- Need for India’s cyber security strategy.
- Mention the key recommendations of the DSC.
India is becoming increasingly vulnerable in cybersecurity. American Cybersecurity firm Palo Alto Networks’ 2021 report states that Maharashtra is the most targeted state in India, facing 42% of all ransomware attacks. India is among the more economically profitable regions for hackers, where firms are compelled to pay ransom in cryptocurrencies to regain data access. 1 in 4 Indian organisations suffered a ransomware attack in 2021. There has been a 218% increase in ransomware, much higher than global average of 21%. Software & Services, capital goods and public sector are the most targeted.
So, there is an urgent need for strengthening India’s cybersecurity architecture.
The National Cybersecurity Strategy is conceptualised by the Data Security Council of India, which focusses on 21 areas for a safe, secure, resilient & vibrant Indian cyberspace. The key focus areas are – large scale digitisation of public services, Supply chain security, Critical information infrastructure protection, digital payments and State-level cyber security.
To implement the focus areas, following recommendations are given –
- A minimum annual budgetary allocation of 0.25%, which can be raised up to 1%. For Ministries/agencies, 15-20% of IT technology expenditure should be earmarked for cybersecurity.
- A Fund of Funds should be set up to give Central assistance to states to build capabilities.
- Investment in modernisation & digitisation of ICTs, outcome based programmes & investments in deep-tech cyber security innovation.
- A National Framework to be devised in collaboration with National Skill Development Corporation (NSDC) and Information Security Education and Awareness (ISEA) to provide global professional certifications in security.
- Creating ‘Cyber Security Services’ cadre from the Indian Engineering Services.
- Holding cybersecurity drills emulating real-life scenarios with ramifications. In critical sectors, simulation exercises for cross border scenarios on inter-country basis.
- Cyber insurance to hedge the risks in businesses & technologies as well as calculate threat exposures. Cyber insurance is also needed for critical information infrastructure & in quantifying risks.
- Cyber diplomacy to promote brand India as a responsible player in cyber domain and creating ‘cyber envoys’ for key countries/regions.
- In cybercrime investigation, judiciary should be unburdened by forming new laws to resolve spamming & fake news. A 5-year roadmap factoring in possible technology transformations, exclusive courts to deal with cybercrimes and remove backlogs should be charted.
- Advanced forensic training for agencies in the age of AI, Machine learning, blockchain, etc.
- Law enforcement agencies should partner with their counterparts abroad to seek information about overseas service providers.
India has formulated a draft National Cybersecurity Strategy 2021, which is yet to be implemented. No deadline for its implementation has been stated. Also, India has no plans to coordinate with other countries to develop a global legal framework on cyber terrorism. Given India’s vison of ‘paperless economy’ and rise in ICT usages, the time seems ripe for India to operationalise a pan-India cybersecurity policy.