Government unveils National Cyber Security Policy to thwart large-scale cyber attacks

2 Jul, 2013

In an attempt to prevent large-scale cyber attacks on the country's IT infrastructure, the government has come out with the National Cyber Security Policy. The policy caters to the whole spectrum of information and communications technology (ICT) users and providers, including home users as well as small, medium and large enterprises besides government and non-government entities.

The policy's mission is to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimise damage from cyber incidents. The detailed guidelines have not been formed yet but here are some key highlights from the policy announcement.

National Level

A national nodal agency will be created to coordinate all matters related to cyber security in the country, with clearly defined roles and responsibilities.

It proposes:

To operate a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandate security practices related to the design, acquisition, development, use and operation of information resources.

To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising due to technological developments in cyber space (such as cloud computing, mobile computing, encrypted services and social media).

To operate a 24x7 National Level Computer Emergency Response Team (CERT-In) to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management. CERT-In will function as an umbrella organisation in enabling creation and operationalisation of sectoral CERTs as well as facilitating communication and coordination actions in dealing with cyber crisis situations.

To develop public-private partnerships to facilitate collaboration and cooperation in the area of cyber security in general and protection of critical information infrastructure in particular.

Finally, to create a workforce of 5 lakh professionals, who are skilled in cyber security, in five years.

For organisations

To ensure all organisations develop information security policies duly integrated with their business plans and implement such policies as per international best practices.

To encourage all organisations, private and public, to designate a member of its senior management as Chief Information Security Officer (CISO), who will be responsible for cyber security efforts and initiatives.

To ensure all organisations allocate a specific budget for implementing cyber security initiatives and for meeting emergency response arising out of cyber incidents.

Also, to provide fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure.

"In today's digital-dependent era, it is important to deliver and receive digital information and services from any device safely and securely. The National Cyber Security Policy is reflective of the government's initiatives towards building a secure computing environment and facilitating regulatory compliance. We also anticipate that the policy will allow opportunities for private technology companies to collaborate with the government for mission critical government initiatives," said Parag Arora, director of sales, enterprise and public sector for Indian subcontinent at Citrix Systems, a software firm.

(Edited by Joby Puthuparampil Johnson)