Cybersecurity Initiatives In India

With the growth of the internet, reliance on computers has rapidly increased. The challenge is to protect critical information infrastructure, such as in civil aviation, railway passenger reservation systems, communication networks, port management, electricity, oil and gas sectors, and banking and finance, from cyber attacks. According to the Internet Crime Complaint Center (IC3), India ranks fourth among the top 50 countries for reported cybercrime complaints, with only the U.S., Canada, and the U.K. ahead, based on the 2014 IC3 Annual Report (The Telegraph, 2015).

The lack of a trained cybersecurity workforce is a significant concern for India. Compared to China, the U.S., and Russia, which have 125,000, 91,080, and 7,300 trained cybersecurity professionals respectively, India has only 556 deployed across various government agencies (Joshi, 2013). India is regarded as an IT powerhouse, being a major software exporter and hosting numerous IT-enabled service outsourcing businesses. Thus, IT constitutes a large part of the Indian economy. Recently, the European Union identified shortcomings in India’s data security system and suggested forming a joint expert group to advise on how the country can strengthen measures to achieve data secure nation status (Sen, 2013). Therefore, India needs to seriously consider enhancing its information security infrastructure and revisiting its cybersecurity policies to attain data secure status from the European Union. It is crucial for India to maintain high-level outsourcing businesses, with prospects of increasing from the current $20 billion to $50 billion.

Combat Cybersecurity Initiatives in India

To tackle cyber security threats, the Indian government has launched several initiatives, listed below:

1. National Counter Terrorism Centre (NCTC): After the 26/11 attacks in 2008, the Indian government recognized the importance of counter-terrorism initiatives and proposed the NCTC to provide intelligence to decision-makers for planning counter-terrorism activities. NCTC will coordinate among various state and central government agencies, acting as a single, effective point for the control and coordination of all counter-terrorism measures. It is modeled on the U.S. NCTC and the UK’s Joint Terrorism Analysis Centre, with powers derived from the Prevention of Unlawful Activities Act, 1967 (Mrinhal, 2012).

2. National Information Security Assurance Program (NISAP): To raise awareness among government and critical sector organizations, CERT-In has launched the NISAP initiative to develop and implement an information security policy based on ISO/IEC 27001 and best practices for securing their infrastructure. CERT-In has established a computer forensic facility to investigate cyber crimes and provide practical training to law enforcement agencies and the judiciary. This infrastructure is being enhanced to include network forensic and mobile forensic investigation capabilities. CERT-In collaborates with defence, banking, judiciary, and law enforcement agencies to train their staff and assist in investigating cyber crimes (Shreenath, 2006).

3. Computer Emergency Response Team – India (CERT-In): Established in 2004 by the Ministry of Information Technology, CERT-In’s purpose is to respond to computer security incidents, report vulnerabilities, and promote effective IT security practices nationwide.

4. Indo-US Cyber Security Forum (IUSCSF): The India-US Cyber Security Forum was established in 2001 and is dedicated to safeguarding the critical infrastructure of a knowledge-based economy. Members of the forum include various government and private sector organizations from India and the United States that work under the forum’s guidance. They have identified risks and common concerns in cybersecurity and developed a task-oriented action plan for securing network information systems. The forum focuses on cyber security, cyber forensics, and related research, while also working to enhance cooperation between law enforcement agencies of both nations in addressing cybercrime. The defence services of both countries will enhance their collaboration through the exchange of experiences in organizational, technical, and procedural aspects. Ongoing cooperation between India’s STQC and the US National Institute of Standards and Technology (NIST) will expand into new areas, including harmonizing standards. CII and its American counterparts have decided to establish the India Information Sharing and Analysis Center (ISAC) and the India Anti-Bot Alliance (referring to software that can be used by hackers to remotely attack computers and conduct malicious activities) (Press Information Bureau, 2006).

5. India’s National Critical Information Infrastructure Protection Centre (NCIIPC): This has been designated as the nodal agency for the protection of India’s critical information infrastructure and is responsible for all measures, including research and development, for its protection. Some activities carried out by the NCIIPC include (Chander, 2013): a. Identifying critical subsectors b. Analyzing the information infrastructure of identified critical subsectors c. Issuing daily/monthly cyber alerts/advisories d. Malware analysis e. Monitoring IPs involved in zombie and malware proliferation f. Cyber forensic activities g. Research and development for a smart and secure environment h. Assisting Critical Infrastructure (CI) owners in adopting suitable policies, standards, and best practices for CI protection i. Hosting an annual CISOs conference for critical sectors j. Awareness and training k. 24/7 operations and helpdesk

6. India’s National Intelligence Grid (NATGRID) Project: This is an integrated intelligence grid developed by CDAC-Pune that connects databases of key security agencies in the Indian government (CDAC, 2014). It is a counter-terrorism measure that collects vast amounts of information from government databases, including tax and bank account details, credit card transactions, visa and immigration records, and travel itineraries for rail and air travel (Yasmeen, 2013). This combined data will be accessible to 11 central agencies, which include: the Research and Analysis Wing, Intelligence Bureau, Central Bureau of Investigation, Financial Intelligence Unit, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Enforcement Directorate, Narcotics Control Bureau, Central Excise and Customs Board, and the Directorate General of Central Excise Intelligence.

7. Crime and Criminal Tracking Network and Systems (CCTNS) Project in India: This is a project under the National e-Governance Plan (NeGP) that covers all 28 states and 7 Union Territories, aimed at developing a nationwide network infrastructure powered by IT for ‘investigating crimes and tracking criminals’ (PTI, 2013). The goal of CCTNS is to facilitate the collection, storage, retrieval, analysis, transfer, and sharing of data and information at police stations and between police stations, state headquarters, and central police organizations. CCTNS will provide a comprehensive database for crimes and criminals, making it easier for law enforcement agencies to track criminals moving from one location to another.

8. National Cyber Coordination Centre (NCCC): The National Cyber Coordination Centre is a proposed cyber security and e-monitoring agency in India. It aims to examine communication metadata and coordinate the intelligence-gathering activities of other agencies. Some components of the NCCC include strategies for preventing cyberattacks, investigating cyber incidents, and training.

9. Botnet Cleaning Center: As part of the Digital India initiative, the government is establishing a center to detect malicious programs like “botnets” and assist people in removing such harmful software from their devices. According to media reports, the government is setting up a “botnet” cleaning and malware analysis center. A botnet is a network of malicious software that can steal information, take control of device functions, and carry out cyber attacks like Distributed Denial-of-Service (DDoS).

10. Indian Government Email Policy: Currently, email is considered a primary communication source between individuals and organizations. This also applies to the Government of India (GoI). Email has become the main medium of communication for the entire government. With the increasing use of email for communication between various government bodies, the email policy was established by the Government of India (GoI) in October 2013. Here, we will cover some key sections of the policy, and readers are advised to download the policy from the Electronics and IT Department’s website.

11. Ministry of Home Affairs (MHA): The Ministry of Home Affairs (MHA) is a ministry of the Government of India. It is an internal ministry primarily responsible for maintaining internal security and domestic policy. Readers are advised to review the MHA’s annual report. The MHA has various responsibilities, including important areas like internal security, border management, center-state relations, administration of union territories, management of central armed police forces, and disaster management.

12. National Crime Records Bureau (NCRB): The NCRB aims to empower the Indian police with information technology and criminal intelligence to enforce the law effectively and efficiently while improving public service delivery. This will be achieved through coordination with police forces at both national and international levels, upgrading crime analysis technologies, and developing IT capabilities and IT-enabled solutions.

13. Data Security Council of India (DSCI): The DSCI is a leading industry body in India focused on data protection, established by NASSCOM. It is committed to making cyberspace secure, protected, and reliable by establishing best practices, standards, and initiatives in cyber security and privacy. The DSCI brings together national governments and their agencies, IT-BPM, BFSI, telecommunications, industry associations, data protection authorities, and think tanks for public advocacy, thought leadership, capacity building, and outreach initiatives. To further its objectives, the DSCI collaborates with governments, regulators, industry associations, and think tanks on policy matters. To strengthen thought leadership in cyber security and privacy, the DSCI develops best practices and frameworks, publishes studies, surveys, and papers. It builds capacity in security, privacy, and cyber forensics through training and certification programs for professionals and law enforcement agencies, engaging stakeholders via outreach initiatives including programs, awards, consultations, and membership programs. The DSCI also seeks to increase India’s share in the global security product and service market through global business development initiatives, aiming to enhance the culture of security and privacy in India.

Read Also: