National Cyber Security Policy 2013

National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology (DeitY), Ministry of Communication and Information Technology, Government of India.[1] It aims at protecting the public and private infrastructure from cyber attacks.[2] The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. Ministry of Communications and Information Technology (India) defines Cyberspace is a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology.[2][3][4]

The National Cyber Security Policy of India 2013 is suffering from various shortcomings and limitations as per various studies and researches.[5][6][7][8][9] Despite the declaration of the policy, India is still not cyber prepared.[10] The policy has also not been implemented till the month of November 2014 (till 21 November 2014). The cyber security challenges in India would increase further and immediate action is required in this regard.[11] The proposed initiatives like National Cyber Coordination Centre [12] and National Critical Information Infrastructure Protection Centre (NCIIPC) of India could prove useful in strengthening Indian cyber security and critical infrastructure protection in India.[13][14]

Reason for Cyber Security

India had no Cyber security policy before 2013. In 2013, The Hindu newspaper, citing documents leaked by NSA whistleblower Edward Snowden, has alleged that much of the NSA surveillance was focused on India's domestic politics and its strategic and commercial interests. This leads to spark furor among people. Under pressure, Government unveiled a National Cyber Security Policy 2013 on 2 July 2013.

Vision

To build a secure and resilient cyberspace for citizens, business and government.

Mission

To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

Objective

Ministry of Communications and Information Technology (India) define objectives as follows:

Strategies

Shortcomings

The National Cyber Security Policy 2013 has failed to address numerous issues as per various research and analysis.[5][6][7] Some of these issues are:

(1) The declared cyber security policy has proved to be a paper work alone with no actual implementation till date.[15]

(2) The cyber security trends and developments in India 2013 (Pdf) provided by Perry4Law’s Techno Legal Base (PTLB) has listed the shortcomings of Indian cyber security policy in general and Indian cyber security initiatives in particular.[16]

(3) Indian cyber security policy has failed to protect civil liberties of Indians including privacy rights.[17]

(4) Civil liberties protection in cyberspace has been blatantly ignored by Indian government and e-surveillance projects have been kept intact by the Narendra Modi government.[18]

(5) The offensive and defensive cyber security capabilities of India are still missing.[19]

(6) India is considered to be a sitting duck in cyberspace and cyber security field and the proposed cyber security policy has failed to change this position.[20]

(7) Over regulation, ICT Supply Chain risks, absence of adequate testing facilities of electronic equipments, lack of stress upon international cooperation, etc are some other concerns that have been raised by the Data Security Council of India.[8]

(8) The NCSP's poor drafting and meaningless provisions do not advance the field.[9]

In short, India is not at all cyber prepared [10] despite the contrary claims and declared achievements and the cyber security policy is just another policy document with no actual implementation and impact.The cyber security challenges in India would increase further and immediate action is required in this regard.[11]

References

  1. "National Cyber Security Policy-2013". Department Of Electronics & Information Technology, Government Of India. 1 July 2013. Retrieved 21 November 2014.
  2. 2.0 2.1 "Amid spying saga, India unveils cyber security policy". Times of India. INDIA. 3 July 2013. Retrieved 24 September 2013.
  3. "National Cyber Security Policy 2013: An Assessment". Institute for Defence Studies and Analyses. August 26, 2013. Retrieved 2013-09-24.
  4. "For a unified cyber and telecom security policy". The Economic Times. 24 Sep 2013. Retrieved 2013-09-24.
  5. 5.0 5.1 "Beyond the New 'Digital Divide': Analyzing the Evolving Role of National Governments in Internet Governance and Enhancing Cybersecurity". Stanford Journal of International Law, Vol. 50, p. 119, Winter 2014 Indiana Legal Studies Research Paper No. 290. 15 July 2014. Retrieved 8 November 2014.
  6. 6.0 6.1 "Analysis Of National Cyber Security Policy Of India 2013 (NCSP-2013) And Indian Cyber Security Infrastructure". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 21 November 2014. Retrieved 21 November 2014.
  7. 7.0 7.1 "Ten things you should know about India’s Cyber Security Policy". CXO Today. 15 October 2013. Retrieved 21 November 2014.
  8. 8.0 8.1 "Analysis of National Cyber Security Policy (NCSP–2013)". Data Security Council of India. 15 July 2013. Retrieved 21 November 2014.
  9. 9.0 9.1 "The National Cyber Security Policy: Not a Real Policy". ORF Cyber Security Monitor, Volume I Issue 1. 1 August 2013. Retrieved 21 November 2014.
  10. 10.0 10.1 "Cyber Security Breaches Are Increasing World Over And India Must Be Cyber Prepared". Perry4Law Organisation. 22 May 2014. Retrieved 2014-08-14.
  11. 11.0 11.1 "Cyber Security Challenges In India Would Increase". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 18 November 2014. Retrieved 21 November 2014.
  12. "National Cyber Coordination Centre (NCCC) Of India May Become Functional". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 20 January 2014. Retrieved 21 November 2014.
  13. "National Critical Information Infrastructure Protection Centre (NCIIPC)". India Smart Grid Knowledge Portal. 20 January 2013. Retrieved 21 November 2014.
  14. "National Critical Information Infrastructure Protection Centre (NCIPC) Of India". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 11 April 2013. Retrieved 21 November 2014.
  15. "National Cyber Security Policy Of India 2013 (NCSP 2013)". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 26 December 2013. Retrieved 2014-08-14.
  16. "Cyber Security Trends And Developments In India 2013". Perry4Law’s Techno Legal Base (PTLB). 30 December 2013. Retrieved 2014-08-14.
  17. "National Cyber Security Policy Of India Has Failed To Protect Privacy Rights In India". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 4 July 2013. Retrieved 2014-08-14.
  18. "Civil Liberties Protection In Cyberspace". Perry4Law’s Techno Legal Base (PTLB). 20 June 2009. Retrieved 2014-08-14.
  19. "Offensive And Defensive Cyber Security Capabilities Of India". Perry4Law’s Techno Legal Base (PTLB). 8 November 2012. Retrieved 2014-08-14.
  20. "India Is A Sitting Duck In The Cyberspace And Civil Liberties Protection Regime". Perry4Law’s Techno Legal Base (PTLB). 2 July 2013. Retrieved 2014-08-14.

External links