Does India Need a Cybersecurity Ministry?

In India, there is no dedicated legislation for cyber law, instead, there are a mix of IT laws, contract law, penal provisions, cyber security policy that deal with cyber security
Listen to this story

By the end of this year, about 60% of the Indian population (840 million), will have access to the internet, claims a report. The flip side of this is, increasing cybercrimes. Over 18 million cases of cyber attacks and threats were recorded within the first three months of 2022 in India, with an average of nearly 200,000 threats every day, according to the cyber security firm Norton.

Last year, the Indian Computer Emergency Response Team (CERT-In) handled more than 14 lakh cases. Cyber threats such as online fraud, ransomware, phishing attacks, and SQL injection attacks are becoming increasingly common with each passing day.

In this regard, recently, Dr Pavan Duggal, Supreme Court lawyer and chairman of the International Commission on Cyber Security Law, suggested that India should have a dedicated ministry in terms of cybersecurity as it has become much bigger and more comprehensive in impact and relevance.

While we may need a dedicated ministry in the future, India currently needs cybersecurity laws. In 2020, PM Narendra Modi, during his Independence Day speech, announced that India would soon have a new Cyber Security Policy; however, it’s been two years and what we have is the poorly implemented Cyber Security Policy 2013.

India needs a uniform cybersecurity law

Today, almost all nations understand that threats from the internet are limitless and have stringent cybersecurity laws in place. 

In the past few years, the number of cyber attacks on the Indian government and private entities have increased alarmingly. Earlier this year, state-owned Oil India Limited’s system in Assam was hacked, which heavily impacted its operations. In 2021, Air India’s data servers were hacked, impacting nearly 4.5 million customers. 

“Currently, there is no dedicated legislation for cyber law. Instead, there is a mix of IT law, contract law, penal provisions, cyber security policy and the rules and regulations that deal with cyber security in some form or the other,” Salman Waris, partner, head of TMT & IP Practice at TechLegis Advocates & Solicitors, told AIM.

One of the primary legislations in India that deals with cybersecurity and associated crimes such as phishing, malware attacks, hacking, identity fraud and electronic theft is the Information Technology (IT) Act 2000. “In my opinion, the government has been working on the National Cyber Security Policy for some time, and the fact that India does not have a dedicated law on cyber security speaks for itself,” Waris said. 

With India’s cyber sovereignty at stake, what the country needs currently is a uniform cybersecurity law. Cyberthreats are only going to increase with each passing day, and to mitigate the risk, implementing the new cyber security policy should be the government’s topmost agenda.

“In today’s globalised cyber world, the government needs to make cybersecurity the cornerstone of its approach to all its traditional functions as in the near future, each and every sector in the country shall be vulnerable to cyber attacks, be it in the form of the increased ransomware attack or the completed denial of service campaigns. To ensure the success of the ‘Digital India campaign’, it is essential the government also works toward a cybersafe India,” Waris added.

CERT-In isn’t enough

Cybersecurity falls under the Ministry of Electronics and Information Technology. The Indian Computer Emergency Response Team (CERT-In) was established in 2004 to deal with cyberthreats. However, they fail to cover every aspect of cybersecurity that impacts us today.

Waris said that CERT-In primarily ensures that information on cyber events is gathered and analysed, then disseminated besides putting in place emergency response procedures for cyber security issues and publishes guidelines, advisories, response, reporting, incident prevention and vulnerability notes. 

“While these cyber security initiatives are right, they fall short of meeting all the challenges the country’s cyber infrastructure faces in a post-modern world, and cyber threats today require both defensive and offensive strategy as cyber has become a realm of post-modern global warfare with both state and non-state actors as active players. Hence CERT-In alone may not be well equipped to tackle all of India’s cybersecurity challenges,” Waris reiterates.

A cybersecurity ministry?

Cyberthreats are becoming more complex, and hackers are finding modern and innovative ways to carry out cyber attacks. Experts have also warned about cyberwarfare, where cyber attacks can be used to destabilise a state and its infrastructure in case of a war. 

Taking all these factors into account and given the increasing dependence on technology and the internet, there is a possibility that India might have a cybersecurity ministry one day to deal with every spectrum of cybersecurity. However, there are several roadblocks. 

Waris believes that before we set up a ministry, India should have a full-fledged dedicated cyber security law. “The strategy should be seen as a concurrent step. At a time when a lot of other countries have already started coming up with dedicated laws on cyber security, India is slightly behind the curve. 

“Except Zimbabwe and Australia, I don’t think there is any other country that has explored the idea of a dedicated minister or ministry for cyber security, hence before we explore such an option, we ought to have a dedicated law on cyber security, which is the need of the hour,” Waris concluded.

Download our Mobile App

Pritam Bordoloi
I have a keen interest in creative writing and artificial intelligence. As a journalist, I deep dive into the world of technology and analyse how it’s restructuring business models and reshaping society.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Can OpenAI Save SoftBank? 

After a tumultuous investment spree with significant losses, will SoftBank’s plans to invest in OpenAI and other AI companies provide the boost it needs?

Oracle’s Grand Multicloud Gamble

“Cloud Should be Open,” says Larry at Oracle CloudWorld 2023, Las Vegas, recollecting his discussions with Microsoft chief Satya Nadella last week. 

How Generative AI is Revolutionising Data Science Tools

How Generative AI is Revolutionising Data Science Tools

Einblick Prompt enables users to create complete data workflows using natural language, accelerating various stages of data science and analytics. Einblick has effectively combined the capabilities of a Jupyter notebook with the user-friendliness of ChatGPT.