Saturday, January 15, 2011

Cyber Security Policy Is Needed In India

India has been ignoring for long many policies related issues. Some of the most important policies and strategies are missing in India. For instance, we do not have national ICT policy in India. We also do not have a user friendly telecom policy in India. We do not have cyber forensics policy in India and most importantly we do not have a cyber security policy in India.

What I mean by policy is a well planned and actually implemented strategy. Merely saying that a policy of a particular field has been formulated does not make it a policy. Unfortunately India is just making policies on papers alone with no actual implementation.

The telecom policy of India is highly defective and is the main reason for corruption charges in the 2G scam. We also do not have a national IPv6 policy for India. With the gradual shift from IPv4 to IPv6 world over, India is not at all prepared in this regard.

As far as cyber security is concerned, India is least bothered in this regard. Whether it is cracking of crucial governmental computer systems, attack at the critical infrastructure of India, cyber security of defence forces of India, absence of cyber forensics expertise of law enforcement agencies of India, etc India is least bothered.

Even we have no well adopted crisis management plan in this regard that is nationally implemented. To make the matter worst, we have a cyber criminal’s friendly cyber law in India. The information technology act, 2000 is the sole cyber law of India that is useless regarding cyber law, cyber forensics and cyber security related issues.

The real problem is that Indian government and its intelligence and law enforcement agencies believe that e-surveillance is a substitute for cyber security and cyber forensics capabilities. Thus, instead of developing cyber forensics and cyber security capabilities, they are forcing a weaker cyber security regime upon India that can be snooped by them with their limited capabilities. The security and law enforcement issues related to the adoption of IPv6 norms would also face similar consequences.

It is high time for India to enact a robust and effective cyber security policy in general and national ICT policy in particular.