National Cyber Security Strategy Of India

India is one of the largest and fastest growing digital consumer markets. It is the second-fastest digital adopter among 17 most digital economies of the World. India’s core digital sector is expected to grow to 8%-10% of the GDP by 2025.

• It is estimated that India will have 900 million active internet users by 2025. The average monthly data consumption per wireless data subscriber has increased to 14 GB in June 2021 from a meager 61 MB in March 2014. Competitive offerings by telecommunications firms have increased internet subscriptions and data consumption at a rapid rate. By 2025, the contribution of core digital sectors such as IT and business process management, digital communication services, and electronics manufacturing to the GDP would significantly multiply.

Need for a Cyber Security Strategy

• India is highly prone to cyberattacks due to proliferation of digital devices. In 2021, more than 11.5 lakh incidents of cyberattacks were tracked and reported to India’s Computer Emergency Response Team (CERT-In).
• Ransomware attacks increased by 120 per cent in the country in 2021 as compared to 2020.
• A report by CrowStrike, a US security firm, 76 percent of organisations in the country suffered at least one ransomware attack in 2021, which was more than any other country in the same year.
• Around 27 percent of the firms paid an average of $5,00,000 to cyber attackers as extortion fees. The ransom paid by certain organisations was more than $5 million.
• Strategic sectors such as power companies, oil and gas companies, telecom companies, etc. have been victims of cyberattacks.
• According to NCRB, cases of cyber-crime recorded an 11.8% increase in 2020. Most of the increase came from the smaller cities.
• Many countries have invested significant amounts of money in developing defenses against cyber-attack while simultaneously gathering the abilities to mount damaging cyber warfare offensives.

Facets of National Cyber Security

A National Cyber Security Strategy should involve the following components–

1. A Secure National Cyber Space

• Embedding Security in Public Services: If security is embedded in the design of public services delivery, it will improve the availability and delivery of services to the citizens and improve their trust in digital platforms and online services.
• Supply Chain Security: It will involve ranking the supply chain of ICT and electronics products according to their criticality. There will be a systematic plan for enhancing India's role in the key supply chains by investing in critical technological capabilities.
• Critical Information Infrastructure (CII) Protection: The focus of the efforts for CII protection should be to ensure the delivery of essential services even in the time of the attack, assuring economic growth, and promising safety of the citizens. Critical infrastructure involves power and electricity, railways, banks and financial institutions, etc.
• Digital Payment: Careful and concerted efforts would be made for securing high paced digital payments. It will promote research and sharing of threat intelligence, advocate a security assurance mechanism, and developing competent response capabilities.
• State Level Cyber Security: Ensuring that states take cybersecurity on their agenda in their efforts of industrialization and digitization. The strategy aims to promote the development of state-level cybersecurity policies.
• Security of Small and Medium Businesses: Cybersecurity technologies targeted at this sector will be developed as it is witnessing an increase in usage of online and digital technologies.
• Advanced and Emerging Technologies: These technologies include Artificial intelligence, 5G, High powered Computing, Quantum Computing, etc. They are poised to influence cyber security framework, which would require promotion of research and development in these areas. Conducive environment will be established for attracting investment in the areas leading to new paradigms for cybersecurity.

2. Synergy among various Actors, including Coordination and Cooperation

• Internet Infrastructure: Synergy between geopolitical developments and changes in technology, cross-border data flow, supply chain, governing affairs of the infrastructure, espionage, and militarization of cyberspace, etc.
• Cyber Insurance: The global cyber insurance market would be reaching USD 22.4 billion by 2024 from USD 4.2 billion in 2017. There is a need for a concerted national effort to develop a market for cyber insurance in the country.
• Cyber Diplomacy: There will be sustained and scaled efforts for fostering India's leadership in the global governance of cyberspace.
• Cybercrime Investigation: Investigation of cybercrimes and traditional crimes using advanced technological tools & solutions including digital forensics technologies, methods, and legal procedures would be an essential area of national cybersecurity strategy.

3. Strengthening Structures, People, Processes and Capabilities

• Structure, Institutions, and Governance: The challenges of technology transformation, widespread digitization, and advancing threats will require an overhaul of Governance and Institutional Structures in India.
• Budgetary Provisions: The union budget should have a separate head for cybersecurity by consolidating thoroughly prepared budget by different ministries and institutions. A minimum 0.25% of total annual budget should be invested in cyber security.
• Research, Innovation, and Technology Development: Ensuring that substantial investments in ICT, modernization, and digitization should trigger cyber security technology development through appropriate norms and incentives.
• Capability and Skill Building: A well planned skills strategy would help to maintain India's global leadership and also exploit its potential to the fullest.
• Audit and Assurance: The security threat landscape is continuously evolving into more targeted, advanced, and persistent attacks. The audit and assurance functions need to be overhauled to address scale, pace, and complexity of these attacks.
• Crisis Management: It would involve science, process innovation, and technology to identify and manage the incidents and handle the resultant crises more predictably and productively.
• Data Security and Governance: It should enhance the data governance in the country to systematize the security of data.

India should work on building indigenous capabilities like data-sharing facilities and social media platforms to ensure self-reliance and cybersecurity. Startups should come up with solutions in tune with country’s requirements. Critical cyber assets should be manned by skillful professionals for which public-private partnerships can also be built.