Government will soon notify critical information infrastructure and an agency to oversee their security in the cyber space
Pratap Vikram Singh | October 15, 2013
The national security council secretariat (NSCS) is working on a national cyber security strategy and will be finalising it in a few months. The strategy will lay down clear defence mechanism against cyber threats and action points for the stakeholder agencies.
The same was disclosed by Nehchal Sandhu, deputy national security adviser who was speaking at India Knowledge Summit co-organised by industry body ASSOCHAM and ministries of communications, human resource development and science and technology on Tuesday.
The government was also deliberating over a new amendment, focused on cyber security, to the IT Act, he said, while refusing to give details. The government will notify critical information infrastructure (CII) – under nine sectors including defence, finance, aviation, power, nuclear facilities, public services and law enforcement agencies – and a national critical information infrastructure protection centre (NCIIPC), which will be put under the supervision of a ministry.
The act, passed in 2000, initially catered to security issues related to e-commerce. The amendment introduced in 2008 and the subsequent rules in 2011 added provisions for interception of electronic communications and regulation of content over the internet respectively. The proposed amendment is expected to embolden government efforts to ensure a safe and secure cyberspace.
Elaborating on the cyber strategy, Sandhu said India has opted for a “layered approach” for cyber security. The first layer would comprise of 24/7 threat detection. The detection will be majorly limited to monitoring of traffic and not content, as the legislative regime doesn’t allow the same.
“This will have participation from all quarters including bank, finance, insurance, power and air traffic, among others,” he said, adding that this will help in timely alerting the respective agencies in case of an attack.
The second layer comprises of a central CERT (computer emergency response team) and sectoral CERTs, which will do the threat mitigation and follow up, he said.
Then there will be a layer of information sharing and analysis centres, which will leverage expertise from across sectors, he said. Testing of equipments is yet another important layer.
Now there will be an increased focus on certification of products in accordance to international regimes. Of late, the number of empanelled audit agencies with DEITY has gone up to 40. These agencies can do the network testing of equipment and and check their compliance with standards.
Besides, the government will also have a multi-agency audit team, he said. The government will also appoint chief information security officers in all its departments.
Elaborating on the growing sophistication in the nature of cyber threat, he said that the days of distributed denial of service (DDOS) – which leads to a crash down of websites caused by the diversion of unprecedented internet traffic to the site – is over. “There is a distinct mutation in the nature of threat. Now we have slim malware, which is highly unlikely to get detected, but has very high impact,” he said.
Speaking about the challenges, he said that attribution is a big challenge in cyber space. The attackers, he said, employ sophisticated means of obscuring the point of origin and hence it becomes virtually impossible to trace the perpetrators.
The industry, however, doesn’t have the understanding of the damage cyber threat could cause in terms of commercial earnings, reputation and business process continuity, he lamented.
He also sought participation of the industry in cyber security, stating that there is a huge opportunity (for businesses) in setting up laboratories, which would handle large volume and deliver on-time. Without testing, it will not be possible to secure the supply chain management, he said.
Besides the industry could also invest in R&D in the cyber security space, he said. There is a considerable demand for robust cyber security systems.
Research proposals related to core security of hardware and software can be submitted to the office of the principal scientific advisor (PSA) to the prime minister. The office of the PSA is in-charge of the R&D in the cyber security domain.
Ayurveda: The True Way to Restore Your Health and Happiness By Dr. G. G. Gangadharan Ebury/Penguin, 224 pages, Rs 299 Dr G.G. Gangadharan, a champion of Ayurveda for three and a half decades, has penned an introductory book on India’s ancient
The ‘Mumbai Model’, which helped the city beat Covid-19, came in for praise from the supreme court too. The BMC can now extend that model of decentralisation for more efficiency in day-to-day citizen services and to make Mumbai a better-managed and future-ready city, says the Praja Foundation.
Though there is no weekly viewership data for individual news channels coming since mid-October 2020, after allegations of manipulation of television rating points (TRPs) by three news channels, percentage of viewers watching news across the world doubled during lockdown. According to Avinash Pandey, CEO,
A team of the Delhi government’s health department has visited Mumbai to learn from the city’s officials how to battle Covid-19 more efficiently, following the supreme court’s advice last month that the capital should learn from the ‘Mumbai model’ that has successfully control
The World Happiness Report, one of the best tools for evaluating global happiness, is based on how ecstatic people perceive themselves to be. It considers six characteristics to rank countries on overall happiness: GDP per capita, social support, life expectancy, freedom to make choices, generosity, and pe
* If I have contracted Covid, after how many days can I get myself vaccinated? * Can people with allergies get vaccinated? * Can pregnant women take the vaccine? What about lactating mothers? * Do I get enough antibodies after getting vaccinated?