The policy proposes a contingency plan to handle cyber attacks on vital installations and critical infrastructure
The Union government is expecting an investment of $1 billion (about Rs 5,940 crore today) from private technology companies, with the release of India’s first cyber security policy on Tuesday. The move to involve private security firms has exposed the government’s inability to check a meteoric rise in cyber crime and growing privacy concerns in the country.
The policy proposes a contingency plan to handle cyber attacks on vital installations and critical infrastructure. Business Standard has accessed details of the much-awaited National Cyber Security Policy 2013, which is likely to be announced by Union minister for information and technology Kapil Sibal at an event on Tuesday. The Cabinet cleared the policy in May.
“This is the first time we have opened doors for private players to guard India’s cyber ecosystem. So far, we have worked on an ad-hoc basis. Their help will be sought in research and training of manpower. All over the world, private players are actively engaged in the information security business, which has already become a multi-billion dollar industry,” said a senior government official, requesting anonymity.
“Once the policy is announced, we expect an investment of $1 billion from both indigenous and international companies in the next three years. It will also lay grounds for cooperation with countries such as the US and Israel,” the official added. Another government official, who, too, spoke on condition of anonymity, confirmed the details.
The government officials admitted that lack of clarity had kept private firms away from entering into this sector.
The policy also tends to address the snooping issue. “We plan to set up a centre of excellence where various studies in the realm of cryptology, cryptography, forensic and trusted systems could be undertaken. The standard operating procedures for internet governance will be put in place,” the second official said.
“We look forward to a cyber security policy that balances the needs for cyber security and the cost and unhindered operations for the business and protects the privacy of individual citizens,” Kiran Karnik, head of the Confederation of Indian Industry’s cyber security group, said in an email response.
Moreover, the policy is expected to iron out differences among various intelligence and security agencies engaged in cyber security. Last year, the government had scrambled to block certain URLs and tweet handles to remove inflammatory messages in the absence of a clear cut policy. The outrage on internet had led to mass exodus of minorities from various parts of the country.
“The policy was long overdue. This should have been in place soon after the 26/11 Mumbai terror attack case. The lack of clarity among various stakeholders was preventing counter operations. The policy should now be effectively implemented,” leading cyber security lawyer Pavan Duggal said.
At present, the Computer Emergency Response Team, the National Technical Research Organisation, the Intelligence Bureau, the Research and Analysis Wing, state police forces, the Union home ministry, the National Information Infrastructure Protection Centre, the ministry of defence, the National Security Council Secretariat, the National Information Board are among the agencies involved in securing the cyber space and screening equipment that may have been infested with bugs.