Note: We’ll update this post as more details emerge. (Update appended at the bottom).
India on Tuesday released it’s first national cyber security policy. Minister for State for Information Technology, Milind Deora tweeted
Unveiled India’s 1st Cyber Security Policy to safeguard individual privacy, corporate data & sovereign virtual assets pic.twitter.com/GaXOJlHFWK
— Milind Deora (@milinddeora) July 2, 2013
Complete details of the new policy are yet to made public. If it’s anything like the draft national cyber security policy proposed in 2011, it will seek to defend national assets against cyber attacks and seek to provide for protection of citizen’s information.
It will also strengthen the Computer Emergency Response Team (CERT-In) to periodically audit, defend and spread awareness on cyber security besides encouraging open standards.
The need for such a policy is quite evident. India is one of the weakest countries when it comes to cyber security and protecting its citizen in the cyber world. A recent report by anti-virus maker Kaspersky said that India has the 3rd highest number of victims of phishing attacks.
Updpate: The full document has been made available (pdf below). Here are some of the things the government proposes to do
- Designate a nodal agency to co-ordinate cyber security matters
- Organisations to budget for cyber security
- Establish information sharing mechanisms
- Create an assurance framework by bringing in standrards
- Encourage open standards, create consortium of government & private players
- Strengthening regulatory framework: Create a legal framework, mandate periodic audit, educate.
- Create threat assessment, warning and management systems: National level systems, processes to be put in place. Computer Emergency Response Team (CERT-In) to work 24 x 7. Cyber crisis management plan to be put in place.