Can NCSP change the face of India’s cyber security?

by Sohini Bagchi    Jul 30, 2013

cyber security pic

Emergence of sophisticated cyber attacks on government as well as private institutions is prompting nations to address cyber security challenges. Countries such as the US have been spearheading cyber security efforts for a considerably long time. India, not far behind, is ramping up its cyber security initiatives. The newly released National Cyber Security Policy (NCSP) is an indication of the India government’s effort to protect the public and private infrastructure from cyber attacks.

What need to be addressed?

According to some, the NCSP takes a holistic view of the existing and the potential challenges and risks of operating in cyberspace. Other however believe that the policy fails to match up on several parameters. As with the case of most policies, some fear that unless the policy balances the utopian goals and ground realities, it will remain a distant dream.

“The policy neither describes the structure of the agencies dealing with cyber threats, nor mentions the role of the existing agencies,” mentions Angshuman Das, an independent IT security analyst. He believes that the policy does not explain how the government will maintain a balance between the protection of cyber security and the protection of civil liberties.

As Pawan Duggal, cyber security advocate mentions that the policy has already been much delayed. It should have been released after the 26/11 terror attack. According to him, while the objective is noble, policy seems to be a little vague. “It is like a compilation of a number of ideas, not accompanied with any action plans. It seems to be incomplete. A lot still needs to be done,” Duggal notes in a statement.

Moreover, the policy does not mention the Information Technology Act of 2000 which is significant in the event of a conflict, as it details the ways to protect critical information and infrastructure in the event of a disaster. A senior technology leader believes for the successful implementation of such a crucial policy, it is most important that every stakeholder understands its implications and take a collaborative approach to achieve desired outcomes. “The use of data was also ambiguous – how data will be collated, processed and used has not been clarified,” he says.

Although it was pointed out the policy does not clarify the checks and balances to ensure that activities meant for protecting online information are not abused, proponents of the policy argue that currently Computer Emergency Response Team (CERT), will handle all public and private infrastructure, argues government officials involved in framing the policy.

Opportunities exist

Despite loopholes, it is a commendable effort of the government to deal with all matters related to cyber security such as sabotage, espionage and cyber attacks originating from within or outside the country. As Jagdish Mahapatra, Managing Director, McAfee India & SAARC mentions that the policy will provide a roadmap for strengthening cyber security and a secure a computing framework that will inspire consumer confidence for electronic transactions. “At a macro level, the policy will facilitate cyber security intelligence that will form an integral component to anticipate attacks and quickly adopt counter measures,” he adds.

Of the other strong points, experts point out that the NCSP follows both market driven and regulatory approach that considers both business and legislation perspective for critical information protection through private-public partnership. “An ideal approach would be to induce the private sector to invest in security through appropriate provisions like the government funding, tax reliefs, awards, cyber insurance and liability protection to name a few, which the current policy takes into consideration,” states Debasis Nayak, cyber security specialist and CIO, Asian School Of Cyber Laws.

Experts also point out the security policy will encourage the development of cyber security products through cutting edge R&D with Minister of communications and information technology Kapil Sibal announcing that there will be a greater thrust on setting up Centers of Excellence for such initiatives. Currently, companies procure most of their security solution from global vendors with little benefit to the country’s economic growth. From that perspective, it will increase the creating significant opportunities creating new jobs through collaboration among technical and business schools, government and the industry, which in turn will impact the country’s GDP positively.

Over the past one year, a spate of attacks on the country’s most important systems such as defense, power, telecommunication and banking, there was a need to bring out a strong agenda to safeguard critical data and information. In many ways, the cyber security policy can help India to create a cyber security ecosystem, developing effective public-private partnerships through technical and operational cooperation. However, experts opine the key to its success will lie in its effective execution in creating an ecosystem for long term and sustainable growth.