The much awaited National Cyber Security Policy has been unveiled today by Minister of State, Communications & IT, Shri Milind Deora.
The policy aims to serve as an umbrella framework for defining and guiding the actions related security of cyberspace. It also enables the individual sectors and organizations in designing the appropriate cyber security policies to suit their needs.
The minister himself announced on twitter regarding the unveiling of the Policy:
Unveiled India’s 1st Cyber Security Policy to safeguard individual privacy, corporate data & sovereign virtual assets pic.twitter.com/GaXOJlHFWK
— Milind Deora (@milinddeora) July 2, 2013
Contents
Mission of National Cyber Security Policy 2013
To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats , reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people , processes, technology and cooperation.
National Cyber Security Policy 2013 – Key Highlights
To meet with the various objectives of the cyber security policy, here are the strategy that will be put in place.
- Policy aims at creating a national level nodal agency that will co-ordinate all matters related to cyber security in the country
- It will encourage organizations to develop their own security policies as per international best practices.
- The policy will ensure that all organizations earmark a specific budget to implement their security policies and initiatives.
- Policy plans to offer various schemes and incentives to ensure that proactive actions are taken for security compliance.
- To create an assurance framework, policy will create conformity assessment and certification of compliance to cyber security best practices, standards and guidelines
- Policy aims at encouraging open standards that facilitate interoperability and data exchange among different IT products and services.
- A legal framework will be created to address cyber security challenges arising out of technological developments in cyber space.
- The policy also plans to enforce a periodic audit and evaluation of adequacy and effectiveness of security of Information infrastructure in India.
- The policy will create mechanisms to get early warnings in case of security threats, vulnerability management and response to the security threats thereof
- A 24X7 operational national level computer emergency response team (CERT-in) will function as an umbrella organization that will handle all communication and coordination in deal with cyber crisis situations.
- To secure e-governance services, policy will take various steps like encouraging wider usage of Public Key Infrastructure (PKI) standards in communications and engagement of expert security professionals / organizations to assist in e-governance.
- The policy will encourage and mandate use of tested, validated and certified IT products in all sensitive security areas
- The policy also plans to undertake and invest in various R&D programs in area of national cyber security
National Cyber Security Policy 2013 – Full Document
Our Take on the Policy
To be honest, we are extremely disappointed with the security policy – Looks like it has been created just for fulfilling the duty of “creating” a policy document which in reality cannot be used for any purposes. We think that policy does not bring any clear cut plan of action to ensure cyber security.
The document does talk of “creating and implementing” lot of things, but details are completely missing. The how’s and who’s are nowhere to be seen.
We spoke to Rohit Srivastwa, expert in cyber security and founder of Clubhack.com and he echoed the same feelings – “The draft document presented looked like a very superficial policy with a lot of details either missing or yet to be added ”
It looks like Government has come up with this policy because of “The world has a cyber security policy and so we should also have one” syndrome
Would love to hear your thoughts on this!
