Cyber Security Policy 2013

The Cyber Security Policy, 2013 aims at protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation. The objective of this policy in broad terms is to create a secure cyberspace ecosystem and strengthen the regulatory framework.

Some of the strategies adopted by the Policy include:

• Creating a secure cyber ecosystem through measures such as a national nodal agency, encouraging organisations to designate a member of senior management as the Chief Information Security Officer and develop information security policies.
• Creating an assurance framework.
• Encouraging open standards.
• Strengthening the regulatory framework coupled with periodic reviews, harmonization with international standards, and spreading awareness about the legal framework.
• Creating mechanisms for security threats and responses to the same through national systems and processes. National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
• Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
• Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre operating as the nodal agency.
• To promote cutting edge research and development of cyber security technology.
• Human Resource Development through education and training programs to build capacity.