National Cyber Security Strategy 2020 (NCSS 2020)
- Posted By
10Pointer
- Categories
Polity & Governance
- Published
18th Feb, 2020
-
-
Context
- The draft of National Cyber Security Strategy 2020, that envisages creating a secure cyberspace in India, is ready and will soon be sent to key ministries for comments before seeking the Cabinet approval.
- The National Cyber Security Strategy 2020 is being prepared to fill the gaps and meet the target envisaged in National Cyber Security Policy 2020.
- The vision of the strategy is to ensure a safe, secure, resilient, trusted and vibrant cyberspace for India’s prosperity.
-
Why do we need NCSS 2020?
- India was one of the first few countries to propound a futuristic National Cyber Security Policy 2013(NCSP 2013). Since the adoption of NCSP 2013, the technologies, platforms, threats, services and aspirations have changed tremendously.
- The transformational Digital India push as well as Industry 4.0 is required to be supported by a robust cyberspace. However, Cyber intrusions and attacks have increased in scope and sophistication targeting sensitive personal and business data, and critical information infrastructure, with impact on national economy and security.
- The present cyber threat landscape poses significant challenges due to rapid technological developments such as Cloud Computing, Artificial Intelligence, lnternet of Things, 5G, etc.
- New challenges include data protection/privacy, law enforcement in evolving cyberspace, access to data stored overseas, misuse of social media platforms, international cooperation on cybercrime & cyber terrorism, and so on.
- Threats from organised cybercriminal groups, technological cold wars, and increasing state sponsored cyber-attacks have also emerged. Further, existing structures may need to be revamped or revitalised.
-
Who is preparing NCSS 2020?
- The Indian Government under the aegis of National Security Council Secretariat through a well-represented Task Force is in the process of formulating the National Cyber Security Strategy 2020 (NCSS 2020) to cater for a time horizon of five years (2020-25).
-
What are the various pillars?
- Pillars of Strategy: There are various facets of cyber security under the following pillars: -
- Secure (The National Cyberspace)
- Strengthen (Structures, People, Processes, Capabilities)
- Synergise (Resources including Cooperation and Collaboration)
-
India and Cyber Attacks
- India saw the second-highest number of cyber-attacks between 2016 and 2018, according to a Data Security Council of India (DSCI) report from May this year.
- Further, the average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record amounting to INR 4,552 ($64).
- The rising cyber-attacks have resulted in more and more companies opting for cyber insurance policies to mitigate risks.
- About 350 cyber insurance policies have been sold in India till 2018, which is a 40% increase from that in 2017.
-
What has the government done for cyber security in India?
- CERT-In: The advancement in The Indian Computer Emergency Response Team (CERT-In), which operates as the national agency for tackling the country’s cybersecurity, has helped in lowering the rate of cyber-attacks on government networks.
- Cyber Surakshit Bharat: Aiming at strengthening the cybersecurity ecosystem in India — in line with the government’s vision for a ‘Digital India’, The Ministry of Electronics and Information Technology (MeitY) has launched Cyber Surakshit Bharat initiative. This program was in association with the National e-Governance Division (NeGD).
- National Critical Information Infrastructure Protection Centre: NCIIPC is a central government establishment, formed to protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare. This was amended as per the provisions of section 70A of the Information Technology (IT) Act, 2000. This organisation readily conducts cybersecurity exercises to keep a check of the cybersecurity posture and preparedness of the Government and the critical sectors.
- Appointment of Chief Information Security Officers: With the rapid digitalisation of the world, the requirement for adopting stringent measures is becoming the need of the hour. It is therefore imperative, that every government organisation is headed by a skilled security leader, also known as Chief Information Security Officers (CISOs) — who can identify and document the security requirements that arise with each technical innovation. The government of India has also recently issued a written guideline for the CISOs of government organisation, highlighting the best practices for securing applications, infrastructure, and compliance.
- Website Audit: Amid the increasing number of government website hacking, email phishing, data theft, and privacy breach cases, the Indian government has planned to conduct an audit on all the government websites and applications.
- Crisis Management Plan: This initiative is aimed at establishing a strategic framework for employees and leaders to prepare for a breach incident. It also ensures to manage the cyber interruptions of critical functions in every critical sector of the government. It assists organisations to put in place the correct mechanisms behind the desk to effectively deal with cybersecurity crisis.
- Training & Mock Drills: According to MeitY, 44 such drills have already been conducted by CERT-In this year. Also, reports have mentioned that around 265 organisations from varied states and sectors have participated in these drills. The major sectors coming up for such initiatives are finance, defense, power, and telecom. Regular workshops and training programs are also been organised for network or system administrators and CISOs to prepare them towards cyber-attacks.
- Malware Protection: The central government has also launched Cyber Swachhta Kendra, which is a cleaning bot used for malware analysis and detecting malicious programs. It also comes with free tools to remove or omit them. Along with the Cyber Swachhta initiative the government has also set up a department to generate situational awareness about existing and potential cybersecurity threats — National Cyber Coordination Centre (NCCC).
- Personal Data Protection Bill: Lastly, however, the most important one for Indian citizen, is the approval of Personal Data Protection (PDP) Bill by the union government in order to protect Indian users from global breaches, which focuses on data localisation. The bill implies the storage and processing of any critical information related to individuals only in India.
Quick Recap
- National Cyber Security Strategy 2020 (NCSS 2020)—prepared by Task Force under National Security Council Secretariat for 5 years (2020-2025).
- National Cyber Security Policy was propounded in 2013.
- India saw the second-highest number of cyber-attacks between 2016 and 2018.
- Cyber Surakshit Bharat initiative of MeitY in association with National e-Governance Division (NeGD).
- Cyber Swachhta Kendra and National Critical Information Infrastructure Protection Centre are launched by Central Govt.
- National Cyber Coordination Centre (NCCC)—to generate situational awareness about existing and potential cybersecurity threats.