Readying cyber-defence! Need a more pro-active regulator to keep citizens informed

By: |
September 1, 2020 6:52 AM

Need a more pro-active regulator to keep citizens informed

The government also needs to foster a partnership between academia and industry to promote cyber-hygiene.

While PayTM Mall has denied a report—by cybersecurity firm Cyble—that its data had been hacked, the reports should be a wake-up call for India’s cybersecurity agency CERT-IN. Defending its database is each company’s responsibility, but it is CERT-IN’s job to keep the public informed of the actual picture when there are reports/threats, and it is its job to conduct audits, even surprise checks, of a company’s security. In this context, however, several high-profile misses blot its record. Last year, CERT-IN only alerted WhatsApp users of their accounts being hacked, after media organisations had published reports of Israeli software Pegasus affecting phones across the world. The Kudankulam nuclear power plant attack also escaped its radar, and in 2017, CERT-IN was late in responding to Petya and Wannacry attacks.

Given how security threats are only going to increase, India needs more proactive regulation. More important, India also needs new regulation. While India was one of the first countries to enact a cybersecurity policy in 2013, it is yet to come out with new rules that mandate stricter data protection rules and regular security audits. An array of organisations has further complicated India’s cyber response. Unlike the US, Singapore, and the UK, which have a single umbrella organisation dealing in cybersecurity, India instead has 36 different central bodies, one for every ministry, to deal with cyber issues, and each has a different reporting structure. Moreover, every state has a CERT body of its own. India, thus, needs to create an umbrella organisation for better co-ordination. It also needs to start looking at cybersecurity as a necessity. First, the government will have to upgrade its systems. One reason for a high number of attacks on government bodies is the use of legacy systems and software. In 2018, a Telegraph report had found that hackers were able to bring down the national health service (NHS) network in the UK because some hospitals were still using legacy Windows XP systems.

The government also needs to foster a partnership between academia and industry to promote cyber-hygiene. Although it has plans to create a certification for cybersecurity professionals, it also needs to enrol the help of universities so that they can check apps for cybersecurity issues. The new national health database policy envisages regular audits for data operators; this has to be extended to other areas as well.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Narendra Modi’s talk of privatisation implies big reforms
2New electricity consumer Rules: Reading the impact on ‘rooftop solar’ right
3China’s basket of challenges: The country faces a disadvantageous demographic shift