India’s National Cyber Security Strategy

SECURITY/ GOVERNANCE

• GS-3: Challenges to internal security through communication networks, basics of cyber security.
• GS-2: Government policies and interventions for development in various sectors and issues arising out of their design and implementation.

India’s National Cyber Security Strategy

Context: Amid a surge in cyberattacks on India’s networks, Centre is yet to implement the National Cyber Security Strategy which has been in the works since 2020.

What is National Cyber Security Strategy? 

Conceptualised by the Data Security Council of India (DSCI) headed by Lt General Rajesh Pant, the report focuses on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India. 

Here are the main sectors of focus of the report: 

• Large scale digitisation of public services: Focusing on security in the early stages of design in all digitisation initiatives, developing institutional capability for assessment, evaluation, certification, and rating of the core devices and timely reporting of vulnerabilities and incidents. 
• Supply chain security: Monitoring and mapping of the supply chain of the Integrated circuits (ICT) and electronics products, scaling up product testing and certification, leverage the country’s semiconductor design capabilities globally at strategic, tactical and technical level.
• Critical information infrastructure protection should include monitoring digitisation of devices, evaluating security devices, maintaining a repository of vulnerabilities, devising audit parameters for threat preparedness and developing cyber-insurance products 
• Digital payments: Mapping and modeling of devices and platform deployed, routine threat modeling exercises to disclose vulnerabilities, threat research and sharing of threat intelligence, timely disclosure of vulnerabilities 
• State-level cyber security: Developing state-level cybersecurity policies, allocation of dedicated funds, critical scrutiny of digitization plans, guidelines for security architecture, operations, and governance 
• Security of small and medium businesses: Policy intervention in cybersecurity granting incentives for higher level of cybersecurity preparedness, developing security standards, frameworks, and architectures for the adoption of Internet of Things (IoT) and industrialisation

To implement cybersecurity in the above-listed focus areas, the report lists the following recommendations:

• Budgetary provisions: A minimum allocation of 0.25% of the annual budget, which can be raised upto 1% has been recommended to be set aside for cyber security.
• Research & innovation: The report suggests investing in modernisation and digitisation of Integrated Circuits (ICT), set up a short and long term agenda for cyber security via outcome-based programs and host hackathons, hands-on workshops & simulations.
• Human Resources: A national framework should be set to provide global professional certifications in security. DSCI further recommends creating a ‘cyber security services’ with cadres chosen from the Indian Engineering Services. 
• Crisis management: For adequate preparation to handle crisis, DSCI recommends holding cybersecurity drills which include real-life scenarios with their ramifications. 
• Cyber Diplomacy: Cyber security preparedness of key regional blocks like BIMSTEC and SCO must be ensured via programs, exchanges and industrial support. To further better diplomacy, the government should promote brand India as a responsible player in cyber security and also create ‘Cyber envoys’ for the key countries/regions.

Progress on implementation of the policy

• Centre clarified that it has formulated a draft National Cyber Security Strategy 2021 which holistically looks at addressing the issues of security of national cyberspace. 
• Without mentioning a deadline for its implementation, Centre added that it had no plans as of yet to coordinate with other countries to develop a global legal framework on cyber terrorism.

Connecting the dots:

• Cyber Threats
• Cybersecurity & banks
• India needs a Cybersecurity Strategy
• Global Cyber Security Index