Ten things you should know about India’s Cyber Security Policy

by CXOtoday News Desk    Oct 15, 2013

cyber sec

Following the rising number of cyber threats, the Indian government has gotten serious about securing the cyber space of the country. Earlier this year, the government had released the National Cyber Security Policy (NSCP) of India. Soon after that it released guidelines by the National Critical Information Infrastructure Protection Centre of the National Technical Research Organization (NTRO), the country’s elite technical intelligence agency.

According to recent KPMG ASSOCHAM report on cyber security, the Cyber Security Policy provides a strong vision to secure the critical infrastructure of the country. The policy was essential to prevent and reduce cyber attacks on public as well as private infrastructure. The policy also intends to circumvent any resultant economic instability arising due to cyber attacks. While the authorities agree that the real challenge lies in making this policy operational, KPMG believes that this is step in the right direction.

The KPMG report identifies ten things you should know about India’s National Cyber Security Policy 2013:


1. Set up a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) for protecting critical infrastructure of the country.

2. Create a taskforce of 5,00,000 cyber security professionals in next five years.

3. Provide fiscal schemes and benefits to businesses for adoption of standard security practices.

4. Designate CERT-In as the national nodal agency to co-ordinate cyber security related matters and have the local (state) CERT bodies to co-ordinate at the respective levels.

5. All organizations to designate a CISO and allot a security budget.

6.Use of Open Standards for Cyber Security.

7. Develop a dynamic legal framework to address cyber security challenges (Note: The National Cyber Security Policy 2013 does not have any mention of the IT Act 2000)

8. Encourage wider use of Public Key Infrastructure (PKI) for government services.

9. Engage infosec professionals / organizations to assist e-Governance initiatives, establish Centers of Excellence, cyber security concept labs for awareness and skill development through PPP - a common theme across all initiatives mentioned in this policy.

10.  Apart from the common theme of PPP across the cyber security initiatives, the policy frequently mentions of developing an infrastructure for evaluating and certifying trustworthy ICT security products.


 What’s missing…

Some key points from the draft version missing in the final policy:

• Initiative to establish a countrywide secure intranet for connecting strategic installations with CERT for emergency response and coordination.

• The draft policy had objectively set out actions for ensuring security by Service Providers, Corporate and SOHO.

• Of the 12 stakeholders identified in the draft, only four are mentioned in the policy.