National Cyber Security Policy 2013
The "National Cyber Security Policy" aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space.
The National Cyber Security Policy document outlines a road-map to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country.
The policy recognises the need for objectives and strategies that need to be adopted both at the national level as well as international level.
The objectives and strategies outlined in the National Cyber Security Policy together serve as a means to:
i. Articulate our concerns, understanding, priorities for action as well as directed efforts.
ii. Provide confidence and reasonable assurance to all stakeholders in the country (Government, business, industry and general public) and global community, about the safety, resiliency and security of cyber space.
iii. Adopt a suitable posturing that can signal our resolve to make determined efforts to effectively monitor, deter & deal with cyber crime and cyber attacks.
Under the policy a National and sectoral 24X7 mechanism has been envisaged to deal with cyber threats through National Critical Information Infrastructure Protection Centre (NCIIPC). Computer Emergency Response Team (CERT-In) has been designated to act as a nodal agency for coordination of crisis management efforts. CERT-In will also act as umbrella organization for coordination actions and operationalization of sectoral CERTs.
A mechanism is proposed to be evolved for obtaining strategic information regarding threats to information and communication technology (ICT) infrastructure, creating scenarios of response, resolution and crisis management through effective predictive, prevention, response and recovery action.
The policy calls for effective public and private partnership and collaborative engagements through technical and operational cooperation. The stress on public-private partnership is critical to tackling cyber threats through proactive measures and adoption of best practices besides creating a think tank for cyber security evolution in future.
Another strategy which has been emphasized is the promotion of research and development in cyber security. Research and development of trustworthy systems and their testing, collaboration with industry and academia, setting up of 'Centre of Excellence' in areas of strategic importance from the point of view of cyber and R&D on cutting edge security technologies, are the hallmarks of this strategy laid down in the policy.
The policy also calls for developing human resource through education and training programmes, establishing cyber security training infrastructure through public private partnership and to establish institutional mechanisms for capacity building for law enforcement agencies. Creating a workforce of 500,000 professionals trained in cyber security in the next 5 years is also envisaged in the policy through skill development and training. The policy plans to promote and launch a comprehensive national awareness programme on security of cyberspace through cyber security workshops, seminars and certifications with a view to develop awareness of the challenges of cyber security amongst citizens.
The policy document aims at encouraging all organizations whether public or private to designate a person to serve as Chief Information Security Officer (CISO) who will be responsible for cyber security initiatives. Organizations are required to develop their information security policies properly dovetailed into their business plans and implement such polices as per international best practices. Provisions of fiscal schemes and incentives have been incorporated in the policy to encourage entities to install trustworthy ICT products and continuously upgrade information infrastructure with respect to cyber security.