With an aim to monitor and protect information and strengthen defences from cyber attacks, the National Cyber Security Policy 2013 was released on July 2, 2013 by the Government of India. The purpose of this framework document is to ensure a secure and resilient cyberspace for citizens, businesses and the government. With rapid information flow and transactions occurring via cyberspace, a national policy was much needed.
——————————————————————————-
# Objectives :
1.The Cyber Security Policy aims at protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and
cooperation.
2.The objective of this policy in broad terms is to create a secure cyberspace ecosystem and strengthen the regulatory framework. A National and sectoral 24X7 mechanism has been envisaged to deal with cyber threats through National Critical Information Infrastructure Protection Centre (NCIIPC). Computer Emergency Response Team (CERTIn)
has been designated to act as a nodal agency for coordination of crisis management efforts. CERTIn will also act as umbrella
organization for coordination actions and operationalization of sectoral CERTs.
3.A mechanism is proposed to be evolved for obtaining strategic information regarding threats to information and communication technology (ICT) infrastructure, creating scenarios of response, resolution and crisis management through effective predictive, prevention, response and recovery action.
4. The policy calls for effective public and private partnership and collaborative engagements through technical and operational cooperation. The stress on public private
partnership is critical to tackling cyber threats through proactive measures and adoption of best practices besides creating a think
tank for cyber security evolution in future.
5.Another strategy which has been emphasized is the promotion of research and development in cyber security. Research and development of trustworthy systems and their testing, collaboration with industry and academia, setting up of ‘Centre of Excellence’ in areas of strategic importance from the point of view of cyber and R&D on cutting edge security technologies, are the hallmarks of this strategy laid down in the policy.
——————————————————————————
# Challenges :
1.The release of the National Cyber Security Policy 2013 is an important step towards securing the cyber space of our country. However, there are certain areas which need further deliberations for its actual implementation. The provisions to take care security risks emanating due to use of new technologies e.g. Cloud Computing, has not been addressed. Another area which is left untouched by this policy is tackling the risks arising due to increased use of social networking sites by criminals
and anti national elements.
2. There is also a need to incorporate cyber crime tracking, cyber forensic capacity building and creation of a platform for sharing and analysis of information between public and private sectors on continuous basis.
3. Creating a workforce of 500,000 professionals needs further deliberations as to whether this workforce will be trained to simply monitor the cyberspace or trained to acquire offensive as well as
defensive cyber security skill sets. Indigenous development of cyber security solutions as enumerated in the policy is laudable but these solutions may not completely tide over the supply
chain risks and would also require building testing infrastructure and facilities of global standards for evaluation.
