CYBER SECURITY

The incidences of cyber security breaches are increasing day by day. What's worse,
there's nobody immune from it; governments, private organizations, individuals- all
have been victims of cyber attacks at some time or the other, sometimes without
even realizing it.

Due to constantly evolving nature of modern IT age and other issues involved,
cyber security remains a major concern for security authorities and
policymakers in India.

In this modern era, all departments, including administration itself, have

gone online and thereby, involve major cyber concerns. In light of this,
securing critical infrastructures such as air defence system, nuclear
establishments, power and banking operations, telecommunication etc,
from cyber attacks has become crucial to national security.

Despite of being an IT superpower, there is woeful shortage of Cyber experts

in the country. Government and private sector shall not only be needed to
employ more cyber experts but also strengthen skills of existing working
cyber professionals as the emerging new challenges in cyber space are very
dynamic per se.

In recent time, there is unprecedented surge in incidents of snooping

operations by US and other nations. This has resulted in compromising
critical national information metadata and privacy of our citizens.
Additionally, cyber world is also seeing the increasing number of proxy-cyber
war across the borders. This is perhaps the biggest potential threat to our
national cyber security.

Private participation in cyber security still remains a distant dream for India.
Despite of having a dedicated National Cyber Security Policy, which was

envisaged in 2013 and emphasised on Public-Private Partnership (PPP) model,

government has not succeeded to scale up the private participation in Cyber
security.

According to National Crime Record Bureau (NCRB) report-2013, number of

cyber crimes and other online frauds incidents are increasingly going up. Thus,
curbing serious cyber crimes, like credit card frauds, spoofing, online stalking,
child-pornography, etc are vital to socio-economic well-being of India.

Other issues

Lack of Indigenisation: Indias cyber security architecture is overwhelmingly

dependent on other foreign non-state actors for web-security concerns. India
imports large scale of electronics and other web-using gadgets. This has
generated genuine web security concerns.

Weak Global Internet governance: Lack of impartial global Internet

governance remains another major impediment in achieving reliable cyber
security environment within country.

Ineffective Cyber Regulation and poor implementation: Most of social

networking websites have their root servers out of the Indian Territory. This
can result into possible abusing of these critical metadata. In addition, social
networking sites are increasingly playing a significant role in social, political
and economic landscapes of the country; therefore any discrepancies in
regulation can turn into grave socio-politico turbulence as we are evident of
Arab-spring in middle east region.

Lack of Accountability: Many cyber security related projects are managed by

Indian security and intelligence agencies without any parliamentary approval
and

oversight.

The

intelligence

infrastructure

of

India

needs

transparency and reforms. Without this, cyber immunity cannot be granted

to these agencies. India must also reconcile civil liberties and national
security requirements while protecting Indian cyberspace.

Absence of diplomacy and international co-ordination in Cyber security:

India needs to work at the international diplomacy and cooperation levels as
well. Recently India opposed the idea of including cyber security technologies
under the Wassenaar Arrangement as till date India is not self dependent
in this field. However, once local competence is achieved, such issues would
not bother India anymore. Also, India is advocating a transparent
International Cyber Law along with many developing countries. With
increasing cyber crime and espionage (US cyber espionage), international
collaborations and commitment is the need of the hour.
In this backdrop, India enacted National Cyber Security Policy, 2013.

National cyber security policy 2013

National cyber security policy 2013 aims to serve as an umbrella framework

for defining and guiding the actions related security of cyberspace.

It also enables the individual sectors and organizations in designing the

appropriate cyber security policies to suit their needs.

A national and sector wise 24/7 mechanism has been envisaged to deal with
cyber threats through National Critical Information Infrastructure Protection
Centre (NCIIPC).

The policy caters for the whole spectrum of ICT users and provides service to,
including small and home users, medium and large enterprises and
government and non-government entities.

There is a plan to operate and strengthen the National Computers

Emergency Response Team (CERT-In) to operate 24/7 and to act as a nodal
agency for all efforts for cyber security, emergency response & crisis
management.

To create workforce of 500000 professionals skilled in cyber security in next

five years through capacity building, skill development and training.

Critical analysis of National Cyber Security Policy 2013

The policy promises to encourage open standards, which has been a

universally accepted goal since the advent of standardized manufacturing.
However, it fails to spell out how it plans to overcome the coordination
issues, which have been hindering the acceptance of open standards across
the world.

The policy promises to develop a dynamic regulatory framework for

technological developments without explaining what this framework would
aim to do or how it plans to regulate technological developments carried out
beyond Indian Borders.

The policy avoids addressing some of the most basic and polarizing debates
such as the role of civilian versus military establishment in cyber security,
privacy versus security , censorship versus freedom of speech and use of
Indigenous security products versus importing vulnerable technology.

The co-ordination of cyber security among various sectors of economy

remains under the ambit of CERT-In. CERT-In is a civilian agency functions
under the department of information technology.

The charge of protecting critical information infrastructure from cyber

threats has been given to the National Technical Reconnaissance
Organization (NTRO). NTRO is a specialized intelligence gathering agency.

Most of the cyber crimes are expected to be dealt by the local police under
state government in combination with outside consultants.

SUPER CYBER INTELLIGENCE BODY

India will soon get an overarching body for cyber intelligence and security.
The National Cyber Security and Coordination Centre (NCSC) will analyze

Internet traffic data scanned and integrated from various gateway routers at
a centralized location. It will facilitate real-time assessment of cyber-security
threats and generate actionable reports for various agencies.

As a multi-agency body under the Department of Electronics and IT, the NCSC
will include the National Security Council Secretariat, the Intelligence Bureau,
the Research and Analysis Wing (RAW), the Indian Computer Emergency
Response Team (CERT-In), the National Technical Research Organization
(NTRO), the three armed forces and the Department of Telecommunications.

It is expected to subsume the work done by CERT-In as well as issue alerts in

the event of a cyber-attack

With Indias vision of Digital India and National Fiber Optic Network to
connect billions of masses, it is imperative to have a proper cyber security
measure.