Monthly Archives: June 2013

Cyber Security Policy Of India To Be Released Next Week

Cyber Security Policy Of India To Be Released Next WeekThe national cyber security policy of India is long overdue. Although the cyber security policy of India has been approved by the Cabinet Committee on Security (CCS) yet its actual implementation is yet to be seen.

India has been facing sophisticated cyber attacks and an effective cyber security policy with robust cyber security law is urgently needed. Presently India lacks on both the counts.

But that may not be the situation any more. Indian government is about to announce the National Cyber Security Policy this week. The policy would ensure intervallic review of legislations to meet the challenges from technology upgradation, a think-tank for cyber security policy inputs, greater private participation and international co-operation in the area of cyber security.

The policy also intends to develop bilateral and multi-lateral ties to enhance global cooperation among security agencies, law enforcement agencies and judicial system. Under the policy a National Critical Information Infrastructure Protection Centre will work around-the-clock to protect critical infrastructure, and designate a national nodal agency to coordinate all matters related to cyber security.

The policy aims at creating a capable cyber security work force of five lakh professionals and build cyber security training infrastructure across the country through public-private participation.

The policy is also encouraging both private and public organisations to designate a member of senior management as chief information security officer responsible for cyber security efforts and initiatives. The Reserve Bank of India (RBI) has already made mandatory to appoint a chief information officer (CIO) by all banks of India.

NATO Would Strengthen Its Cyber Defense Capability

NATO's Would Strengthen Its Cyber Defense CapabilityNATO recently conducted a meeting the chief emphasis of which was developing cyber security capabilities for its member nations. This was the first session of the two-day NATO defense ministers’ meeting that first time addressed the cyber security aspect. The present discussion would be continued during the next meeting of NATO in this regard in the month of October.

The focus of the meeting was to ensure that NATO can support and assist Allies who request assistance if they come under cyber attack. NATO Secretary General Anders Fogh Rasmussen opined that NATO’s cyber security capability should be fully operational by autumn this year. This would provide protection to all the networks owed and operated by the alliance.

The basic philosophy of NATO is that if an attack on one ally is not remedied immediately then it can affect the other members as well. The options available for NATO in this regard range from deploying NATO’s Rapid Reaction Teams to using national cyber assets.

NATO would establish rapid reaction teams to help protect NATO’s own systems. But there is disagreement about how the alliance should respond to requests for help from members that come under cyber attack. Smaller countries with limited resources are keen to take advantage of NATO’s cyber defence capabilities. But larger members disagree as they spend large sums on cyber defence at home and they are reluctant to divert money to NATO activities that will largely benefit others.

In 2007, NATO member Estonia’s Internet network came under massive attacks, prompting the alliance to set up a cyber defense center one year later in Tallin. The Pentagon has also accused China last month of using cyber espionage to modernise its military. Of course, China denied the same and in the absence of proper authorship attribution for cyber attacks, it is difficult to label China or any other country as cyber villain.

NATO is also aware of the menace of cyber warfare and global cyber espionage networks. However, in the absence of internationally acceptable cyber security and cyber law treaties, it cannot do much in these directions. Although NATO released the Tallinn Manual in this regard yet it is not applicable to international cyber warfare attacks and defence at the international level. In fact, NATO’s Tallinn Manual has started raising objections and Russia has already expressed its displeasure in this regard.

NATO has to adopt ICT policies and strategies that are not only conducive for better cyber security but also widely acceptable to its member nations. Let us wait for the next meeting of NATO to see the outcome of this proposal.