The National Cyber Security Policy, 2013

At a time when everything has become digital, from banking, offices, and shopping, to education. The National Cyber Security has become more critical for security on Digital Platform. Stringent Cyber Security policy is the need of the hour as India has risen among the Cyber- Attacked countries. Post pandemic lockdown Cyber Crimes have increased tremendously. It poses a threat not only to citizens and businesses but also to our Defense forces and government. Over the years digitalization has tossed convenience and quicker solutions but it has grown more complex and vulnerable.

The National Cyber Security Policy, 2013:

The National Cyber Security Policy was established in 2013, with the purpose of monitoring, safeguarding, and strengthening defenses against cyberattacks. The goal of this policy is to guarantee safe and reliable cyberspace for individuals, organizations, and the government. This Policy aims to protect the information infrastructure in cyberspace, reduce vulnerabilities, develop capabilities to prevent and respond to cyber threats, and minimize damage from cyber incidents through a combination of institutional structures,  processes, technology, and cooperation.

Need for the National Cyber Security Policy:

India lacked a cybersecurity policy before 2013. It was felt to be necessary amid the 2013 NSA surveillance scandal. People are empowered by information, thus it’s important to distinguish between information that can move freely between systems and that needs to be secured. These could include private information, banking and financial information, and security information that, if it falls into the wrong hands, could endanger the safety of the nation. Therefore, the government must be able to foster public confidence in the Information and Communications Technology (ICT) systems that oversee financial transactions if it is to digitalize the economy and encourage more digital transactions. In order to cope with the issue of cyber security at all levels, the National Cyber Security Policy document presents a path for developing a framework for a thorough, collaborative, and collective response. The policy acknowledges the necessity of adopting objectives and strategies at both the national and international levels.

The Mission of the National Cyber Security Policy, 2013:

To prevent cyber threats and reduce vulnerabilities 

• Build infrastructure to safeguard the information in cyberspace.
• Develop manpower to prevent and respond to cyber threats.
• Simultaneously create institutional structures, people, processes, technology, and cooperation to minimize the damage caused by cybercrime. 

The Objective of the National Cyber Security Policy, 2013:

1. Encourage organized IT systems in all the sectors of the economy for a more secure cyber ecosystem. Also, strengthen more administrative framework for secured cyberspace. 
2. To create cyber policies in compliance with the global security standard. Best international standard to be followed for infrastructure technology, people, and process.
3. To enhance and develop indigenous cyber security technology, by operating a 24X7 National Critical Information Infrastructure Protection Centre (NCIIPC) and making it mandatory security practices related to the design, acquisition, development, use, and operation of information resources. 
4. Build manpower of 500,000 cyber security skilled professionals in the next 5 years of time. 
5. Provide Fiscal benefits to businesses that embrace standard security practices and processes. Ensure appropriate legislative intervention during the prevention, investigation, and Prosecution of cybercrime.
6. Designate a National nodal agency with clearly defined roles and responsibilities for coordination of matters related to Cyber Security in the country.  
7. All Private and public organizations must hire Chief Information Security Officer in their IT department.
8. These organizations must develop information security policies based on their business requirement. Assure that the IT infrastructure is built in conformity assessment and certification of compliance to cyber security best practices, standards, and guidelines like ISO 27001 ISMS ISO 27001 ISMS certification, IS system audits, Penetration testing/ Vulnerability assessment, application security testing, and web security testing. 
9. National Level Computer Emergency Response Team (CERT-In) to operate as Nodal agency for Cyber security emergency response and Crisis Management. It will function as an umbrella company of sectoral CERT.
10. To collaborate on Research & Development projects with industry and those who develop technologies and solution-oriented research.
11. Maintain bi-lateral and multi-lateral relationships with other countries’ cyber security teams.
12. Strengthen National and Global corporations amongst security agencies, CERTs Defence agencies and forces, Law enforcement agencies, and the Judicial system.

Cause of Concern of the National Cyber Security Policy, 2013:

Many more challenges are rising every day with the rise in dependability on cyberspace.

• Concerns about increased cyberattacks from China and its close allies have grown as a result of the standoff at the border. Advisories published by the ‘Indian Computer Emergency Team’ and media about the possibilities of cyber-attacks from China
• There have been reports that one-third of all worldwide cyber-attacks are executed from China. They are currently working on technologies that would allow them to access the internet through satellite channels.
• APT 36 is being used by Pakistan to target Indian companies. In fact, there is a hacker group called LAZARUS that is well known for carrying out attacks on financial targets in India, Bangladesh, and other South Asian countries.
• Malware, or malicious software, can be used to sabotage computer operations as well as to steal, encrypt, or delete critical data. The Nuclear Power Corporation of India Ltd, which manages nuclear reactors all over the nation, has already faced one such attack.
• WhatsApp filed a lawsuit against Israeli surveillance company NSO Group, alleging that the company assisted clients in employing spyware to gain access to the phones of over 1,400 users, including those in India. Journalists and dissidents were among the targets of the cyberattack.

Conclusion:

It is extremely important to build a robust information structure to preserve the integrity, confidentiality, and availability of information in cyberspace. However, many times India has become the victim of cyberattacks. Since then, there have been consistent efforts to build strong and durable cyberspace. The National Security Council (NSC), National Security Advisor (NSA), plays a key role in shaping India’s cyber policy ecosystem. Although another National cyber security policy was formulated in 2020, however, the rapidly increasing digitalization requires an extensive resilient Cyber security infrastructure.