These days more and more critical services are connected with and controlled by computers and other information and communication technology (ICT). As a result they are also vulnerable to sophisticated cyber attacks from around the world. Malware have evolved to such an extent that many times they are not traced for years and the cyber attacks keep on stealing sensitive and crucial information. This is a troublesome notion when critical information infrastructures are involved as the stakes are very high there.
We at Perry4Law Organisation (P4LO) believe that critical infrastructure protection in India (pdf) needs a more focused and extensive cyber security protection. We have recently provided cyber security trends of India 2017 here and here and even there we have mentioned the significance of critical infrastructure protection (CIP) in India. Indian government has still to do extensive work regarding ensuring cyber security in general and critical infrastructure protection in particular.
But in a very positive development, Indian government has already established the National Critical Information Infrastructure Protection Centre (NCIIPC) of India. The NCIIPC is also working to ensure robust cyber security for Indian critical infrastructure. However, for reasons best known to Indian government, NCIIPC seems to be a half hearted approach so far. Even the website of NCIIPC has little to offer regarding scope, nature, expertise and purpose of NCIIPC. We at Perry4Law Organisation (P4LO) believe that NCIIPC needs to play a more pro active and extensive role in present cyber security scenario of India.
Till the end of 2016, the cyber security infrastructure of India is not in a good shape. We have to cover a long road before India can be considered to be even moderately cyber secure. While India can afford to be little bit lax regarding general cyber security yet cyber security of CIP needs urgent attention of Indian government. For instance, using telemedicine and online healthcare systems without robust cyber security is inviting troubles of all sorts. In fact, healthcare industry and its infrastructure can safely be considered to be a critical infrastructure. Similarly, banks in India must be treated as critical infrastructure and cyber security must be accordingly managed. Mass usage of digital payments without cyber security would create lots of trouble for India in the long run. In these circumstances, role of NCIIPC must be more pro active than the present one.
There are many startups and entrepreneurs that would explore fintech and critical infrastructure related business activities in 2017. They would need strong cyber law and cyber security laws on the one hand and an authority to protect their critical infrastructures on the other. Similarly, cyber security breach disclosure norms would also be required so that CERT-In and NCIIPC can protect Indian infrastructures and systems in a better manner.
Perry4Law Organisation (P4LO) requests Indian government to consider these suggestions on priority basis.