Getting cyber defences ready: India needs a robust cybersecurity policy

September 8, 2020 3:45 AM

Demonetisation and Covid-19 have pushed us to adopt digitisation. We are at the point of no return. Work from home was never envisaged at such a large scale, but it is now accepted as a new normal. India has leapfrogged digital technologies, but the trend will not be sustainable if we do not have a strong shield in the form of data protection laws and privacy policies.

It is expected that the new cybersecurity policy would address the issue of protecting critical information infrastructure in cyberspace, build integrated capabilities to prevent and respond to cyber threat.
By Bharat Panchal

India has one of the highest number of internet users in the world and is also among the top-10 countries facing cyberattacks. Today, cybersecurity issues are not only limited to hacking and money related frauds but also have become critical from a national security point of view. The announcement by the prime minister on Independence Day, that India will soon have a new cybersecurity policy is timely, as its dependence on cyberspace has increased manifold.

The new policy is expected to address the current gaps and provide a strong framework to handle issues related to cybersecurity. The policy will focus on major governance reforms. Today, there are many agencies at the national and state levels, looking into cybersecurity-related issues. However, there is no centralised command to have oversight and coordinate efforts to handle larger cybersecurity issues.

The National Cyber Security Coordinator (NCSC) and Indian Computer Emergency Response Team (CERT-In) have made tremendous efforts in recent times to handle cybersecurity issues; it is time to put a central command on the lines of CBI or CEC, which will be a single point of authority at the central level. Currently, RBI, SEBI, IRDAI, TRAI, PFRDA, etc, have different cybersecurity framework for their regulated entities. However, none of the frameworks talk about inter-regulator coordination or integrated approach to handle cybercrime. Thus, the policy also needs to address a unified cybersecurity framework across various regulators.

Demonetisation and Covid-19 have pushed us to adopt digitisation. We are at the point of no return. Work from home was never envisaged at such a large scale, but it is now accepted as a new normal. India has leapfrogged digital technologies, but the trend will not be sustainable if we do not have a strong shield in the form of data protection laws and privacy policies.

It is expected that the new cybersecurity policy would address the issue of protecting critical information infrastructure in cyberspace, build integrated capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes and technology through well-defined governance framework as there is an urgent need of having a comprehensive and unified government institution for creating a cyber defence network. The following would be major areas that are likely to get addressed in the new cybersecurity policy 2020:

A holistic cybersecurity strategy with a possible amendment in the IT Act, as some of its provisions have become redundant and can’t address issues arising from the evolving threats.

Government needs to consider creating a Cyber Defence Agency, which is to be entrusted with the responsibility to implement the cyber defence strategy for national security.

Constitution of cyber commando force as a part of the defence program to neutralise any cross-border cyber terrorism or cyber-attack. Also, to create specialised cyber police cadres in all State police departments.

Sectorial CERT and state-level CERT would be more effective for rapid response on any cyber-attack. The state-level CERT team will need to ensure speedier incident response and coordination with national agencies.

Building a business ecosystem to leverage artificial intelligence and robotics to improve cyber defence.

Pass the proposed Data Protection Bill to protect critical information like personal data, business information, and financial information.

It is high time that we consider amendment of the existing IT Act, 2000, which is not fully synced with today’s cyber threat. Many of the provisions of the act have become redundant and are not able to address the newer cyber threat landscape. In addition to the IT Act, it’s already delayed but high time to introduce data privacy laws. With the tremendous growth of the e-commerce market, people are sharing their data every day without any legal support. The privacy act would be a great compliment to the forthcoming cybersecurity policy. The revised policy is expected to cover the entire spectrum of current and future cyber challenges.

The author is Chief Risk Officer- India, Middle East & Africa, FIS. Views are personal

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Covid-19 epidemiology: Is India special?
2Is India trapped in a macro trilemma?
3Digital health mission: A $200-billion opportunity, NDHM will greatly empower patients