This article talks about Cyber Security India and also explains the meaning, objectives and strategies are therefore discussed.
Cyber Security India Meaning
Cyber security India or information technology security India are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
In the last couple of decades India has carved a niche for itself in IT. Most of the Indian banking industry and financial institutions have embraced IT to its full optimization. Reports suggest that cyber attacks are understandably directed toward economic and financial institutions. Given the increasing dependency of the Indian economic and financial institutions on IT, a cyber attack against them might lead to an irreparable collapse of our economic structures. And the most frightening thought is the ineffectiveness of reciprocal arrangements or the absence of alternatives.
The Indian government has embarked on a programme to turn the country into a digital economy. It has unveiled a series of initiatives—from introducing Digital Locker, which eliminates the need for people to carry hard copies of documents issued by the government, to demonetization, which has spurred the use of digital payments across the country.
The move towards a digital economy is likely to help trigger a fresh wave of economic growth, attract more investment, and create new jobs, across multiple sectors.
However, it also poses a big challenge, that of cyber security in India. With the move towards a digital economy, increasing amount of consumer and citizen data will be stored digitally and a large number of transactions will be carried out online, by companies, individuals as well as government departments. That makes India a bigger target for cyber-criminals and hackers. Various stakeholders, especially Indian companies, need to be better prepared to handle this threat.
Cyber Security India Vision
To build a secure and resilient cyberspace for citizens, businesses and Government.
Mission of Cyber Security India
To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
Objectives of Cyber Security India
1) To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
2) To create an assurance framework for design of security policies and for promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (product, process, technology & people).
3) To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
4) To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective, response and recovery actions.
5) To enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices related to the design, acquisition, development, use and operation of information resources.
6) To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, pilot development, transition, diffusion and commercialisation leading to widespread deployment of secure ICT products / processes in general and specifically for addressing National Security requirements.
7) To improve visibility of the integrity of ICT products and services by establishing infrastructure for testing & validation of security of such products.
8) Create workforce of 500,000 professionals skilled in cyber security India in 5years through capacity building, skill development and training.
9) To provide fiscal benefits to businesses for adoption of standard security practices and processes.
10) To enable protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and for reducing economic losses due to cyber crime or data theft.
11) To enable effective prevention, investigation and prosecution of cyber crime and enhancement of law enforcement capabilities through appropriate legislative intervention.
12) To create a culture of cyber security India and privacy enabling responsible user behaviour & actions through an effective communication and promotion strategy.
13) To develop effective public private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.
14) To enhance global cooperation by promoting shared understanding and leveraging relationships for furthering the cause of security of cyberspace.
Strategies for Cyber Security India
Creating a secure cyber ecosystem under Cyber Security India
1) To designate a National nodal agency to coordinate all matters related to cyber security in the country, with clearly defined roles & responsibilities.
2) To encourage all organizations, private and public to designate a member of senior management, as Chief Information Security Officer (CISO), responsible for cyber security efforts and initiatives.
3) To encourage all organizations to develop information security policies duly integrated with their business plans and implement such policies as per international best practices. Such policies should include establishing standards and mechanisms for secure information flow (while in process, handling, storage & transit), crisis management plan, proactive security posture assessment and forensically enabled information infrastructure.
4) To ensure that all organizations earmark a specific budget for implementing cyber security initiatives and for meeting emergency response arising out of cyber incidents.
5) To provide fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security.
Creating an assurance framework under Cyber Security India
1) To promote adoption of global best practices in information security and compliance and thereby enhance cyber security posture.
2) To create infrastructure for conformity assessment and certification of compliance to cyber security best practices, standards and guidelines (Eg. ISO 27001 ISMS certification, IS system audits, Penetration testing / Vulnerability assessment, application security testing, web security testing).
3) To enable implementation of global security best practices in formal risk assessment and risk management processes, business continuity management and cyber crisis management plan by all entities within Government and in critical sectors, to reduce the risk of disruption and improve the security posture.
4) To identify and classify information infrastructure facilities and assets at entity level with respect to risk perception for undertaking commensurate security protection measures.
5) To encourage secure application / software development processes based on global best practices.
6) To create conformity assessment framework for periodic verification of compliance to best practices, standards and guidelines on cyber security.
7) To encourage all entities to periodically test and evaluate the adequacy and effectiveness of technical and operational security control measures implemented in IT systems and in networks.
Encouraging Open Standards under Cyber Security India
1) To encourage use of open standards to facilitate interoperability and data exchange among different products or services.
2) Promote consortium of Government and private sector to enhance availability of tested and certified IT products based on open standards.
Strengthening the Regulatory framework under Cyber Security India
1) To develop a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space (such as cloud computing, mobile computing, encrypted services and social media) and its harmonization with international frameworks including those related to Internet
2) Mandate periodic audit, evaluation of adequacy and effectiveness of security of information infrastructure as appropriate, with respect to regulatory framework.
3) To enable, educate and facilitate awareness the regulatory framework.
Creating mechanisms for security threat early warning, vulnerability management and response to security threats under Cyber Security India
1) To create National level systems, processes, structures and mechanisms to generate necessary situational scenario of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
2) To operate a 24×7 National Level Computer Emergency Response Team (CERT-In) to function as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis management. CERT-In will function as an umbrella organization in enabling creation and operationalization of sectoral CERTs as well as facilitating communication and coordination actions in dealing with cyber crisis situations.
3) To operationalise 24×7 sectoral CERTs for all coordination and communication actions within the respective sectors for effective incidence response & resolution and cyber crisis management.
4) To implement Cyber Crisis Management Plan for dealing with cyber related incidents impacting critical national processes or endangering public safety and security of the Nation, by way of well coordinated, multi disciplinary approach at the National, Sectoral as well as entity levels.
5) To conduct and facilitate regular cyber security drills & exercises at National, sectoral and entity levels to enable assessment of the security posture and level of emergency preparedness in resisting and dealing with cyber security incidents.
Securing E-Governance services under Cyber Security India
1) To mandate implementation of global security best practices, business continuity management and cyber crisis management plan for all e-Governance initiatives in the country, to reduce the risk of disruption and improve the security posture.
2) To encourage wider usage of Public Key Infrastructure (PKI) within Government for trusted communication and transactions.
3) To engage information security professionals / organisations to assist e-Governance initiatives and ensure conformance to security best practices.
Protection and resilience of Critical Information Infrastructure under Cyber Security India
1) To develop a plan for protection of Critical Information Infrastructure and its integration with business plan at the entity level and implement such plan. The plans shall include establishing mechanisms for secure information flow (while in process, handling, storage & transit), guidelines and standards, crisis management plan, proactive security posture assessment and forensically enabled information infrastructure.
2) To Operate a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) to function as the nodal agency for critical information infrastructure protection in the country.
3) To facilitate identification, prioritisation, assessment, remediation and protection of critical infrastructure and key resources based on the plan for protection of critical information infrastructure.
4) To mandate implementation of global security best practices, business continuity management and cyber crisis management plan by all critical sector entities, to reduce the risk of disruption and improve the security posture.
5) To encourage and mandate as appropriate, the use of validated and certified IT products.
6) To mandate security audit of critical information infrastructure on a periodic basis.
7) Mandate certification for all security roles right from CISO / CSO to those involved in operation of critical information infrastructure.
8) To mandate secure application / software development process (from design through retirement) based on global best practices.
Promotion of Research & Development under Cyber Security India
1) To undertake Research & Development programs for addressing all aspects of development aimed at short term, medium term and long term goals. The Research & Development programs shall address all aspects including development of trustworthy systems, their testing, deployment and maintenance throughout the life cycle and include R&D on cutting edge security technologies.
2) To encourage Research & Development to produce cost-effective, tailor-made indigenous security solutions meeting a wider range of cyber security challenges and target for export markets.
3) To facilitate transition, diffusion and commercialisation of the outputs of Research & Development into commercial products and services for use in public and private sectors.
4) To set up Centres of Excellence in areas of strategic importance for the point of security of cyber space.
5) To collaborate in joint Research & Development projects with industry and academia in frontline technologies and solution oriented research.
Reducing supply chain risks under Cyber Security India
1) Create and maintain testing infrastructure and facilities for IT security product evaluation and compliance verification as global standards and practices.
2) To build trusted relationships with product / system vendors and service providers for improving end-to-end supply chain security visibility.
3) Create awareness of threats, vulnerabilities and consequences of breach of security among entities for managing supply chain risks related to IT procurement. (products, systems or services)
Human Resource Development under Cyber Security India
1) To foster education and training programs in formal and informal sectors to support Nation’s cyber security needs and build capacity.
2) To establish cyber security training infrastructure across the country by way of public private partnership arrangements.
3) To establish cyber security concept labs for awareness and skill development in key areas.
4) To establish institutional mechanisms for capacity building for Law Enforcement Agencies.
Creating Cyber Security Awareness under Cyber Security India
1) To promote and launch a comprehensive national awareness program on security of cyberspace.
2) To sustain security literacy awareness and publicity campaign through electronic media to help citizens beware of challenges of cyber security.
3) To conduct, support and enable cyber security workshops / seminars and certifications.
Developing effective Public Private Partnerships under Cyber Security India
1) To facilitate collaboration and cooperation among stakeholder entities including private sector, in the area of cyber security in general and protection of critical information infrastructure in particular for actions related to cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
2) To create models for collaborations and engagement with all relevant stakeholders.
3) To create a think tank for cyber security policy inputs, discussion and deliberations.
Information sharing and co-operation under Cyber Security India
1) To develop bilateral and multi-lateral relationships in the area of cyber security with other countries.
2) To enhance National and global cooperation among security agencies, CERTs, Defence agencies and forces, Law Enforcement Agencies and judicial systems.
3) To create mechanisms for dialogue related to technical and operational aspects with industry in order to facilitate efforts in recovery and resilience of systems including critical information infrastructure.
Prioritized approach for implementation under Cyber Security India
To adopt a prioritized approach to implement the policy so as to address the most critical areas in first instance.
Operationalisation of the Policy under Cyber Security India
This policy shall be operationalised by way of detailed guidelines and plans of action at various levels such as national, sectoral, state, ministry, department and enterprise, as may be appropriate, to address the challenging requirements of security of the cyberspace.