How is India dealing with Cyber security ?

How is India dealing with Cyber security ? 

By kosha Doshi:–

India has witnessed an increase in cyber – crime by 475 % from the year 2011-2016. This has been a drastic increase and a cause for concern. But India has taken some steps in order to curb this increase, those are: CERT – In, Cyber Surakshit Bharat, NCIIPC, crisis management plan, Appointment of Chief Information Security Officers, Website Auditing, training and mock drills, Malware Protection and Personal Data Protection Bill.

CERT-In

The advancement in The Indian Computer Emergency Response Team (CERT-In), which operates as the national agency for tackling the country’s cybersecurity, has helped in lowering the rate of cyber attacks on government networks. The implementation of anti-phishing and cybersecurity awareness training across India’s government agencies has assisted government employees in fighting against cybercrimes. Apart from spreading awareness of the dangers posed by phishing attacks to the public, CERT-In also issues alerts and advisories regarding the latest cyber vulnerabilities and countermeasures to tackle them.

Cyber Surakshit Bharat 

Aiming at strengthening the cybersecurity ecosystem in India — in line with the government’s vision for a ‘Digital India’, The Ministry of Electronics and Information Technology (MeitY) has launched Cyber Surakshit Bharat initiative. This program was in association with the National e-Governance Division (NeGD).
Digitisation has rapidly transformed the governance system, and therefore the requirement of good governance is crucial. With such initiative, there would be a rise of awareness about cybercrime and building capacity for securing the CISOs and the frontline IT staff across all government departments. Apart from awareness, this first public-private partnership also includes a series of workshops to make people cognizant about the best practices, and help the officials with cybersecurity health tool kits to tackle cyber threats.

National Critical Information Infrastructure Protection Centre

NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare. This was amended as per the provisions of section 70A of the Information Technology (IT) Act, 2000. This organisation readily conducts cybersecurity exercises to keep a check of the cybersecurity posture and preparedness of the Government and the critical sectors.

NCIIPC has broadly identified the following as ‘Critical Sectors’:-
-Power & Energy
-Banking, Financial Services & –Insurance
-Telecom
-Transport
-Government
Strategic & Public Enterprises

Appointment of Chief Information Security Officers.

With the rapid digitalisation of the world, the requirement for adopting stringent measures is becoming the need of the hour. Even the smallest breach in the governmental system can cause severe wreckage, which in turn can bring down the Government to a standstill. It is therefore imperative, that every government organisation is headed by a skilled security leader, also known as Chief Information Security Officers (CISOs) — who can identify and document the security requirements that arise with each technical innovation. The government of India has also recently issued a written guideline for the CISOs of government organisation, highlighting the best practices for securing applications, infrastructure, and compliance.

Website Audit

Amid the increasing number of government website hacking, email phishing, data theft, and privacy breach cases, the Indian government has planned to conduct an audit on all the government websites and applications. Under this initiative, approximately 90 security auditing organisations have been empanelled by the government for auditing the best practices of information security.

Crisis Management Plan

Another major initiative by the central government is the formulation and implementation of a crisis management plan by all the government departments and the above mentioned critical sectors. This initiative is aimed at establishing a strategic framework for employees and leaders to prepare for a breach incident. It also ensures to manage the cyber interruptions of critical functions in every critical sector of the government. It assists organisations to put in place the correct mechanisms behind the desk to effectively deal with cybersecurity crisis. If properly implemented this can also able to pinpoint responsibilities and accountabilities right down to individual level.

Training & Mock Drills

The government organisation have also started organising and conducting cybersecurity mock drills to assess the cybersecurity posture of organisations. According to MeitY, 44 such drills have already been conducted by CERT-In this year. Also, reports have mentioned that around 265 organisations from varied states and sectors have participated in these drills. The major sectors coming up for such initiatives are finance, defense, power, and telecom. Regular workshops and training programs are also been organised for network or system administrators and CISOs to prepare them towards cyber-attacks. About 19 such pieces of training with 515 participants have already been conducted as of October 2019.
Malware Protection
The central government has also launched Cyber Swachhta Kendra, which is a cleaning bot used for malware analysis and detecting malicious programs. It also comes with free tools to remove or omit them. Along with the Cyber Swachhta initiative the government has also set up a department to generate situational awareness about existing and potential cybersecurity threats — National Cyber Coordination Centre (NCCC).

Personal Data Protection Bill

Lastly, however, the most important one for Indian citizen, is the approval of Personal Data Protection (PDP) Bill by the union government in order to protect Indian users from global breaches, which focuses on data localisation. The bill implies the storage and processing of any critical information related to individuals only in India. It strictly states that the sensitive personal data of the individual requires to be stored locally, however, it can be processed abroad subjected under certain conditions. The bill also aims at making social media companies more accountable and push them to solve issues related to the spread of offensive content.

India has taken these steps to deal with cyber security which is on rise in these recent times. These steps in recent times help individually in curbing cyber security.