New Delhi: The government on Tuesday released the National Cyber Security Policy 2013 aimed at protecting information and building capabilities to prevent cyber attacks.
“…(The) policy is a framework document and it gives you a broad outline of what our vision is…the real task or the challenge is the operationalization of this policy,” minister of communications and information technology Kapil Sibal said.
Sibal said critical infrastructure such as air defence system, power infrastructure, nuclear plants and telecommunications systems have to be protected since not doing so might create economic instability.
The cyber policy was necessary in the wake of possible attacks from state- and non-state actors, corporates and terrorists.
The minister said there are multiple places from which cyberwar could be unleashed. He added that it would not be possible to point to a particular country as the source of the attack.
“In the ultimate analysis, we have to develop global standards because there is no way that we can have a policy within the context of India which is not connected with the rest of the world because information knows no territorial boundaries,” Sibal added.
“We don’t know who attack our systems, so we have to ourselves secure our systems,” Sibal added.
In order to create a secure cyber ecosystem, the policy plans to set up a national nodal agency to co-ordinate all matters related to cyber security in the country with clearly defined roles and responsibilities.
It plans to establish a mechanism for sharing information, identifying and responding to cyber security incidents and for cooperation in restoration efforts.
The policy lays out 14 objectives, including the creation of a cyber ecosystem in the country, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation. It also plans “to create a workforce of 5,00,000 professionals skilled in cyber security in the next five years through capacity building, skill development and training”.
It plans to develop indigenous security technologies through research.
The policy calls for developing a dynamic legal framework and periodically reviewing it to address the cyber security challenges arising out of technological developments in cyber space.
The policy plans to operate a 24X7 national level computer emergency response team (CERT-In) to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.
“CERT-In will function as an umbrella organization in enabling creation and operationalization of sectoral CERTs as well as facilitating communication and coordination actions in dealing with cyber crisis situations,” the policy said.