The Curious Case of Indian Cyber Security

India is home to billion dollar IT industry, numerous e-Governance projects, world’s largest bio metric database, and many tech driven services. The single major problem with all these technological projects at national and state levels is the danger of theft and fraud. Government of India (GoI) did realize this, and as they do with all services, introduced a policy called National Cyber Security Policy 2013.

Well, the story ends with the formation of policy, 2 years after the policy was drafted, there is no sign of National Cyber Coordination Centre (NCCC), and National Critical Information Infrastructure Protection Centre (NCIIPC). Both these agencies were supposed to take care of national IT infrastructure, mainly falling under GoI.

What’s The Problem?

Currently, as per my understanding there is only one national level cyber alert team called Indian Computer Emergency Response Team (CERT-In). They are mainly responsible for capturing and distributing information related to cyber security threats, and they have been doing an excellent job. The major problem with CERT-In is that they are depended on CERT teams of advanced countries. What they need is a better way to tackle cyber security threats, which may put public and private IT infrastructure at risk. For this reason, GoI came up with new cyber security policy.

Under the new policy, NCCC and NCIIPC will be formed as separate agencies, meaning they won’t be attached to CERT-In. When it comes to forming a separate national agencies in India, it takes really long to get hold of things, and similar issues seems to have happened with these two new agencies. And, the more time it takes to put these agencies to work, the riskier our national IT infrastructure becomes. With cyber surveillance at its peak, national documents being leaked all over world, and millions of Indians coming online, it has become the basic need to have these two agencies in place to tackle any cyber threat situation. The next war won’t be fought between forces, but between cyber war teams.

What’s The Solution?

The best case is to have these two agencies under or with CERT. This way CERT itself will get a major infrastructure upgrade, and having years of experience would also come handy. With new agencies doing similar task, and setting up new teams with new tech skills, it becomes a long and tedious process.

GoI still has time to get this done other way, considering that there will be no conflict of interest. Also, with Digital India, and many other technological projects like Aadhaar taking shape, GoI should implement the policy as soon as possible, before they get tangled in cyber warfare.

Hi, I’m Chetan Arvind Patil, I write this blog