Indian government has finally released the much
awaited national
cyber security policy (NSCP), 2013. It took India many
years to learn and appreciate the importance of cyber security but
still this is a good step in the right direction. The policy is at
the infancy stage as its actual implementation is yet to take place.
The policy is a broad outline and it is still
lacking on many counts. Cyber security of India must be improved so
that Indian cyberspace can be a safe place to do personal and
business related online transactions.
According to the exclusive techno legal cyber
security research and development centre of India (TLCSRDCI),
the objectives of the NCSP 2013 include creation of a cyber ecosystem
in the country, encouraging open standards, strengthening of
regulatory
framework, securing e-governance services, critical
infrastructure protection, promotion of research and
development in cyber security, spreading cyber
security awareness, providing fiscal benefits to
businesses for adoption of standard security practices and processes,
developing effective public private partnerships and collaborative
engagements through technical and operational cooperation.
All of these objectives require tremendous techno
legal cyber security expertise and capabilities. These objectives
cannot be achieved overnight and they require systematic, continuous
and dedicated efforts on the part of Indian government.
For instance, India has no dedicated cyber security
legal framework. It would take Indian government decades before it
come up with comprehensive cyber security legislation. Even the
present cyber law of India is grossly offensive and is
unconstitutional on numerous counts. Experts have even suggested
repeal
of the same. In these circumstances meeting the regulatory framework
objective of the NCSP would be expecting too much from Indian
government.
Similarly, the cyber
security awareness in India is also missing. Though Indian
government has prescribed a requirement to provide cyber
security awareness brochures by electronic products
vendors, including hardware vendors, yet nobody is following this
direction in India. A legislation
mandating strict cyber security disclosure norms in India
has also been proposed by Indian government but there is no progress
on this front as well.
Meanwhile, Indian PMO has sanctioned
Rs. 1,000 crore to strengthen Indian cyber security. Indian security
agencies are promoting their own cyber security agendas and they are
insisting upon indigenously
made cyber security software usage in India.
No doubt the NCSP is praiseworthy but the real
question is would India be able to achieve the objectives prescribed
by the same? Keeping in mind the previous track record of Indian
government it would be safe to presume that the national cyber
security policy, 2013 (NCSP) may face implementation hurdles in India
if the Indian government does not pursue the same in proper and
holistic manner.
