 "Centre may push enterprises to use security products developed in India")
The Centre is likely to recommend enterprises in banking, telecom, and energy sectors to use only security products and services developed in India.
According to a report in The Indian Express, the government has drawn up a policy called "National Cybersecurity Reference Framework (NCRF) to provide guidelines on roles and responsibilities for cybersecurity based on existing legislations, policies, and guidelines.
The move comes following various cybersecurity-related incidents, with the most recent being an attack on the AIIMS systems in New Delhi in 2022.
The NCRF states: "In recent years many threat actors backed by nation-states and organised cyber-criminal groups have attempted to target critical information infrastructure (CII) of the government and enterprises. In addition, the availability of "cyber-attacks-as-service" has reduced the entry threshold for new cyber criminals, thus increasing the exposure to individuals and organisations."
The framework, drawn up by the National Critical Information Infrastructure Protection Centre (NCIIPC), was shared with companies and government departments for consultation in May last year. The NCRF may also recommend enterprises to allocate at least 10 per cent of their total IT budget towards cybersecurity. "Adequate resources must be allocated for cybersecurity, and these should be distinct from IT resources... Based on global best practice, it is recommended that at least 10 per cent of the total IT budget should be allocated to cybersecurity. Such allocation should be mentioned under a separate budget head for monitoring by the top-level management / board of directors," the NCRF states.
In June last year, former national cyber security coordinator Lt General Rajesh Pant said that the NCRF will be released for the public soon. He said, "It (NCRF) is an important document that supersedes the 2013 policy [National Cybersecurity Policy of 2013]. From 2013 to 2023, the world has changed as new threats and new cyber organisations have emerged, calling for new strategies. The document will be put in the public domain after a final check by the committee to ensure that nothing confidential is released.
He added that the NCRF is a guideline, and its recommendations will not be binding.
The policy may also recommend that "the regulators may also need to access sensitive data and deficiencies related to the operations in the critical sector, and therefore they also would need to have an effective information security management system (ISMS) instance."
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%