5 lakh professionals to protect our cyberspace may be a small number, but not when even their training seems to be hanging in a limbo
Shivangi Narayan | January 31, 2014
India might be the most sought after destination for IT and software services, but when it comes to cyber security or its professionals, it finds itself seriously short-changed. The new cyber security policy 2013, under discussion since 2011, mandates a chief information security officer (CISO) in every department to protect the system from cyber threats and attacks. It also mandates creation of 5,00,000 cyber security professionals in the next five years through skill development and training. Considering that China currently has 25 million cyber security professionals, and even North Korea, Singapore and Malaysia have more, this shouldn’t be a big task for India.
However as luck, and will of the Indian government, would have it the Indian cyber emergency response team (ICERT) responsible for implementing the policy does not even have a roadmap for the same.
One reason to believe that the cyber security capacity building programme in India has not even taken off is the way everyone in the government, particularly in ICERT, seem to be reacting to the question from this correspondent seeking information about the status of the project. In fact, Gulshan Rai, director general, ICERT, and the man at the helm of the affairs seemed clueless too when he said that he could not speak about capacity building on the telephone. The mail was unanswered when we went for publishing.
One more thing that no one in the department of electronics and information technology (DeitY) and ICERT seems to have any clue about is the profile of these 5,00,000 professionals the government wants to train and their skill sets. Akash Agarwal, country head, EC Council, aptly asked, “Does it (the policy to train 5,00,000 professional) mean training in the government sector or private sector? Has the word ‘professional’ been defined? How much training should a person undergo before he could be called a professional?”
Dinesh Pillai, CEO, Mahindra Special Services Group, also asked the same question. He said, “It is great that the government is thinking about training and there is a policy about it. However, the term ‘professional’ needs to be defined. Anyone with one certification today becomes a systems security guy. This should not be the case.”
According to sources in DeitY, around 40,000 people have been trained in cyber security till now. These sources also mentioned that the various universities, IITs, NITs and private universities have been roped in for providing courses in cyber and network security, information and forensics. However, Governance Now could not find any substantial courses mentioned in the syllabi of these universities.
Apart from IIT Delhi, which has announced the opening of a ‘cyber security training centre’, no other IIT was found to be doing much in terms of training in the field. The opening of the training centre at IIT Delhi was announced in November 2013. It has not started functioning or offering courses as of now. However, IITs do offer short-term courses on network security both separately and as part of their bachelor of engineering (BE/BTech) programme.
This after a notification from UGC, that all UGC/AICTE affiliated colleges would have to offer courses on cyber security at the undergraduate and postgraduate level, in January 2013. However, a quick look at the notification and one can understand the reason for the lackadaisical approach – the notification neither mandates any date or timeline for the implementation nor does it provide a ‘how-to’ plan for the same.
AICTE, in all fairness, announced that as a national policy, if an institute applies for more than one new course or more than one increase in division for a PG course in Computer Science and IT, then it would have to add one of the following courses at the PG level as well: a) cyber security, b) information technology and cyber warfare, c) biometrics and cyber security, and d) cyber forensics and information security. However, the same could not be found on the institutions’ syllabi.
Pillai said that it is not the institutes’ fault. Unless they get sufficient funding for infrastructure and gets an accreditation, it is difficult to offer courses on cyber security. “Investment for cyber security courses or training is not one time and the institutes need resources for that. Say, a course on security is offered as part of the engineering syllabus. The content would become obsolete when he graduates!” he said.
Pillai added that one more reason for the reluctance of institutes to offer these courses is the dearth of teachers. Apart from centre for development of advanced computing (C-DAC), which is training ‘master trainers’ for cyber security (more below), this area is mostly overlooked in India.
According to officials in DeitY, the training and skill development in cyber security will be done in the public-private partnership (PPP) mode. However, the private sector is not ready for such partnerships as there is hardly any infrastructure for high-end training. “There is no legislation on PPP and the private sector is not secured of cost-overflows in case the project overshoots its time. Unless these issues are sorted, PPP is difficult to take off,” said Pillai.
It is not all a big zero though. According to Prof S Sadagopan of IIT Bangalore, capacity building in cyber security and allied fields is an ongoing process and one in which India has made significant progress. He said that many institutes have been teaching technical aspects of security such as cryptography, network security, secure computing, trusted computing and secure programming for many years.
“India has excellent globally ranked conferences like Indo-CRYPT for many years. Over the next five years this area will mature, and strong research groups will form. The Indian Statistical Institute has one of the best research groups in this area,” said Sadagopan.
Another organisation that has been making small strides of its own with regards to safe practices online has been C-DAC which offers a diploma course in information security, certificate course in information security under its information security education and awareness (ISEA) project. C-DAC also offers six-week and two-week training programmes in information security sponsored by DeitY. C-DAC, along with other DeitY organisations such as DOEACC, ERNET, NIC, STQC, ICERT, also trains ‘master trainers’ who would in turn train government officers.
However, C-DAC has not been mandated under the new or old cyber security policy to train 5,00,000 professionals. According to Rajat Moona, director general, C-DAC, these programmes are running independently of the policy.
Moona also had no information of the 40,000 cyber security professionals claimed to have been trained by DeitY. This, he said, would be the general picture of people trained across skill sets across the country. “We are yet to receive a mandate of training people under the cyber security policy,” he said.
It is 2014 and the government still does not have a plan to train a team which would dedicatedly work on preventing attacks on the cyber infrastructure in India. According to Pillai, cyber security training needs trainers to think like a criminal. “Cyber security training is given from the perspective of policy abiders and those who attack are looking to break into the system. We need to think like them to protect our systems,” he said.
Out of all MPs and MLAs in office, 58 have declared cases related to hate speech. This includes union minister for drinking water and sanitation Uma Bharti along with 14 other Lok Sabha MPs. The list also includes 8 state ministers. A party wise analysis reveals that BJP has the highest numb
After its withdrawal from Meghalaya and Arunachal, is it time to review AFSPA in other areas too?
There is an uncanny similarity in the pathological opposition to prime minister Narendra Modi by two members of the right wing, Pravin Togadia and Yashwant Sinha. They come from a diverse social and political background; yet they share a common strand that shows an unmitigated hatred towards
Data is the new oil; and it needs to be protected. In an interaction with Governance Now, Lionel Baraban, CEO of Famoco, talks about how the French tech firm is developing secure business devices to safeguard data against going to other countries. What are the major roles o
Goa Shipyard Ltd (GSL) and MTU, Germany have agreed to cooperate in the local manufacturing of technologically-advanced MTU series 8000 engines in India. Under the agreement, which was signed at India’s leading defence trade show Defexpo-18, the companies will manufacture the 16-
ONGC sportspersons outshone other participants in their respective categories in the recently concluded Commonwealth Games in Gold Coast, Australia. ONGCians bagged 13 medals including 5 Gold, 3 Silver and 5 Bronze, contributing to the 66 medal tally of Team India. ONGCians Ragala Venkat Rah