New cyber security policy may boost public-private collaboration

by Sohini Bagchi    Jul 05, 2013

cyber policy

The newly released National Cyber Security Policy is an indication of the Indian government’s effort to protect the public and private infrastructure from cyber attacks. With rising incidents of attack on the country’s most important systems such as defence, power, telecommunication and banking, there is a need to bring out a strong agenda to safeguard critical data and information.

While releasing the policy document this week, Minister of communications and information technology Kapil Sibal said that the government has proposed to set up a National Critical Information Infrastructure Protection Centre (NCIIPC), which will coordinate with different bodies to deal with all matters related to cyber security such as sabotage, espionage and cyber attacks originating from within or outside the country. The Center and will also act as a platform to protect against cyber security threats in strategic areas such as air control, nuclear and space.

More cyber warriors needed

The policy is expected to facilitate collaboration between government agencies and private cyber security solution developers in order to protect mission critical infrastructure. As part of the policy, the government has proposed to create a workforce of around 500,000 trained in cyber security and announced its plans to provide fiscal benefits to businesses to adopt best security practices.

Debasis Nayak, CIO, Asian School Of Cyber Laws points out that at present the country does not have sufficient number of cyber security professionals. According to recent data, India currently has around 22,000 certified cyber security professionals, which is miniscule when compared to China having nearly 25 million cyber experts or commandos.

 “The need of the hour for India is to create a cyber security ecosystem, developing effective public-private partnerships through technical and operational cooperation. The government should especially focus on creating a strong pool of cyber security experts,” he says.

Likewise, the policy has also laid down objectives focusing on collaborative engagements and developing indigenous security technologies through research.

The pros and cons

Although some in the industry believe that the policy was long overdue and lacks certain clarity, several others opine that the document is a step in the right direction to deal with various levels of threats in the cyberspace.

“There are a number of loopholes in the policy that neither describes the structure of the agencies that will deal with cyber threats, nor mentioned about the state or function of the existing agencies,” says Angshuman Das, an independent IT security analyst. Moreover, the privacy needs of citizen have not been mentioned on the agenda. He believes that the policy should have been made more comprehensive, takingn into account the best practices from countries like the US.

A senior government IT official however argues that the policy clearly states that it will function under the National Technical Research Organisation, a technical intelligence gathering agency controlled directly by the National Security Adviser in the Prime Minister’s Office. Moreover, the existing agency, Computer Emergency Response Team (CERT), will handle all public and private infrastructure.

Some others are quite upbeat about the new initiative as Jagdish Mahapatra, Managing Director, McAfee India & SAARC mentions that the policy will provide a roadmap for strengthening cyber security and a secure a computing framework that will inspire consumer confidence for electronic transactions. “At a macro level, the policy will facilitate cyber security intelligence that will form an integral component to anticipate attacks and quickly adopt counter measures,” he adds.

On the whole, the policy can be viewed as a sincere effort to combat cyber threats. However, the key to its success will lie in its effective execution the creating the environment for long term growth and sustenance.