With an aim to protect information and build capabilities to prevent cyber attacks, the Central Government released the National Cyber Security Policy 2013 to safeguard both physical and business assets of the country.
“The National Cyber Security Policy is a framework document and it gives you a broad outline of what our vision is...the real task or the challenge is the operationalisation of this policy,” Minister of Communications and IT Kapil Sibal said while releasing the policy.
Mr Sibal said the critical infrastructure such as air defence system, power infrastructure, nuclear plants, telecommunications system have to be protected otherwise it may create economic instability.
“Air defence system, power infrastructure, nuclear plants, telecommunications system will all have to be protected to ensure there is no disruption of the kind that will destabilise the economy... instability in cyber space means economic instability no nation can afford economic instability, therefore it is essential not just to have a policy but to operationalise it,” Mr Sibal said.
The cyber policy was necessary in the wake of possible attacks from state and non-state actors, corporates and terrorists as the Internet world has no geographical barriers and was anonymous in nature. The Minister said there will be multiple places from where cyber war could take place, it will involve individuals, sections of society, businesses, terrorists, drug dealers and those who want to generate violence. He added it will not be able to point out to a particular country to say the source of the attack because it will difficult in the cyberspace to figure it out.
“In the ultimate analysis, we have to develop global standards because there is no way that we can have a policy within the context of India which is not connected with the rest of the world because information knows no territorial boundaries,” Mr Sibal added. He said everything today is cross-border, we have to corroborate to find what is that meeting ground which allows the citizens to be empowered and at the same time ensures that nation is safe. “We don’t know who attack our systems, so we have to ourselves secure our systems,” he added.
In order to create a secure cyber ecosystem, the policy plans to set up a national nodal agency to coordinate all matters related to cyber security in the country with clearly defined roles and responsibilities. It plans to establish a mechanism for sharing information, identifying and responding to cyber security incidents and for cooperation in restoration efforts.
The policy lays out 14 objectives which include creation of a cyber ecosystem in the country, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation. It also plans “to create a workforce of 5,00,000 professionals skilled in cyber security in the next five years through capacity building, skill development and training”.
The objectives also include enhancing and creating “national and sectoral level 24x7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective, predictive, preventive, proactive response and recovery actions.”
It plans to develop indigenous security technologies through research. The policy also identifies eight strategies to create a secure cyber ecosystem which include a designated “national nodal agency to coordinate all matters related to cyber security”. The policy says all organisations earmark a specific budget for implementing cyber security initiatives and for meeting emergency response arising out of cyber incidents. It calls for developing a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space.
The policy plans to operate a 24X7 national level computer emergency response team (CERT-In) to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.
“CERT-In will function as an umbrella organisation in enabling creation and operationalisation of sectoral CERTs as well as facilitating communication and coordination actions in dealing with cyber crisis situations,” the policy said.
Cyber incidents, including phishing and malicious URLs, virus and malicious code propagation and spams, have been on the rise and touched new levels in 2010 when the Internet and smart phone penetration in the country crossed new heights.
