India has the maximum number of internet users globally and stands among the top 10 countries facing cyber-attacks. Cybersecurity issues now are not only limited to hacking and money related frauds but also have become a threat to national security. Prime Minister of India on Independence Day announced that India will soon have a new cybersecurity policy as its dependence has increased manifold.
The new policy is likely to address the current gaps and provide a robust framework to handle cybersecurity issues. It will focus on significant governance reforms. There are many agencies available at both the national and state levels, trying to resolve cybersecurity issues. However, there is no centralised command to inspect and coordinate efforts to handle broader cybersecurity issues.
NCSC (National Cyber Security Coordinator) and CERT-In (Indian Computer Emergency Response Team) have recently made tremendous efforts to handle cybersecurity issues. It is the time to put a central command on CBI or CEC’s lines, which will be a single point authority at the mid-level. Although RBI, SEBI, IRDAI, TRAI, PFRDA have different cybersecurity framework for their regulated entities, none of the frameworks talk about inter-regulator coordination or incorporated approach to handle cybercrime. Therefore, the existing policy needs to address a unified cybersecurity framework across various regulators.
Demonetisation and coronavirus pandemic have pushed us to embrace digitization, and we cannot return from this point. Though work from home was never forecasted at such a large scale, it is now accepted as a new normal. India has a wide range of digital technologies, but it will not sustain the trend if we do not have a firm shield in data protection laws and privacy policies.
The new cybersecurity policy 2020 would expectedly address the issue of protecting vital information infrastructure in cyberspace. It will create integrated capabilities to respond and prevent cyber threats, reduce vulnerabilities and damage from cyber incidents by mixing institutional structures, people, processes, and technology through a well-defined governance framework. There is an urgent requirement of having comprehensive and unified government institutions for creating a cyber-defence network.
The government needs to consider making a Cyber Defence Agency that has to be confided with the responsibility in implementing the cyber defence strategy for national security. As part of the defence program, cyber commando forces to neutralise any cross-border cyber terrorism or cyber-attack and make specialised cyber police cadres in all state police departments.
Sectorial CERT and state-level CERT will be more impactful for rapid response on any cyber-attack. The state-level CERT will have to ensure faster incident response and association with national agencies. Creating a business environment to leverage artificial intelligence (AI) and robotics could also enhance cyber defence.
Government officials need to pass the Data Protection Bill to protect pivotal information such as personal data, business information, and financial information and improve India’s cyber defence policy.
It is high time to consider amendment of the existing IT Act, 2000, which does not fully sync with today’s cyber threat. The act’s most provisions have become unessential and are unable to address the newer cyber threat landscape. Additionally, it’s already delayed, but the high time that they introduce data privacy laws.
With the immense growth of the e-commerce market, people share essential information every day without legal support. The privacy act will be a great appreciation for the forthcoming cybersecurity policy. The amended policy is expected to cover the entire spectrum of present and future cyber challenges.