Cybersecurity Needs to be a Built-in Process Rather than Being Bolted on Top: Dr. Sanjay Bahl, Director General, CERT-In

With the talk of Industry 4.0 coming into the picture and eventually taking the centre stage over the coming years, cybersecurity landscape is bound to come into the picture as well. Cyberattacks could seriously damage the credibility of industries and enervate their way of functioning; therefore, cybersecurity should be of utmost importance and a process that needs to be built-in. The Government of India is however not taking emerging threats lightly and has announced a slew of initiatives to tackle the cybersecurity challenge. In an interview with DataQuest, Dr. Sanjay Bahl, Director General, Indian Computer Emergency Response Team (CERT-In) outlined those initiatives and also spoke of the steps being taken to address the cybersecurity skills shortage.

Initiatives Announced by the Government of India to Aid Cybersecurity

Dr Sanjay Bahl, who was at the AVAR 2018 Conference hosted by K7Computing, categorized the initiatives under four divisions, which are as follows:

Number one is from incident response perspective: Apart from responding to cyberattack incidents, Cert-In also looks at providing training to system and network administrators, and CISOs, while equipping them with specific information and knowledge as to what is happening in the threat labs. CERT-In provides them with white papers and advisories on a regular basis, of which some are in public domain and some are not.

Number two is from assurance perspective wherein CERT-In has done empanelment of 69 auditors after stringent tests. The organization also carries out cyber drill or exercises so that oraganisations know how prepared they are against cyberattacks. A crisis management plan has also been developed for which workshops are conducted that people can follow.

Number three is from intelligence perspective such as the Cyber Swachhta Kendra, which is a citizen centric service that is free of cost and involves both public and private partnership such as government, industries, ISPs, etc. “Everyone is working together to make sure electronic devices citizens use are safe and secure. Seeing this various organizations namely ISPs, financial institutions, transport and telecom sectors have joined to make sure this information is received faster and on a daily basis,” said Dr Sanjay Bahl. Apart from this, the National Cyber Coordination Centre is operational that provides a situational awareness of what is happening in cyber space.

Number four is from the collaboration and corporation perspective, which includes working with various trusted entities like other CERTs in different countries who are like minded, various law enforcement agencies, regulators, public private organizations, specific communities, and industry bodies.

Government Initiatives to Address Cybersecurity Skills Shortage

Information Security Education and Awareness (ISEA) is a programme that has been announced for general citizens in local languages and 51 educational institutions have come together with formal courses for Btech level, Masters and Phd to educate people on cybersecurity. The aim behind starting ISEA was that one of the key elements essential for information security is availability of right kind of qualified and well trained human resources, who could take up Research & Development (R&D), develop indigenous solutions/ software, secure and maintain various systems including critical infrastructure.

Whereas the Cyber Surakshit Bharat Programme was announced for CISOs and industry leaders. The Cyber Surakshit Bharat programme, lead by Ministry of Electronics and Information Technology (MeitY) and supported by NeGD, and a consortium of private players including Microsoft, WIPRO, Redhat, Dimension Data and Deloitte, will help develop a robust base for cybersecurity; equip government officials (CISOs & frontline IT staff) with the latest know-how and technology; ensure the safety of all government properties and services; and secure citizen data available on the digital domain. All this means that capacity building is happening at multiple levels, says Dr Bahl.

Dr Sanjay Bahl said that the AVAR 2018 hosted by K7 Computing was a welcome initiative in terms of aiding the cybersecurity landscape. “Quality of speakers at AVAR is phenomenal and it is a wonderful event that K7 Computing has organized. Indian companies should start taking the centre stage and this is a welcome step. Now the time is right and people are willing to become entrepreneurs and come forward, so we should see this opportunity now and momentum should be built up,” he said. Dr Bahl also added that cybersecurity is a process that needs to be built-in rather than bolted on top to combat the emerging threats and also in order to be better prepared to ward off cyberattacks.