The framework aims at creating a secure cyber space for users to enjoy confidence in electronic transactions, reports Ajai Shukla
At that time, in 2010-11, India was the 10th most heavily cyber-attacked country; today, it is second only to the United States. With internet usage rising exponentially -- from 202 million users in March 2010, to 412 million in March 2011, to 485 million in March 2012, India is now second only to China in the number of devices (including cellphones) connected to the internet.
This also makes India uniquely vulnerable. Intelligence sources say that, in the recent past, malicious activities against Indian networks have originated from hosts in 20 countries: the US, Brazil, Nigeria, China, Iran, Russia, North and South Korea, Japan, Taiwan, Australia, Ukraine, Romania, Israel, France, UK, Netherlands, Germany, Poland and Pakistan.
Emphasising the amorphous nature of cyber attack, sources clarify that they could have been routed through those countries without the hosts even being aware of this activity. During the same period, several attacks abroad were detected as originating from hosts located in India.
Now the government is rolling out an extensive policy, which the Cabinet cleared on May 8. This consists of a National Cyber Security Framework, which broadly empowers the government to create a legal and structural framework. Based on this, a National Cyber Security Policy lays out the ground rules in a more specific manner. The aim is to facilitate the creation of a secure computing environment in which users can enjoy a level of trust and confidence in electronic transactions.
The new framework is rooted in the Information Technology, Act 2000, specifically Sections 43, 43A, 72A and 79, which enjoin companies to comply with data security and privacy protection. It provides for multi-layered protection, with responsibility allocated to various stakeholders, including the Department of Electronics and IT; Ministry of Defence; Defence R&D Organisation; and the National Technical Resource Organisation. The National Security Council Secretariat will ensure compliance of cyber security policies
Government IT officials say that the new policy has successfully straddled the spectrum of users, including central and state governments, public private entities, academia and private users. Unlike with the National Counter Terrorism Centre, which many state governments opposed as an infringement on their federal autonomy, the states have cooperated without reserve on cyber security. Already nine states have set up cyber security centres.
“As India becomes more networked, we will become more vulnerable to cyber attack. Today, we are protected by virtue of being under-networked. As a networked country, coordinating between multiple agencies will becomes a growing challenge,” says an official who works on cyber security.
New Delhi has increasingly focused on cyber security, given the threat from China-based hackers, who many people believe are directly linked with the Chinese military. In March, security consultancy, Mandiant, accused the Shanghai-based People’s Liberation Army Unit 61398 of stealing commercial secrets from US companies. That same month, Tom Donilon, President Barack Obama’s National Security Advisor, charged that cyber attacks were “emanating from China on an unprecedented scale.”
The official adds: “Hostile cyber entities map our systems daily. They scope us out, check the effectiveness of our safeguards and see how good our reactions are. That is why we need a strong framework.”
To ensure the system’s readiness, the Computer Emergency Readiness Team -- an umbrella body that will oversee cyber-protection -- will conduct regular cyber security drills, at the national level and bilaterally with other countries. The first national drill is scheduled in August.
In addition, CERT is training “cyber security auditors”, who will be empanelled and listed on a website, from where they can be hired by companies for auditing their cyber security. In addition, the government has set up a website -- SecureYourPc.org -- that ordinary citizens can access to ensure that their personal computers are free of malware.
Jellyfish sting ends Aus woman's record swim from Cuba to US
'We don't share a competitive relation with Sri Lanka'
China accuses US of 'double standards' on hacking
Anand second in Tal blitz, meets Caruana in main event
Coal probe shows business in politics needs to be tackled