India launches policy to secure cyber space

Proposes to set up agency to ward off cyber threats, create a workforce trained in cyber security; fiscal benefits to businesses for adopting security best practice

To better arm itself from the threats emanating from the cyber world, the government on Tuesday announced a National Cyber Security Policy 2013.

The policy, approved in May this year, has proposed to set up different bodies to deal with various levels of threats, along with a national nodal agency, to coordinate all matters related to cyber security.

The government has proposed to set up a National Critical Information Infrastructure Protection Centre (NCIIPC), which will act as a 24x7 centre to ward off cyber security threats in strategic areas such as air control, nuclear and space.

It will function under the National Technical Research Organisation, a technical intelligence gathering agency controlled directly by the National Security Adviser in the Prime Minister's Office. The existing agency, Computer Emergency Response Team (CERT), will handle all public and private infrastructure.

“The Air defence system, power infrastructure, nuclear plants, the telecommunications system will all have to be protected to ensure there is no disruption of the kind that will destabilise the economy. Instability in the cyber space means economic instability, and no nation can afford this. Therefore, it’s essential not just to have a policy but to operationalise it,” Communications and Information Technology Minister Kapil Sibal said while releasing the policy.

As part of the policy, the government has proposed to create a workforce of around 500,000 trained in cyber security. It also proposes to provide fiscal benefits to businesses to adopt best security practices.

Gulshan Rai, director general of CERT-IN, said the government would also set up testing labs to regularly check the safety of equipment being used in the country. ''Putting the security framework is a complex task and we will now begin to follow it up with detailed action plans to support each of the objectives,” Rai said.

The policy has laid down 14 objectives which include creation of a cyber ecosystem in the country, developing effective public-private partnerships and collaborative engagements through technical and operational cooperation, among others. Emphasis has been laid on developing indigenous security technologies through research.

According to Jagdish Mahapatra, managing director of McAfee India, the policy will provide a road map for strengthening cyber security and a secure computing framework that will inspire consumer confidence for electronic transactions. “At a macro level, the policy will facilitate cyber security intelligence that will form an integral component to anticipate attacks and quickly adopt counter measures.”  

However, some industry experts believe while the introduction of the policy is a good starting point, it lacks the details. “While the government has talked about various agencies who will deal with cyber threats, it has neither described their structure, nor said anything about what will happen to existing agencies. The policy is not very granular compared to what countries like the US has in place,'' said a senior executive with a technology firm requesting anonymity.