Analysis Of National Cyber Security Policy Of India 2013 (NCSP-2013) And Indian Cyber Security Infrastructure

Analysis Of National Cyber Security Policy Of India 2013 (NCSP-2013) And Indian Cyber Security InfrastructureThe National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was announced by Indian Government in 2013. The policy aims to build a secure and resilient cyberspace for citizens, business and government. Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) welcome this initiative of Indian government that can help in strengthening of Indian cyber security infrastructure.

The mission of the policy is to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

The objectives of the policy are:

(a) To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.

(b) To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).

(c) To strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem.

(d) To enhance and create National and Sectoral level 24×7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.

(e) To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.

(f) To create workforce for 5, 00,000 professionals skilled in next 5 years through capacity building skill development and training.

(g) To provide fiscal benefit to businesses for adoption of standard security practices and processes.

(h) To enable Protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft.

(i) To enable effective prevention, investigation and prosecution of cyber crime and enhancement of law enforcement capabilities through appropriate legislative intervention.

Some of the shortcomings of the policy are:

(1) The declared cyber security policy has proved to be a paper work alone with no actual implementation till date.

(2) The cyber security trends and developments in India 2013 (PDF) have listed the shortcomings of Indian cyber security policy in general and Indian cyber security initiatives in particular.

(3) Indian cyber security policy has failed to protect civil liberties of Indians including privacy rights.

(4) Civil liberties protection in cyberspace has been blatantly ignored by Indian government and e-surveillance projects have been kept intact by the Narendra Modi government.

(5) The offensive and defensive cyber security capabilities of India are still missing.

(6) India is considered to be a sitting duck in cyberspace and cyber security field and the proposed cyber security policy has failed to change this position.

In short, India is not at all cyber prepared despite the contrary claims and declared achievements and the cyber security policy is just another policy document with no actual implementation and impact so far. Nevertheless, the policy is a positive step in the right direction.

Some of the related areas where Indian cyber security initiatives needs strengthening include international cyber security cooperation (PDF), critical ICT infrastructure protection (PDF), formulation of a cyber warfare policy of India (PDF), formulation of an encryption policy of India (PDF), reenactment of Indian cyber and telegraph laws, etc.

Meanwhile, India has been witnessing some new concerns and areas in the cyber field. For instance, cyber insurance, participation at Wassenaar Arrangement, intelligence agencies reforms, modernisation of police force, cyber security of banks, etc are some of the recent areas and developments that India has witnessed. Similarly, establishment of national cyber coordination centre (NCCC) of India and national critical information infrastructure protection centre of India (NCIIPC) are also good initiatives on the part of Indian government. The National Technical Research Organisation (NTRO) has also been entrusted with the duty to protect critical infrastructures of India.

The cyber security challenges in India would increase in the future as India has adopted the Digital India initiative and India must be well prepared to deal with the same. The sooner it is done the better it would be for the interest of our nation.