Sunday, May 18, 2025
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
No Result
View All Result
Home India Unplugged

National Cyber Security Policy 2020 .. in anticipation

Dinesh Bareja by Dinesh Bareja
31/10/2019
in India Unplugged, Strategy & Policy
7
National Cyber Security Policy 2020 .. in anticipation

According to reports a new National Cyber Security Policy (NCSP ) is presently under development by the National Cyber Security Coordinator (NCSC) and may be released in early 2020.

This is good news because the earlier NCSP was released in 2013, by the then Planning Commission, and I have always wondered what the hell did the PC know about cyber security as to be able to come up with a national policy. This fear was not unfounded and there was a lot of stink when I read the paper.

This is good news because the present NCSP is being drafted by the highest office for Cyber Security in the country. This means that it will be discussed and created by experts. I understand that a committee of experts has been put together by the NCSC and they are on the job.

Expectations from the upcoming NCSP

As a concerned citizen I look forward to the NCSP 2020 and pray that the provisions will be put into effect. I pray it will have sharp teeth and that it will be able to catalyze (desperately needed) change.

A general vision for cyber security for the nation has been articulated by the Hon’ble Prime Minister in a number of forums, and has been repeated by the Ministers and officials in MEITY and MHA. I pray that the NCSP 2020 will embody the same spirit of aggressiveness and innovation as demonstrated by the present government across the board.

IndiaWatch wish-list for NCSP2020

There are a few suggestions I have, for inclusion in the policy, which are based on my experience and learning and I hope that it finds it;s way to the office of the NCSC for consideration.

Firstly, the underlying objective (in addition to others) must be to create an environment of trust between the government and the cyber security ecosystem. There are many factors which contribute to the lack of trust and this needs to be addressed. How will the government do this, or what is the problem – these are questions I would not like to put out in public as I am not qualified to provide how-to guidance to the government.

1. Central Cyber Security Audit Bureau (CCAB)

On the lines of the office of the CAG, the CCAB will be a center of excellence and expertise which will undertake Cyber Security audits of sensitive installations. This bureau will also develop standards and frameworks based on international best practices and localized to the needs in the national environment.

The rationale is that

  • This task should be taken out of NCIIPC mandate as presently they are the organization which is making the policy and then providing the implementation guidance to the CII entities. This is a conflict of interest situation and well recognised in simple infosec implementations.
  • We cannot expect private audit firms to be allowed to access sensitive defence, space, nuclear etc installations.
  • At present the CERT empanelled auditors are considered for every audit but this is a risk. Further these designated auditors have zero accountability.
  • The recent KKNPP incident is the harbinger of times to come and the nation cannot be in reactive mode

2. Cyber security and ethics learning / education

This subject should be included in the learning of every citizen, from Kindergarten to University level. It will mean the redesign of school curriculum, text books should include cybersecurity considerations and education should inculcate a sense of understanding and knowledge of cyber security, risks and opportunities. The nation must realize that every domain in real life has a cyber ‘factor’ and whether we like it or not the march of technology will slowly and steadily intrude and embed itself into every facet of life.

A National Talent Search should be proposed through the appropriate authority to help identify young geniuses who can be mentored for responsibilities and thus supplement the capacity building goals.

3. Cyber Security Research

Research should be (really) promoted and this should be done more aggressively. Our traditional method of giving grants is still followed and it is a highly complex process. Besides the complexity, private institutions are not eligible which may put a large population of students at a disadvantage of not being able to swim in the mainstream of cyber security innovation. The process for disbursing grants should be made simple and quick. Medium / long term research projects should be supported.

3.1 Central Agency to Monitor Research Projects

A central agency as a single window for clearance and monitoring of research applications and grants. The mandate will include review and reporting of utilization of funds, patents developed, research output, impact / value to the nation, development of cyber security capacity / capability etc.

4. Association of Cyber Security Professionals

An organization on the lines of ICAI should be set up. This will help provide a national code of conduct and bring professionalism as well as provide direction in education and training. The association will also be the vehicle to respond to fake news and disparaging reports which are published by foreign entities from time to time.

4.1 Certification

This will be a major undertaking for the Association. It may be noted that there is not a single (domestic) certification or education program that is known. At the same time it must be said that presently the nation sends out about $ 100 million every year as fees paid for certifications and maintenance of credentials.

  • Organizations like CDAC, NEILIT have developed programs and certifications but there is very low level of industry recognition.
  • I had written about certification earlier … https://www.indiawatch.in/cyber-security-certifications-missing-in-makeinindia/

5. Setting up Sectoral CERTs

It was a goal but seems to have been another wishful thought. The news of Sectoral CERTs has got a lot of traction since 2013 but without any apparent tangible progress. The NCSP 2020 should provide firm timelines for the setup and operational readiness of Sectoral CERTs and this must have oversight by CERT-IN as the nodal agency. It is funny to think or different CERTs doing different things and CERT-IN being clueless in the event of a cyber attack.
– I had learned that CERT-In was also not in the loop with some of the entities which had been talking and claiming to have set up the first sectoral CERTs.

8. Regulator Accountability

If it can and makes sense then this should also be a part of the guidance. The other option can be to make this as part of the mandate for CCAB. This will ensure that regulators like RBI, NPCIL, SEBI, IDRBT, NABARD, PCI, TRAI enable effective oversight in their domain. There is a lot of loose work happening under the watch of the regulators and no one is worried about the future implications.

There are many more thoughts, and I shall continue to add to this list.

 

There are great hopes for a policy which works and is made to work for establishing adequate and effective security and resilience in the national information infrastructure.

#NationalCyberSecurityPolicy #NCSP2020 #cybersecurity

Tags: corporate governanceindia policyncspncsp 2020
Previous Post

Makers of India – Surface-Air-Missiles

Next Post

They ran, we shot... and u better believe us!

Dinesh Bareja

Dinesh Bareja

Cyber Security practitioner and evangelist working in cyber security in national and enterprise application. Contributor to national policy, awareness and development of capacity / capability. Keeps a critical eye on the past, present and future in the infosec domain, and firm believer in common sense. Uses practical thinking to demolish purveyors of cyber hype and snake-oil.

Next Post
They ran, we shot… and u better believe us!

They ran, we shot... and u better believe us!

Comments 7

  1. Rohit Banerjee says:
    6 years ago

    Well-written and much needed initiative. I’m in complete support, please tell how we can support

    Reply
    • Dinesh Bareja says:
      5 years ago

      Hi Rohit – the NCSC has called for inputs for the NCSS. I shall be putting up suggestions here and on their site too. Please feel free to suggest.

      Reply
  2. sasi says:
    6 years ago

    Good. We also need to create world class cyber security center(Ex:Israel Became A Cybersecurity Powerhouse Leading The $82 Billion Industry). Create Certificate Courses(Ex: CISA, ), governing body, create professionals.(Ex:Global gap of nearly 3 million cybersecurity positions).

    Reply
  3. Dr. Chintan Pathak says:
    6 years ago

    Dear Dinesh Sir,
    It would be great to know about the New Cyber Security Policy 2020 which process is on going and may be launch in earlier 2020.

    I just want to draw your kind attention that, duing my Research Work on Child Online Protection under Indian Legal Regime, i suggested PPP Model of Investigation for Cyber Crimes Against Children and also Prpaosed Model Rules under section 72-A of IT Act ,2000 for Child Online Privacy.
    It would be great if i will contribute in this new policy in same spirit.

    Regards,
    Dr. Chintan Pathak

    Reply
  4. Mahesh razz says:
    6 years ago

    Really it is good idea

    Reply
  5. Jaleel says:
    6 years ago

    Agreed….

    Reply
  6. Saloni Verma says:
    6 years ago

    Appreciate the suggestion on cyber edcuation at younger age. This has already been done by countries like Israel.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

3 × one =

  • Trending
  • Comments
  • Latest

Skeletons in my banks and national system

17/04/2018

Corporate Governance & Cyber Security Responsibility

18/11/2016

Chai pe Charcha – Delhi 11 June 2017

14/06/2017

Govt & Cops twiddle fingers waiting for the nation to burn…

26/08/2017
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

7

Cyber Swatchhta Kendra – A Good Start

6

Demonetisation – Cashless Economy – Urgent Need For Data Localisation

5

Why Are We A Strategically Deficient Nation ?

5
Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019

Recent News

Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019
  • Home
  • About
  • Contact
  • Maps of India

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.