Science & Tech

There is a draft cybersecurity strategy—Centre

  • The government notified the Lok Sabha that the National Security Council Secretariat (NSCS) has developed a draught National Cyber Security Strategy that takes a comprehensive approach to resolving the problem of national cyberspace security.

The National Cyber Security Strategy

  • The report, which was conceptualised by the Data Security Council of India (DSCI), focuses on 21 areas to ensure that India has a safe, secure, trusted, resilient, and thriving cyberspace.

The report’s primary areas of concentration are:

  • Large-scale digitalization of public services: Institutional capacity for core device inspection, evaluation, certification, and rating needs to be developed, with a focus on security from the beginning of all digitalization activities.
  • Supply chain security: The supply chains for integrated circuits (ICT) and electronics products should be closely monitored and mapped. Scaling up product certification and testing is necessary, and the nation’s semiconductor design capabilities must be used internationally.
  • Protection of the critical information infrastructure: Enterprise security should be integrated with SCADA (supervisory control and data acquisition) security. Additionally, a vulnerability repository should be kept up.
  • Digital payments: Threat research and intelligence sharing should be done along with mapping and modelling of the deployed devices and platforms, transacting entities, payment flows, interfaces, and data exchange.
  • State-level cybersecurity: It is necessary to create cybersecurity rules and regulations for security operations, architecture, and governance.

Steps the report suggest

  • The report offers the following suggestions for putting cybersecurity into practise in the focus areas mentioned above:
  • Financial provisions It has been suggested that a minimum of 0.25% of the annual budget, which can be increased up to 1%, be set aside for cyber security.
  • Allocation by ministry: 15-20% of the IT/technology budget for individual ministries and agencies should be set aside for cybersecurity.
  • Creating a Fund of Funds: The report also recommends creating a Fund of Funds for cybersecurity in order to give states access to central funds for the development of their national capacities in this area.
  • Research and development, talent development, and technological development are recommended in the report. It also recommends funding investments in deep-tech cyber security innovation and the modernization and digitization of ICTs.
  • National certification framework: In order to give international professional certifications in security, a national framework should be developed in cooperation with organisations like the National Skill Development Corporation (NSDC) and ISEA (Information Security Education and Awareness).
  • The DSCI also advises the establishment of “cyber security services” with personnel drawn from the Indian Engineering Services.
  • Crisis management: The DSCI advises conducting cybersecurity drills that involve real-life events and their effects in order to adequately prepare for handling crises. Simulation exercises for cross-border scenarios must be conducted on an international level in industries that are crucial.
  • Cyber insurance: Because this area of study is still in its infancy, it requires actuarial science in order to address cybersecurity risks in technological and business contexts and to estimate threat exposures.
  • Cyberdiplomacy: India’s international relations are greatly influenced by cyberdiplomacy. The government should promote India’s reputation as a trustworthy participant in cyber security and appoint “cyber envoys” to important nations and regions in order to advance better diplomacy.
  • Cybercrime investigation: It also recommends developing a five-year roadmap that accounts for potential technological change, creating special courts to handle cybercrimes, and boosting the number of centres that offer expert opinions on digital evidence under Section 79A of the IT Act.
  • Advanced forensic training: In addition, the DSCI advises agencies to undergo advanced forensic training to stay current in the era of AI/ML, blockchain, IoT, cloud computing, and automation.
  • Cooperation between agencies: To find information about service providers abroad, law enforcement and other agencies should work together with their colleagues abroad.

Way ahead

  • India has to deal with the necessity and significance of both cyber offences and defence.
  • India’s main response strategies—possibly its only ones—appear to be defensive as of right now.
  • As a response, India must likewise invest in more aggressive cyber tools.
And get notified everytime we publish a new blog post.