Wednesday, July 3, 2013

The National Cyber Security Policy, 2013 (NCSP) May Face Implementation Hurdles

Indian government has finally released the much awaited national cyber security policy (NSCP), 2013. It took India many years to learn and appreciate the importance of cyber security but still this is a good step in the right direction. The policy is at the infancy stage as its actual implementation is yet to take place.

The policy is a broad outline and it is still lacking on many counts. Cyber security of India must be improved so that Indian cyberspace can be a safe place to do personal and business related online transactions.

According to the exclusive techno legal cyber security research and development centre of India (TLCSRDCI),  the objectives of the NCSP 2013 include creation of a cyber ecosystem in the country, encouraging open standards, strengthening of regulatory framework, securing e-governance services, critical infrastructure protection, promotion of research and development in cyber security, spreading cyber security awareness, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation.

All of these objectives require tremendous techno legal cyber security expertise and capabilities. These objectives cannot be achieved overnight and they require systematic, continuous and dedicated efforts on the part of Indian government.

For instance, India has no dedicated cyber security legal framework. It would take Indian government decades before it come up with comprehensive cyber security legislation. Even the present cyber law of India is grossly offensive and is unconstitutional on numerous counts. Experts have even suggested repeal of the same. In these circumstances meeting the regulatory framework objective of the NCSP would be expecting too much from Indian government.

Similarly, the cyber security awareness in India is also missing. Though Indian government has prescribed a requirement to provide cyber security awareness brochures by electronic products vendors, including hardware vendors, yet nobody is following this direction in India. A legislation mandating strict cyber security disclosure norms in India has also been proposed by Indian government but there is no progress on this front as well.

Meanwhile, Indian PMO has sanctioned Rs. 1,000 crore to strengthen Indian cyber security. Indian security agencies are promoting their own cyber security agendas and they are insisting upon indigenously made cyber security software usage in India.

No doubt the NCSP is praiseworthy but the real question is would India be able to achieve the objectives prescribed by the same? Keeping in mind the previous track record of Indian government it would be safe to presume that the national cyber security policy, 2013 (NCSP) may face implementation hurdles in India if the Indian government does not pursue the same in proper and holistic manner.