Cybersecurity policy

The fast adoption of digitization in India has attracted some unwelcomed guests. Yes, I’m talking about cybercriminals. India is a highly populated country. Data collection and storing happen at every end of the internet in India. But do companies provide a stable and secure environment to encrypt information and does the Indian government have a strict cybersecurity policy in place? The answer is no. Indians are becoming increasingly vulnerable to cyberattacks and their personal information including health data are often compromised. The National Cyber Security Policy published by the government in 2013 addresses the concerns of that time. Fortunately, we see light at the end of the tunnel. India’s upcoming cybersecurity policy that is expected to be unravelled in 2022 will ensure a robust cybersecurity infrastructure in the country.

Indians and Indian companies falling for cyberattacks have drastically surged in recent years. 2020 recorded the worst ever compromise so far. Amid the rapid adoption of digital services across the country during the lockdown, India reported over 3,317 cybersecurity-related issues every day. Nearly 1.16 million cases of cyberattacks were reported in 2020 alone, which is up by three times from 2019 and 20 times from 2016. Besides, the normal data, cybercriminals are using advanced tools to get their hands on critical government information. In recent months, hackers pulled down the two-factor authentication system used by the government to secure its email network, compromising the emails of many government officials. However, despite the density of the attacks, the government is still struggling to identify the modus operandi of the attack.

India is compromising more health and customer data every day. Unfortunately, the country has no formal essential framework to protect critical information and other national assets. The National Cyber Security Policy unleashed by the government in 2013 has laid down strategies that were effective during that time. But eight years past, the intensity of cyberattacks has drastically risen and the voice to introduce a better framework has intensified. During his Independence Day speech last year, PM Narendra Modi has announced India’s upcoming cybersecurity policy. The Prime Minister also added that the policy will be robust and enable protection of information, safeguard citizen’s data, and work on cracking down on ‘misinformation being spread.’

A Look at the Existing National Cyber Security Policy

The existing National Cyber Security Policy (2013) is addressing three major security concerns. It is facilitating the creation of a secure computing environment and is enabling adequate trust and confidence in electronic transactions. Besides, the framework is also guiding stakeholders’ actions for the protection of cyberspace. It accelerates organizations to create a roadmap for a comprehensive, collaborative, and collective response that would help them deal with cybersecurity issues.

What are We Execting from the Upcoming Cybersecurity Framework?

India’s upcoming cybersecurity policy is expected to have holistic strategies that could cover the entire ecosystem of cyberspace in the country. The major goal of the framework is to ensure safe, secure, resilient, vibrant, and trusted cyberspace. It is anticipated to provide a new aspect to encrypt national data, build indigenous capabilities, and conduct constant cyber audits. 

India doesn’t have a proper cybersecurity law in place. Although the Information Technology (IT) act, 2000 that came to amendment in 2008, deals with cybersecurity and associated cybercrimes, they are too old to address the rising concern. Today, business organizations are collecting data at every log in. There is no assurance that these data are safely kept under protection. Therefore, the IT act is expected to be updated. It will add more cybersecurity regulations that could keep consumer data safe in the hands of entities.

Assigning a centralized authority or a group to monitor cybersecurity activities in India is the need of the hour. Currently, the country’s government agencies and state and central governments have their own cyber experts to deal with cyber threats. But there is an urgent need to coordinate their frameworks and assign an authority to take care of it as a whole.