In the attempt of creating a ‘cyber-secure nation’ for businesses and individuals, the government of India is reportedly set to unveil its cybersecurity strategy policy in January 2020 to achieve the target of a $5 trillion economy.
Speaking at a SKOCH event Rajesh Pant, the National Cybersecurity Coordinator confirmed saying, “India’s cybersecurity strategy policy, which will be released in the coming year will enable the government to secure the whole nation. The government’s vision of a $5 trillion economy will be helped to a great extent by this effort.”
He also added that the most important requirement for securing the internet is to have effective coordination between government officials who are overseeing the aspect of securing the whole nation. Proper formation of critical infrastructure and a seamless partnership between the public and the private are the two key aspects to a cybersecurity framework.
To create such a stringent framework, the country requires a huge budget. Ajeet Bajpai, the Director-General of the National Critical Information Infrastructure Protection Centre said, “Considering the size and scale of our nation, we need approximately ₹25,000 crore budgets for the same. Also, there is a need to emphasise on the need to make cybersecurity a mandatory subject in the universities for high-decibel awareness.”
With the increasing amount of breaches emerging across the country along with government websites getting hacked, the necessity of creating a secure framework for all government organisations has never been more crucial.
In this article, we will list down the progress India has made and the initiatives it has taken towards drafting its cybersecurity strategy, coming up in 2020:
The advancement in The Indian Computer Emergency Response Team (CERT-In), which operates as the national agency for tackling the country’s cybersecurity, has helped in lowering the rate of cyber attacks on government networks. The implementation of anti-phishing and cybersecurity awareness training across India’s government agencies has assisted government employees in fighting against cybercrimes. Apart from spreading awareness of the dangers posed by phishing attacks to the public, CERT-In also issues alerts and advisories regarding the latest cyber vulnerabilities and countermeasures to tackle them.
Cyber Surakshit Bharat
Aiming at strengthening the cybersecurity ecosystem in India — in line with the government’s vision for a ‘Digital India’, The Ministry of Electronics and Information Technology (MeitY) has launched Cyber Surakshit Bharat initiative. This program was in association with the National e-Governance Division (NeGD).
Digitisation has rapidly transformed the governance system, and therefore the requirement of good governance is crucial. With such initiative, there would be a rise of awareness about cybercrime and building capacity for securing the CISOs and the frontline IT staff across all government departments. Apart from awareness, this first public-private partnership also includes a series of workshops to make people cognizant about the best practices, and help the officials with cybersecurity health tool kits to tackle cyber threats.
National Critical Information Infrastructure Protection Centre
NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare. This was amended as per the provisions of section 70A of the Information Technology (IT) Act, 2000. This organisation readily conducts cybersecurity exercises to keep a check of the cybersecurity posture and preparedness of the Government and the critical sectors.
NCIIPC has broadly identified the following as ‘Critical Sectors’:-
- Power & Energy
- Banking, Financial Services & Insurance
- Strategic & Public Enterprises
Appointment of Chief Information Security Officers
With the rapid digitalisation of the world, the requirement for adopting stringent measures is becoming the need of the hour. Even the smallest breach in the governmental system can cause severe wreckage, which in turn can bring down the Government to a standstill. It is therefore imperative, that every government organisation is headed by a skilled security leader, also known as Chief Information Security Officers (CISOs) — who can identify and document the security requirements that arise with each technical innovation. The government of India has also recently issued a written guideline for the CISOs of government organisation, highlighting the best practices for securing applications, infrastructure, and compliance.
Amid the increasing number of government website hacking, email phishing, data theft, and privacy breach cases, the Indian government has planned to conduct an audit on all the government websites and applications. Under this initiative, approximately 90 security auditing organisations have been empanelled by the government for auditing the best practices of information security.
Crisis Management Plan
Another major initiative by the central government is the formulation and implementation of a crisis management plan by all the government departments and the above mentioned critical sectors. This initiative is aimed at establishing a strategic framework for employees and leaders to prepare for a breach incident. It also ensures to manage the cyber interruptions of critical functions in every critical sector of the government. It assists organisations to put in place the correct mechanisms behind the desk to effectively deal with cybersecurity crisis. If properly implemented this can also able to pinpoint responsibilities and accountabilities right down to individual level.
Training & Mock Drills
The government organisation have also started organising and conducting cybersecurity mock drills to assess the cybersecurity posture of organisations. According to MeitY, 44 such drills have already been conducted by CERT-In this year. Also, reports have mentioned that around 265 organisations from varied states and sectors have participated in these drills. The major sectors coming up for such initiatives are finance, defense, power, and telecom. Regular workshops and training programs are also been organised for network or system administrators and CISOs to prepare them towards cyber-attacks. About 19 such pieces of training with 515 participants have already been conducted as of October 2019.
The central government has also launched Cyber Swachhta Kendra, which is a cleaning bot used for malware analysis and detecting malicious programs. It also comes with free tools to remove or omit them. Along with the Cyber Swachhta initiative the government has also set up a department to generate situational awareness about existing and potential cybersecurity threats — National Cyber Coordination Centre (NCCC).
Personal Data Protection Bill
Lastly, however, the most important one for Indian citizen, is the approval of Personal Data Protection (PDP) Bill by the union government in order to protect Indian users from global breaches, which focuses on data localisation. The bill implies the storage and processing of any critical information related to individuals only in India. It strictly states that the sensitive personal data of the individual requires to be stored locally, however, it can be processed abroad subjected under certain conditions. The bill also aims at making social media companies more accountable and push them to solve issues related to the spread of offensive content.