Cyber Security Policy 2013

National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology (DeitY). It aims at protecting the public and private infrastructure from cyberattacks. The policy also intends to safeguard “information, such as personal information (of web users), financial and banking information and sovereign data”.

Since the announcement of the Cyber Security Policy, India’s cyber landscape has witnessed growing digitization as part of the Government’s Digital India push, as well as more sophisticated cyber threats.

Objectives

  • To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
  • To create an assurance framework for the design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).
  • To strengthen the Regulatory Framework for ensuring a Secure cyberspace ecosystem.
  • To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.
  • To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.
  • To create workforce for 500,000 professionals skilled in next 5 years through capacity building skill development and training.
  • To provide fiscal benefit to businesses for adoption of standard security practices and processes.
  • To enable Protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft.
  • To enable effective prevention, investigation and prosecution of cybercrime and enhancement of law enforcement capabilities through appropriate legislative intervention.

Some of the strategies adopted by the Policy include

  • Creating a secure cyber ecosystem through measures such as a national nodal agency, encouraging organisations to designate a member of senior management as the Chief Information Security Officer and develop information security policies.
  • Creating an assurance framework.
  • Encouraging open standards.
  • Strengthening the regulatory framework coupled with periodic reviews, harmonization with international standards, and spreading awareness about the legal framework.
  • Creating mechanisms for security threats and responses to the same through national systems and processes. National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
  • Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
  • Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre operating as the nodal agency.
  • To promote cutting edge research and development of cyber security technology.
  • Human Resource Development through education and training programs to build capacity.

Budapest Convention

  • The Budapest Convention is the first international treaty that addresses Internet and computer crime by harmonizing national laws, improving legal authorities for investigative techniques, and increasing cooperation among nations.
  • The Budapest convention is the only multilateral convention on cyber security – considered critical to economic and national security of a country.
  • Developing countries including India have not signed it stating that the developed countries lead by the US drafted it without consulting them.

Information Technology Act, 2000

The Information Technology Act, 2000 aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability.

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. v

Related Content