Why India's Approach to Cybersecurity Comes Up ShortA Comprehensive, Pragmatic Cybersecurity Policy Is Essential
At a time when India needs its leaders to spell out practical new ways to address its evolving cybersecurity challenges, Ravi Shankar Prasad, minister of IT and law, unfortunately chose to mainly rehash ongoing efforts in a recent presentation.
At a Press Information Bureau regional editors' event, Prasad:
- Said the government will set up a National Cyber Coordination Centre, when, in fact, it was created more than a year ago;
- Announced the government will train police officers and human resources professionals in cybersecurity, even though that activity has been going on for nearly a year;
- Described creation of a task force by the National Association of Software and Services Companies to create cybersecurity clusters - another project that's already well underway.
Rather than rehashing ongoing efforts or proposing impractical projects, it's time for Prasad and other leaders in India to devise a comprehensive, practical cybersecurity policy.
In addition, Prasad described a plan to train judges on handling cybercrime cases, which seem unrealistic, given that India's Cyber Appellate Tribunal is without a chairperson and judges on the bench are not empowered to tackle such cases.
A Reality Check
Here are some details on ongoing efforts.
India opened its National Cyber Coordination Centre back in April 2015. The government's cybersecurity arm, Indian Computer Emergency Response Team, or CERT-In, is the main agency involved, supervised by the Prime Minister's Office under Dr. Gulshan Rai's leadership.
Rai is already collaborating with stakeholders to develop a cybersecurity framework and seeking international cooperation to develop organizational policy and a legal framework.
Meanwhile, to train the police force to fight cybercrime, Union Home Minister Rajnath Singh instructed the Intelligence Bureau early last year to create a cybersecurity architecture independent of the National Technical Research Organization, an agency of the National Security Adviser, working under the Prime Minister's Office.
The ministry gave the go-ahead to create a specialized wing with 500 new positions to train the police force. Plus, Maharashtra police have teamed up with The National Institute of Electronics & Information Technology to build the capacity of cybersecurity professionals.
In another ongoing development, Nasscom and Data Security Council of India government have launched a Cyber Security Task Force to help India serve as a global hub for cybersecurity solutions. Rajendra Pawar, chairman of the task force, will lead efforts to create a blueprint.
What Does the Country Need?
Rather than rehashing ongoing efforts or proposing impractical projects, it's time for Prasad and other leaders in India to devise a comprehensive, practical cybersecurity policy, especially in light of such factors as smart cities, Digital India and the internet of things.
The nation needs an information sharing mechanism to equip key stakeholders, including information security practitioners, risk management professionals, compliance experts, researchers and academicians to drive innovations.
It's time the government paid attention to:
- Developing innovative methods of building the scale of security operations among enterprises;
- Generating support for the government's research and development activities designed to enhance cyber defence capabilities;
- Enhancing capabilities of law enforcement agencies across India;
- Introducing cybersecurity education scholarships and funding for Ph.D. scholars to conduct research in the field.