Latest 10 Indian Government Initiatives on Cybersecurity
Developing a ‘cyber-secure nation’ for businesses and individuals is a key component of India's national cybersecurity strategy.
A SKOCH event featured Indian National Cybersecurity Coordinator Rajesh Pant, who claimed that when India's cybersecurity strategy policy is released in 2020, it will be able to secure the entire nation. In plenty of ways, this will assist the government in its vision for a $5 trillion economy.
Adding to that, he explained how the most essential requirement for securing the internet is for government officials to coordinate effectively to protect the entire country from cyber threats. A cybersecurity framework must take into account the proper formation of critical infrastructure and the establishment of seamless public-private partnerships.
Creating such a rigorous framework will require a significant budget. “Considering our nation's size and scale, we need approximately ₹25,000 crores for cyber security Indian government projects. The university curriculum must also emphasize cybersecurity as a high-decibel awareness subject”, said Ajeet Bajpai, Director-General of the National Critical Infrastructure Protection Centre.
There has never been a more crucial time to develop a secure framework for all government organizations, with an increasing number of breaches affecting the country and government websites being hacked.
As part of this article, we will outline the progress India has made regarding its cybersecurity strategy in 2020 and some of the Indian government initiatives on cybersecurity taken.
Indian government initiatives on cybersecurity
India's national agency for cybersecurity, The Indian Computer Emergency Response Team (CERT-In), has led to a reduction in cyber-attacks on government networks due to its advancements in tackling the nation's cybersecurity. By teaching cybersecurity awareness and anti-phishing to government officials across India, government employees are better prepared to fight cybercrime. The CERT-In Group also informs the public about the latest cyber vulnerabilities and countermeasures to combat them, in addition to spreading awareness of the dangers posed by phishing attacks.
2. Cyber Surakshit Bharat
Cyber Surakshit Bharat is an initiative from the Ministry of Electronics and Information Technology (MeitY) that pointed at creating a robust cybersecurity ecosystem in India. This aligns with the government's vision for a ‘Digital India’. The National E-Government Division (NeGD) sponsored this program.
As a result of the Indian Government Initiatives on Cybersecurity, the governance system has rapidly transformed with technological advancements, the necessity of good governance has become more important. The initiative would encourage CISOs and frontline IT staff across all government departments to be aware of cybercrime and build their abilities to protect themselves. This first public-private partnership also includes a series of workshops to help officials become knowledgeable about cybersecurity, and equip them with toolkits for fighting cyber-threats.
3. National Critical Information Infrastructure Protection Centre
As a part of Indian Government Initiatives on Cybersecurity, to safeguard critical information relevant to national security, economic development, and public health, India has established the National Critical Information Infrastructure Protection Center. Information Technology (IT) Act, 2000, Section 70A, amended this provision. Cybersecurity exercises are conducted by this organization to make sure the Government and critical sectors are prepared in terms of cybersecurity.
There are roughly four ‘Critical Sectors’ identified by NCIIPC:
1. Energy & Power
2. Finance, Insurance, and Banking
6. Public and Strategic Enterprises
4. Cyber Swachhta Kendra
New Delhi hosted the 12th India Security Summit on the 28th of August, 2019 under the theme “Towards New National Cyber Security Strategy”. Several topics were discussed at the conference, such as protecting critical national infrastructure and addressing emerging cyber threats. During the panel, it was also noted that cybersecurity is a challenging area in the digital world, so new tools and technologies should be developed more quickly.
The MHA launched this I4C Indian Cyber Crime Coordination Centre program to combat cybercrime in the country, through a coordinated and efficient method, from 2018 to 2020.
Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) is an installation under the Ministry of Electronics and Information Technology (MeitY). It aims at:
1. To create secure cyberspace for Indian users by detecting botnet infections and enabling end-users to clean their systems and secure their systems thereafter to prevent further infections.
2. To create a more secure cyber ecosystem in the country by the National Cyber Security Policy.
3. Section 70B of the Information Technology Act, 2000 authorizes CERT-In to operate the center.
The Indian government cyber security department puts efforts to prevent cybercrime and expedite investigations, the central government has issued cyber-related alerts/advisories, improved cyber forensics facilities, and increased capacity building among law enforcement, judges, and prosecutors.
5. National Cyber Security Strategy 2020
A National Cyber Security Strategy 2020 is still under development at the Indian government cyber security department National Security Council Secretariat by the Office of the National Cyber Security Coordinator. Information security refers to preventing attacks, damage, misuse, and economic espionage in cyberspace. A three-tiered organization, the National Security Council (NSC) of India oversees issues related to politics, economy, energy, and security.
The aim is to increase the quality of cybersecurity audits will help improve cyber awareness. Cyber auditors will hold organizations to a higher standard of security than currently required by law.
It is about the idea that cyberattacks can occur regularly which can be reinforced through table-top crises management exercises. It also centers on cyber preparedness which should be indexed and performance should be monitored. This initiative states that cybersecurity deserves its budget, and other departments with the necessary domain knowledge should synergize their roles and functions.
6. Appointing CIOs
Globalization has made the adoption of stringent measures increasingly essential as a result of rapid digitalization. The smallest crack in the governmental system could devastate the government, bringing it to a halt.
Each government organization should therefore be headed by a skilled information security leader - otherwise known as a Chief Information Security Officer (CISO) - who can quickly identify and document any new security requirements derived from technical innovation.
Indian authorities recently released a guide highlighting best practices for securing applications, infrastructure, and compliance, aimed at the CISOs of government organizations.
7. Plan of Action for Crisis Management
All government departments and the above-mentioned critical sectors are also forming and implementing crisis management plans. A breach incident can cause considerable damage to businesses and employees. These Indian Government Initiatives on Cybersecurity are designed to set up a strategy for preparing employees and leaders for such a scenario. The federal government also ensures that critical functions will not be disrupted by cyber threats in every critical area. By properly implementing strategies behind the desk, organizations will have the ability to deal with cybersecurity crises more effectively, as well as correctly identify responsibilities and accountability at the individual level.
8. Website Audit
The Government of India is planning to conduct an audit of all its online applications and websites amid the increasing number of malicious attacks such as government website hacking, email phishing, and data theft. The government has appointed approximately 90 security auditing organizations to audit the best practices of information security as part of this initiative.
9. Drills & Training
As part of the assessment of the cybersecurity posture of organizations, the government organization has started to organize and conduct cybersecurity mock drills. CERT-In has already conducted 44 simulated drills of this type this year, according to MeitY. Furthermore, around 265 organizations from several states and sectors have taken part in these exercises. Financial, defense, power, and telecommunications are the major industries that are likely to benefit from such initiatives. To prepare system administrators and CISOs for cyber-attacks, regular workshops and training programs have been held. Since October 2019, about 19 training sessions have already taken place with 515 participants.
10. Protection Against Malware
Cyber Swachhta Kendra is a cleaning robot that has been designed to detect malware and analyze its source. Moreover, free tools are provided for removing malicious software as well. A national cyber coordination center (NCCC) has been set up in the government's Cyber Swachhta initiative to assist with increased situational awareness about existing and potential cyber threats.
Indian Legislation On Cyber Security
IT Act of 2000 came into effect in India on 09 June 2000. IT Act states in its preamble that the purpose of the legislation is to provide legal recognition to electronic transactions. Despite the preamble, the IT Act has a much broader scope. It specifies a wide range of topics: data protection, data security, cyber-crime, defamation on cyberspace, mandatory surveillance of communications.
Since 2011, there have been no amendments to the IT Act. Even though cyber frauds, data breaches, and general cybersecurity concerns have increased significantly over the past ten years, no changes have been made to the IT Act. MeitY announced in February 2020 that it would revise the IT Act to include a more robust framework for cyber security. The government is attempting to speed up the process of amending the IT Act in response to emerging technologies, the explosion of digital business models, and an increase in cybercrimes.
A. The Information Technology (Amendment) Act of 2008
A new amendment act was passed by Parliament in December 2008 (“Amendment Act”). In this Amendment Act, it was prohibited to transmit offensive messages or any information through a computer resource and communication system to cause discomfort, inconvenience, etc. In the Shreya Singhal case, the Supreme Court of India overturned this provision.
The Amendment Act allowed both the central government and the state governments to issue directions for intercepting or monitoring information under section 69 based on recommendations from the standing committee on IT. Instead of just transmitting, this provision now covers the transmission, generation, and storage of information intercepted. Through the revised section, additional safeguards, such as the Information Technology Rules, 2009 (“Interception Rules”), are also introduced for the issuance of such interception orders.
B. National Cyber Security Policy of 2013
Formerly known as the Ministry of Communication and Information Technology, it notified a National Cyber Security Policy (“NCSP”) in July of 2013. To achieve the objectives outlined in the NCSP 2013, the Indian government implemented the following strategies/initiatives:
1. CII security measures are being undertaken by NCIIPC, the country's nodal agency.
2. Cybersecurity multilateralism development. One of the things that India and the US did in 2016 was coordinate best cyber security practices and exchange real-time information about malicious cyberattacks.
3. Establishing the National Cyber Coordination Center (“NCCC”) to gain a comprehensive understanding of cyber security threats and to enable timely information sharing between individual entities for preventative action.
C. Personal Data Protection Bill
For Indian citizens, who are concerned about worldwide data breaches, the PDP Bill was approved by the union government to protect them from global breaches, focusing on localized data. This bill stipulates that all information critical to individuals must be stored and processed in India. Individuals' sensitive personal data is required to be stored locally, however; certain conditions may allow them to be processed abroad. As part of the bill, social media giants would be held accountable for offensive content spreading on their platforms and forced to resolve these issues.
D. Surveillance Order Issued By MHA
As part of the Interception Rules, the MHA approved an order in December 2018 allowing 10 security and intelligence agencies to intercept, monitor, and decrypt any data transmitted, generated, or received over any computer resource.
The Puttaswamy case outlined how this order violates the fundamental right to privacy. The Supreme Court criticized the order for violating this right. Government officials claimed the order was aimed at achieving a legitimate state goal. Further, the government has advised that the agencies must request permission from the competent authority if they want to intercept any information.
The Bottom Line
The MHA noted an 86% increase in cybercrimes this year, ranging from phony Netflix offers to fake versions of the PM Cares Fund payment interface. Several factors can further weaken the current framework under the IT Act amid an increase in cybercrime, including the multiplicity of agencies responsible for cyber security and the ambiguity in the legal framework for surveillance and monitoring requests.
During the process of overhauling the IT Act, the government is in a unique position to create a robust framework focusing on cyber security. We're looking forward to seeing how the government approaches the issues now that a data protection regime and a national cyber security strategy are in development!