The Government has released the National Cyber Security Policy 2013 to safeguard both physical and business assets of the country. The vision of the policy is, "to build a secure and resilient cyberspace for citizens, business and Government".The distinctive feature of the policy is to create a mechanism to obtain information regarding information and communications technology...
The Government has released the National Cyber Security Policy 2013 to safeguard both physical and business assets of the country. The vision of the policy is, "to build a secure and resilient cyberspace for citizens, business and Government".
The distinctive feature of the policy is to create a mechanism to obtain information regarding information and communications technology (ICT) infrastructure threats and to respond to it and solve it.
The policy comes amid reports of snooping by the US globally and ever-increasing threats to the country from cyber- attacks. In 2011 alone, India witnessed 13,000 cyber-attacks. The policy's objective is to set up a nodal agency to coordinate all matters related to cyber security in the country with clearly defined roles and responsibilities. The policy also aims at creating a secure cyber eco-system; strengthening the regulatory framework; creating mechanisms for early warning, vulnerability management and response to security threats. Additionally, it seeks to promote research and development in cyber security and reduce supply chain risks among other objectives.
Speaking to Live Law, Apar Gupta, Partner at Advani & Co said, "The National Cyber Security Policy is an important document which is vital to securing India's technology assets. Towards this the existence of the policy is a positive development. However there are certain points of concern with respect to the contents. The policy is broadly framed and though this will allow it flexibility in future, it also poses a problem of definition, where vital themes such as critical infrastructure are left undefined. At the same time, the policy also seems to extend much beyond government technology resources and contemplates compliances for the private sector. Though this is essential, this should commence from an identification of private sector resources which are critical. Another theme which is missing is making privacy and civil liberties a vital aspect of cyber security. Though the policy does contain language to implement privacy standards, it does not extend it to other aspects of civil liberties. For instance, the US Cyber Security policy framework mandates a Privacy and civil liberties official in the NSC directorate. The National Cyber Security Policy is an attempt which needs to be continued further dialogue and discussion."
Reportedly, while explaining the necessity of the policy the Communications and IT Minister Kapil Sibal has said that there are always chances of cyber-attacks from state and non-state actors, corporates and terrorists. "Critical infrastructure like the air defence system, power infrastructure, nuclear plants, telecommunications system needed to be well insulated, otherwise it may lead to economic instability", says Sibal.
Though framing a policy is a step in right direction, interestingly the Senior Ministers of the Government itself has shown scant regard to it on the same day the policy was released. The Minister for External Affairs Salman Khurshid has justified the US line and said "NSA's surveillance programme is not actually snooping." The 'The Hindu' has written an Editorial severely criticising the stand of the Government.
Image from here.