply Chain in the country towards positioning of indigenous products as more secure products.
- International cooperation and advocacy are not given due prominence. The policy does not seem to fully establish the leadership role that India should play in the international arena.
Conclusion:
The cyber security challenges in India would increase in the future as India has adopted the Digital India initiative and India must be well prepared to deal with the same. Nevertheless, National Cyber Security Policy (NCSP), 2013 is an affirmative step in the right direction. The policy will enable integration of ongoing and new activities and programs under an umbrella framework with a cohesive vision. However, it must be implemented in letter and spirit to build a secure and resilient cyberspace for citizens, business and government.
References:
- The draft National Cyber Security Policy, 2013
- An analysis of NSCP, 2013 by Centre of Excellence for Cyber Security Research and Development in India (CECSRDI),
- Analysis of NSCP, 2013 by Data Security Council of India, A NASSCOM initiative.
- An assessment of NSCP by IDSA.
Leave a Reply