Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have already discussed about the national critical information infrastructure protection centre (NCIIPC) of India. It has been more than one year and till now we have not heard about the constitution and bringing into force of the NCIIPC of India.
NCIIPC functions under the guidance of national technical research organisation (NTRO). It is believed that NCIIPC will set up sectoral computer emergency response teams (CERTs) and will also install sensors on critical systems for getting real-time information regarding cyber attack of any kind for preparing a quick response. NCIIPC would cover sectors like energy (natural gas, coal, oil and power), finance and banking, transportation (civil aviation and railways), space, law enforcement, security, telecom, defense, etc.
India has been facing serious cyber attacks including attacks upon India’s critical infrastructure. In these circumstances, critical infrastructure protection in India and critical ICT infrastructure protection In India becomes absolutely essential. Even the critical ICT infrastructure protection policy of India is need of the hour.
The national cyber coordination centre (NCCC) of India has been proposed to be established by Indian Government. It has also been reported that a cyber security council for India has been formulated. However, till now there is no sign of actual implementation of these ambitious projects. The truth is that till now we have no critical information infrastructure protection agency in India.
There are few prerequisites that can make the NCIIPC of India successful. Firstly, there must be a centralised ICT command centre of India that can coordinate various cyber security issues. While operating such centralised centre the civil liberties and national security requirements must be reconciled by India.
Secondly, specialised agencies and authorities must be constituted for critical infrastructure areas like power, telecom, defense, etc. These agencies and authorities must coordinate with the centralised command centre for cyber security related issues.
Thirdly, parliamentary oversight of law enforcement and intelligence agencies of India must be ensured. As on date the law enforcement and intelligence agencies of India needs parliamentary oversight and reforms.
India is presently facing threats of cyber warfare, cyber terrorism, cyber espionage, etc. India cannot afford to take cyber intrusions and cyber attacks lightly. We have no international harmonisation and regulatory framework for areas like cyber law, cyber security, cyber terrorism, cyber warfare, cyber espionage, etc. Even the Tallinn manual on the international law is not applicable to international cyber warfare attacks and defence.
Recently, the computer systems of DRDO were breached and sensitive files were leaked. To minimise such incidences in future, we must develop offensive and defensive cyber security capabilities of India.
There are many glaring cyber security problems of India that must be addressed on a priority basis. We must formulate the cyber security policy of India as soon as possible. Similarly, we must also ensure cyber security skills and capabilities development in India. In short, Indian cyber security problems, issues and challenges management must be properly appreciated and adequately taken care of.
The NCIIPC of India must be constituted and made operational as soon as possible in the larger interest of cyber security of India. The cyber security issues of India are too numerous and too complicated to be managed within a short period of time. We have to make a start in this regard and the same must be made as soon as possible.