Promoting encryption for protection from cyber security breaches and inclusion of technical standards for digital devices and services were among the top recommendations that think tanks and digital freedom advocacy groups made as part of consultation for framing the NCSS 2020 (National Cyber Security Strategy 2020).
The government had asked for stakeholder submissions to the proposed NCSS 2020 in December. Applicable till 2025, the new strategy on cybersecurity will replace the National Cyber Security Policy 2013, which is “inadequate”, considering the risks at hand, said a statement on the NCSS website.
In its recommendations to the task force on NCSS 2020, advocacy group Internet Freedom Foundation cautioned that failure to expand the usage of encryption technologies puts individuals at risk. It said that the task force must focus on allowing departments, firms and individuals to protect their data and secure the networks they use. It also sought the prohibition of use of malware for ‘zero-day’ hacks and hacks into the devices and services of individual users.
Donor-supported legal services organisation SFLC (Software Freedom Law Center), in its submission, recommended the government to adopt free and open-source softwares, and open standards. It also highlighted the need for specific legislation related to cybersecurity breaches.
“The present Personal Data Protection Bill (2019) mentions reporting cyber incidents in the form of reporting data breaches. However, there are other issues pertaining to cyber incidents that need addressing, such as post-incident investigation (forensics) and evidence acquisition, which are nascent in terms of being regulated by law or policy,” the submission by SFLC said, asking for a revision of rules in the Information Technology Act 2000.
According to the December statement, the consultation on NCSS 2020 seeks to address the misuse of social media platforms, access to data stored overseas and law enforcement in the cyberspace.