In the twentieth century, India saw an impetus in Information Technology (IT) and an enormous growth in e-commerce. Both these sectors ride on and reside in cyberspace involving electronic transactions, software, services, devices and networks which are highly susceptible to cyber crimes. Hence to ensure its safety, cybersecurity has become one of the most compelling priorities for the country.
National Cyber Security Policy is a policy framework by Department of Electronics and Information technology (DeitY). It aims at protecting public & private infrastructure from cyber attacks. It also intends to safeguard critical information such as personal information, financial & banking information, and sovereign data.
India had no cyber security policy before 2013. It was in 2013 that a national daily newspaper cited documents leaked by NSA whistleblower Edward Snowden that much of the National Security Agency surveillance was focused on India’s domestic politics and its strategic and commercial interests. This caused a furor amongst the people and the Government which unveiled a National Cyber Security Policy 2013 on July 2nd, 2013.
National Cyber Security Policy 2013
The Cyber Security Policy 2013 provides a strong vision to secure the critical infrastructure and build a resilient cyberspace for citizens, business, and government. The policy also intends to circumvent any resultant economic instability arising due to cyber attacks. Here are the 10 major highlights from the National Cyber Security Policy 2013:
1. Set up of a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for a response, resolution and crisis management through effective predictive, preventive, protective, response and recovery actions.
2. Creation of a task force consisting of 5,00,000 cyber security professionals in next five years through capacity building, skill development and training.
3. Provision for fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security.
4. Designation of CERT-In as the national nodal agency to coordinate cyber security related matters and have the local (state) CERT bodies to co-ordinate at the respective levels.
5. All organizations to designate a CISO and allocate security budget.
6. Use of Open Standards for Cyber Security.
7. Development of a dynamic legal framework to address cybersecurity challenges (Note: The National Cyber Security Policy 2013 does not have any mention of the IT Act 2000)
8. Encouragement of wider use of Public Key Infrastructure (PKI) for government services.
9. Engagement of infosec professionals / organizations to assist e-Governance initiatives, establish Centers of Excellence, cyber security concept labs for awareness and skill development through PPP - a common theme across all initiatives mentioned in this policy.
10. Apart from the common theme of PPP across the cyber security initiatives, the policy frequently mentions of developing an infrastructure for evaluating and certifying trustworthy ICT security products.
As society today is getting more and more dependent upon technology, chances of crime based electronic offenses are bound to increase. The Cyber Security Policy cannot ensure 100% sanity from crime but definitely is a step towards the right direction. For greater security, private and public companies will have to take the responsibility collectively to ensure safety of their customers’ information and other confidential data.