Telangana Plans CyberSec Framework for 2016Emphasis on Skill Development and Collaboration to Address Future Threats
The Telangana ICT policy , unveiled by the state government recently, has a lot of promise around cyber security, in terms skill development schemes, fresh investments and a proposed cyber security framework.
Envisioned to transform the state into the most preferred IT destination, the ICT policy identifies security as one of the key pillars of IT investments and high priority focus for the government.
The new initiatives proposed around open data sharing & accessibility, IoT. (See: New IoT Policy: The Security Concerns) and smart cities (See: The Challenges of Securing Smart Cities) will give major impetus to developing cybersecurity framework to address security challenges emerging from these. According to K T Rama Rao, minister for IT and Communications of Telangana, while the boons of IT including the emerging areas are clearly visible, it is an unfortunate reality that misuse of IT also takes place at a large scale. "The government is conscious of its responsibilities to ensure that no institution or even a citizen of the state is adversely affected by the wrong use of Information technology," he says. "The government will accordingly encourage effective action in areas including cyber security," says Rao.
Industry experts welcome the new policy and say practical execution plan is critical to establish a cybersecure ecosystem, with greater emphasis on public-private partnership.
Addressing the Skill Crisis
Telangana is one of the few states in the country that has always focused on addressing the growing staffing crisis (See: Telangana Addresses Staffing Crisis)
The new policy ensures that the undergoing initiatives are taken to the next level. The policy states that TASK (Telangana academy for skill and knowledge) will encourage development of specific domain-led programs for specific requirements of verticals such as finance, market research, supply chain planning, inventory management, big data (See: What Happens when Big Data, Internet of Things, and the Cloud Meet?) and analytics, networking, e-governance, developers, user interface specialisation, QA testing, mobile computing and cybersecurity.
According to the ministry, the government will also promote training in cyber security in a big way to ensure that a large pool of trained and skilled manpower is available not only for the Government's own cyber security needs but also for the private companies.
"Skill development is going to be a key aspect going forward. As part of the collaborative approach by the government and NASSCOM (See: What Does PM's New 'Start-Up Action Plan' Mean for Cybersecurity?) , we are focusing on certifying candidates based on their skills and capacity, rather than going by their qualification," says Hyderabad-based Srikanth Srinivasan, regional director-TS & AP, NASSCOM Chapter.
The specialized courses, offered by JNTU, are already attracting many students, he adds. At present, about 2000 students across 30 colleges are being trained on cyber security, with a focus on use-cases and practical knowledge. As a next step, NASSCOM and JNTU are planning to expand the courses further to include more number of students and colleges. The students who pass out of such courses are offered specialization certificates by the industry body.
NASSCOM has also taken initiatives to ensure the absorption of talent by the private sector. "Skill development programs can't be successful without ensuring that the candidates find the desired career opportunities. In view of this, we are working with private sector companies to identify new opportunities and ensure that the certified candidates get preference," says Srinivasan.
Collaboration is Key
Besides, building capacity of cybersecurity professionals, the state is laying sufficient thrust on developing information sharing (See: India's Information-sharing Challenge) mechanism and involving multiple stakeholders in the form of public-private partnership.
The policy recommends having basic security in place before developing a cybersecurity framework blueprint. Security leaders agree that a legal framework and holistic approach to security are going to be critical going forward with clear public-private partnership structure.
"Though the threats and impact of attacks are global in nature, the proposed cybersecurity framework needs to lay emphasis on the legal aspect of security to enable local teams to address cybercrime and security challenges," says Bharani Kumar Aroll, secretary of Hyderabad-based Cyberabad Security Council, formed by the IT Industry, developers of IT Parks, Cyberabad Police Commissionerate, IT&C Department.
He says, it is a positive gesture to see that the government is already working with academic institutions like NALSAR University of Law in coming up with a legal and regulatory framework. "For this, it is imperative to create awareness about cybersecurity among law-enforcement agencies to enable them to understand and mitigate the future risks and threats," says Aroll.
Experts says the proposed cybersecurity framework needs to envelope effective incidence response (See: Building Effective Incidence Response) mechanism and disaster recovery methods and information sharing mechanism to help practitioners combat threats. p>
Srinivasan of NASSCOM highlights the need for a security policy which covers the redressal aspect really well.
The security leaders recommend:
- The new framework should be assuring for all stakeholders namely the private sector, government, citizens, service providers and law enforcement agencies;
- Develop an ability among law enforcement agencies to quickly adopt preventive resilient mechanism;
- Focus on effective redressal mechanism which is more citizen-friendly;
- Awareness programs for citizens on their rights, legal procedures and importance of evidence in cybercrimes.
In response, the policy promises a robust legal framework which assists information exchange and data privacy for institutions collaborating in this area. The ministry assures that the government will draft a comprehensive cyber security policy that encompasses all the required ingredients.
"Just having a policy is not going to be good enough. The policy makers will need to enforce a course of action, monitor it and ensure that the goal is achieved. So there is a long way to go before we conclude how good or bad the ICT policy is," adds Aroll.