A robust cybersecurity policy is needed for a safer Digital India

COVID-19's ongoing pandemic has led the world to acknowledge the importance of cybersecurity, especially for a workforce that is largely based at home. Cyberattacks on India's digital landscape have risen over the past few months and are gaining in scope and sophistication, targeting sensitive personal and business data and critical information infrastructure, affecting the economy and national security. According to the Indian Computer Emergency Response Team (CERT-In), more than 6.07 lakh cyber security cases were reported until June of this year. It certainly serves as a wake-up call to India regarding stronger policies. Through the National Cybersecurity Policy soon to be released, the government could not have chosen a better time to reiterate the need for stronger cybersecurity.

In 2013, the Indian government released a National Cyber Security Policy (NCSP) that outlined a number of strategies to combat cyber-attacks. Eight years have passed and there has been no implementation of any policy. With the increase in attacks causing national security concerns, the government will be adjourning this topic during the winter session.  As part of the policy, the entire ecosystem of cyberspace in India will be covered by a vision to ensure a safe, secure, resilient, vibrant, and trusted cyberspace.  India has the opportunity to align its domestic policy with its global aspirations through its forthcoming National CyberSecurity Policy.

Why does India need strong cybersecurity soon?

Cyber intrusions and attacks on sensitive personal and business data, as well as critical infrastructure, have grown significantly, with consequences for national security and the economy. Due to rapid technological developments such as cloud computing, artificial intelligence, internet of things, and 5G, the current cyber threat landscape poses significant challenges. Among the new challenges are data protection/privacy, law enforcement in an evolving cyberspace, access to data stored overseas, misuse of social media platforms, international cooperation on cybercrime and cyberterrorism, etc. As a result of the Coronavirus pandemic, communication around digital security has increased.

Recommendations that can be made in the Cybersecurity Policy

• State-sponsored attacks must be dealt with through an action plan. Attacks like these compromise government infrastructure, private businesses, and citizens' personal information.
• In the event of any national security attack, an SOS lockdown policy is needed to safeguard nuclear grids, power grids, financial institutions, and satellite communication immediately.
• If the country intends to digitize its finance and healthcare, then there should be provisions for  training of the common mass in cybersecurity.
• There should be risk-based standards of requirements for Organizations (both Private and Government run) security policy for governments depending on the criticality of their services or type of data processed/stored/accessed.
• Government should publish a risk-based standards around cybersecurity controls and incident response that every organization (both Private and Government run) based on the criticality of their services or type of data processed/stored/accessed.
• A clear governance structure to verify and validate the adherence to the set policy/standards and penalize the organizations not complying with these standards
• Mandatory disclosure to the impacted parties in a timely manner in the event of a breach and a process to seek punitive damages.
• Cybersecurity architecture at the national level is lacking. Several critical infrastructures are owned by the Government and private sector, whereas the military has its own firefighting agencies. There is, however, no national security architecture that unifies these agencies' efforts to assess threats efficiently and deal with them effectively.
• It is inevitable that IOT devices will rise with the advent of 5G. The government should define security standards for these new internet-connected devices with the help of security companies.

Given the recent cyber assaults attempted on India’s digital ecosystem, there is an urgent need for India to upgrade its cybersecurity strategy. Hackers are targeting business organisations and government processes across the globe, as many countries resort to digital warfare. This makes India's cybersecurity guidelines and standards crucial for keeping a check on cyber vulnerabilities and cyber responses.

The article has been written by Satya Machiraju, VP, Information Security, Whatfix