The National Cyber Security Policy (NCSP) – 2013, officially released on July 2, 2013 by the Government of India, is a comprehensive framework designed to protect the country’s information infrastructure, digital assets and cyberspace environment. The policy was formulated by the Department of Electronics and Information Technology (DEITY), which now functions under the Ministry of Electronics and Information Technology (MEITY). The policy aims to protect both the government and private sectors from the growing threats of cyber crimes, cyber espionage, hacking, data breaches and other online attacks that could pose a threat to India’s security and sovereignty.
The National Cyber Security Policy – 2013 is defined as a strategic national framework that outlines the vision, mission and objectives needed to create a secure and sound cyberspace for citizens, businesses and government entities. It serves as a blueprint for strengthening India’s cyber ecosystem through the development of secure networks, skilled manpower, legal frameworks, public-private collaboration and incident response mechanisms. The main goals of this policy are to build trust and confidence in IT systems, ensure confidentiality of users’ data and protect critical information infrastructure such as banking systems, energy networks, telecommunications and defense communication systems from potential cyber threats.
Formally, this policy defines cybersecurity as the protection of information, equipment, devices, computer resources, communication systems, and data from unauthorized access, use, modification, or destruction. Thus, the National Cyber Security Policy – 2013 provides a national-level guideline to prevent, detect and respond to cyber incidents. It also promotes awareness, research and innovation in cyber security to ensure India’s preparedness in the digital age.
This document emphasizes the establishment of a National Critical Information Infrastructure Protection Center (NCIIPC) and strengthening of the Indian Computer Emergency Response Team (CERT-In) to coordinate and respond to cyber security incidents. The policy aims to “create a secure and resilient cyberspace for citizens, businesses, and government”, and its mission focuses on creating a framework that ensures trust in electronic transactions, improves IT governance, and provides law enforcement with support in addressing cyber threats.
Key objectives of the National Cyber Security Policy – 2013 include the protection of information and communication infrastructure, enabling secure e-governance, development of 500,000 skilled cyber security professionals within five years, and encouraging domestic and international cooperation to strengthen cyber resilience. The policy also calls for the development of a National Cyber Coordination Center (NCCC) to monitor and manage cyber threats and incidents in real time.
The National Cyber Security Policy – 2013 defines the government’s approach to ensuring national security in cyberspace by combining legal, technical and institutional measures. It recognizes cyberspace as an important component of India’s economy and defense and provides a roadmap to reduce vulnerabilities, effectively respond to cyber attacks and build a culture of cyber security awareness. Adopted on July 2, 2013, the policy is a landmark step in shaping India’s digital security framework and represents a formal declaration of India’s commitment to creating a safe, secure and reliable digital environment for its citizens and institutions.
A. Preface
1. Cyberspace is a complex environment involving interactions between people, software and services, supported by the worldwide distribution of information and communication technology (ICT) tools and networks.
2. Because of the numerous benefits derived from technological advances, cyberspace is today a shared resource used by citizens, businesses, critical information infrastructures, the military and governments, making it difficult to draw clear boundaries between these different groups. Cyberspace is expected to become more complex in the near future, as the number of networks and devices connected to it will increase manifold.
3. Information technology (IT) is one of the important areas that is based on and inhabits cyberspace. It has emerged as one of the most important growth catalysts for the Indian economy. Apart from boosting India’s economy, the sector is positively impacting the lives of the people of the country through direct and indirect contributions to various socio-economic parameters such as employment, standard of living and diversity. The sector has played a vital role in transforming India’s image as a global player in providing world-class technology solutions and IT business services. The government is engaged in public services (government to citizen services, citizen identity, public distribution system), healthcare (telemedicine, distance counselling, mobile clinics), education (e-learning, virtual classrooms, etc.) and financial services (mobile banking/payment gateway).) etc. has been a major driver for increased adoption of IT-based products and IT enabled services. Such initiatives have enabled increased adoption of IT in the country through sectoral reforms and national programmes, resulting in the creation of large-scale IT infrastructure with corporate/private partnerships.
4. In view of the development of the IT sector in the country, ambitious plans for rapid social transformation and inclusive growth and India’s key role in the IT global market, to create a secure computing environment and provide adequate confidence and confidence in electronic transactions, software, service devices and networks. Focusing the right kind of attention has become one of the essential priorities for the country. This type of focus will make it possible to create a suitable cyber security ecosystem in the country to suit the global networked environment.
5. Cyberspace is vulnerable to a wide range of phenomena, whether intentional or accidental, man-made or natural, and data exchanged in cyberspace can be exploited for nefarious purposes by both nation-states and non-states. Cyberattacks, targeting the infrastructure or underlying economic well-being of a nation-state, can effectively reduce available state resources and undermine confidence in their supporting frameworks. A cyberrelated incident of national importance can occur in any form; an organized cyberattack, uncontrolled exploitation such as computer viruses or worms or any malicious software code, a national disaster with serious cyber consequences or other related events capable of causing extensive damage to information infrastructure or key assets. Large-scale cyber incidents can affect government, public and private sector resources and services by disrupting the functioning of critical information systems. The complications resulting from such large-scale disruptions could constitute a threat to life, the economy and national security.
Rapid detection, information exchange, investigation, and coordinated response and treatment can reduce the damage caused by malicious cyberspace activity. Some examples of cyber threats to individuals, businesses, and government are identity theft, phishing, social engineering, hacktivism, cyberterrorism, mixed threats targeting mobile devices and smart phones, compromised digital certificates, advanced persistent threats, denial of service, bot nets, supply chain attacks, data leakage, etc. The protection of the information infrastructure and the confidentiality, integrity and availability of information in cyberspace is the essence of a secure cyberspace.
6. Various activities and programmes of the Government are under way to address cybersecurity challenges, which have contributed significantly to the creation of a platform that is now able to provide support and continuity to efforts to secure cyberspace. Due to the dynamic nature of cyberspace, these functions now need to be integrated within a national cybersecurity policy, with an integrated approach and a set of consistent and coordinated strategies for implementation.
7. Cybersecurity policy is an evolving task and caters to the entire spectrum of ICT users and providers, including domestic users, small, medium and large enterprises, and governmental and non-governmental entities. It serves as a comprehensive framework for defining and directing actions related to the security of cyberspace. It also enables individual sectors and organizations to formulate appropriate cybersecurity policies tailored to their needs. The policy provides an overview of the measures required for the effective protection of information, information systems and networks and also informs the Government’s approach and strategy for the protection of cyberspace in the country. It also outlines some points to enable collaborative work of all key stakeholders in the public and private sector to protect country information and information systems. Therefore, the objective of this policy is to create a cyber security framework that accelerates specific actions and programs to improve the security situation of the country’s cyberspace.
I. Vision:
To create a secure and resilient cyberspace for citizens, businesses and government.
II. Mission:
To protect information and information infrastructure in cyberspace through a combination of institutional structures, people, processes, technology and collaboration, building capabilities to prevent and respond to cyber threats, reducing vulnerabilities and reducing cyber incidents. Minimizing damage caused by.
III. Purpose:
1. To build a secure cyber ecosystem in the country, generate adequate trust and confidence in IT systems and transactions in cyberspace and thus increase IT adoption in all sectors of the economy.
2. To create an assurance framework to promote and enable actions to comply with global safety standards and best practices through the design of safety policies and conformity assessment (products, process, technology and people).
3. Strengthening the regulatory framework to ensure a secure cyberspace ecosystem.
4. Enhancing and creating 24×7 mechanisms at the national and regional levels to capture strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective forecasting, preventive, protective, response and recovery actions.
5. Increasing the security and resilience of the nation’s critical information infrastructure by operating the 24×7 National Critical Information Infrastructure Protection Center (NCIIPC) and mandating security practices related to the design, acquisition, development, use, and operation of information resources.
6. Developing appropriate indigenous security technologies through leading-edge technology research, solution-oriented research, concept-proof, experimental development, transformation, diffusion and commercialization, leading to widespread use of secure ICT products/processes to meet national security needs in general and in particular.
7. To improve the visibility of the integrity of ICT products and services by establishing infrastructure for testing and verifying the safety of such products.
8. To create a workforce of 500,000 professionals skilled in cybersecurity over the next 5 years through capacity building, skills development and training.
9. To provide financial benefits to businesses for adopting standard safety practices and procedures.
10. Enabling the protection of information during processing, handling, storage and transit so as to protect the privacy of citizens’ data and minimize economic losses caused by cybercrime or data theft.
11. Enabling effective prevention, investigation and prosecution of cybercrime through appropriate legislative intervention and enhancing law enforcement capacities.
12. Building a culture of cybersecurity and privacy while enabling responsible user behavior and actions through an effective communication and promotion strategy.
13. Developing effective public-private partnerships and collaborative engagement through technical and operational cooperation and contributions to enhance the security of cyberspace.
14. Enhancing global cooperation by promoting shared understanding and leveraging linkages to advance the security of cyberspace.
IV. Strategies: A. Building a secure cyber ecosystem
1. To establish a National Nodal Agency to coordinate all matters related to cyber security in the country, whose roles and responsibilities are clearly defined.
2. To encourage all organizations, private and public, to appoint a member of senior management as Chief Information Security Officer (CISO), responsible for cybersecurity efforts and initiatives.
3. Encouraging all organizations to develop information security policies duly integrated with their business plans and to implement such policies in accordance with international best practices. Such policies should include establishing standards and mechanisms for secure information flow (during process, operation, storage and transit), crisis management planning, proactive security situation assessment and forensically enabled information infrastructures.
4. Ensuring that all organizations set a specific budget to implement cybersecurity initiatives and deal with the emergency response generated by cyber incidents.
5. To provide financial schemes and incentives to encourage institutions to establish, strengthen and upgrade information infrastructure regarding cyber security.
6. Preventing the occurrence and recurrence of cyber incidents through incentives for technology.
7. To establish a mechanism for information sharing, identifying and responding to cybersecurity incidents, and cooperation in restoration efforts.
8. Encouraging entities to adopt guidelines for the procurement of reliable ICT products and providing for the procurement of indigenously manufactured ICT products with security implications.
B. Creating an assurance framework
1) Promote the adoption of global best practices in information security and compliance and thus improve the cybersecurity situation.
2) To create infrastructure for conformity assessment and certification of compliance with cybersecurity best practices, standards and guidelines (eg, ISO 27001 ISMS certification, IS systems audit, penetration testing/vulnerability assessment, application security testing, web security testing).
3) To enable the implementation of global security best practices in formal risk assessment and risk management processes, business continuity management and cyber crisis management planning by all entities in government and critical sectors, so as to reduce the risk of disruption and improve the security situation.
4) To identify and classify information infrastructure facilities and assets at institution level with respect to risk perception for the adoption of tailored security measures.
5) Encouraging secure application/software development processes based on global best practices.
6) To create a conformity assessment framework for periodic verification of compliance with best practices, standards and guidelines on cybersecurity.
7) To encourage all entities to periodically test and evaluate the adequacy and effectiveness of technical and operational security control measures implemented in IT systems and networks.
C. Encouraging open standards
1) Encouraging the use of open standards to facilitate interoperability and data exchange between different products or services.
2) To promote a consortium of government and private sector to increase the availability of tested and certified IT products based on open standards.
D. Strengthening the regulatory framework
1) To develop and periodically review a dynamic legal framework to address cybersecurity challenges posed by technological developments in cyberspace (such as cloud computing, mobile computing, encrypted services and social media) and harmonize it with international frameworks, including those related to Internet governance.
2) Mandating periodic audits and evaluations of the adequacy and effectiveness of the security of information infrastructures, wherever appropriate, with regard to regulatory frameworks.
3) Enable, educate and facilitate awareness of the regulatory framework.
E. Creation of mechanisms for early warning of security threats, vulnerability management and response to security threats
1) To create national-level systems, processes, structures and mechanisms for creating the necessary circumstantial scenario of existing and potential cybersecurity threats and for timely information sharing for proactive, preventive and protective actions by individual entities.
2) To operate a 24×7 National Level Computer Emergency Response Team (CERT-1N) to act as a nodal agency to coordinate all efforts for cyber security emergency response and crisis management. CERT-1 N will act as a comprehensive organization in enabling the creation and operation of regional CERTs, as well as in facilitating communication and coordination functions in dealing with cybercrisis situations.
3) To conduct 24×7 regional CERTs for all coordination and communication functions in related areas for effective incident response and resolution and cyber crisis management.
4) To implement a cyber crisis management plan to address cyber-related incidents affecting critical national processes or threatening the public security of the nation through well-coordinated, multidisciplinary approaches at the national, regional and entity levels.
5) Conduct and facilitate regular cybersecurity exercises and exercises at the national, regional and entity levels to enable assessments of the security situation and the level of emergency preparedness in resisting and dealing with cybersecurity incidents.
F. Security of e-governance services
1) Mandating the implementation of global security best practices, business continuity management and cyber crisis management planning for all e-governance initiatives in the country, so as to reduce the risk of disruption and improve the security situation.
2) Encouraging wider use of public key infrastructures (PKIs) within government for reliable communications and transactions.
3) Engaging information security professionals/organizations to assist in e-governance initiatives and ensuring compliance with security best practices.
G. Preservation and flexibility of critical information infrastructures
1. Developing a plan for the protection of critical information infrastructures and
2. Integration with business planning at entity level and implementing such planning. The plans will include establishing mechanisms for secure information flow (during process, operation, storage and transit), guidelines and standards, crisis management planning, proactive security situation assessment and forensically enabled information infrastructures.
3. To operate a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) to act as the nodal agency for critical information infrastructure security in the country.
4. Facilitate the identification, prioritization, evaluation, improvement and protection of critical infrastructure and key resources based on the security planning of critical information infrastructure.
5. Mandating the implementation of global security best practices, business continuity management and cyber crisis management planning by all critical sector entities to reduce the risk of disruption and improve the security situation.
6. To encourage the use of validated and certified IT products and make mandatory as required.
7. Mandating security audits of critical information infrastructures on a periodic basis.
8. Making certification mandatory for all security roles involved in the operation of critical information infrastructures, from CISOs/CSOs.
9. Mandating the secure application/software development process (from design to retirement) based on global best practices.
H. To promote research and development in cyber security
1) To undertake R & D programmes to address all aspects of development, taking into account short-term, medium-term and long-term goals. R & D programmes shall address all aspects including the development of reliable systems, their testing, deployment and maintenance throughout the life cycle and shall include R & D on state-of-the-art safety technologies.
2) Encouraging R & D to produce cost-effective, customised indigenous security solutions meeting a wide range of cybersecurity challenges and targeting export markets.
3) to convert, disseminate and commercialise the results of R & D into commercial products and services for use in the public and private sectors.
4) to establish centres of excellence in areas of strategic importance for the protection of cyberspace.
5) to cooperate in joint R & D projects with industry and academia in leading-edge technologies and solution oriented research.
I. Reducing supply chain risks
1) Build and maintain testing infrastructures and facilities for IT security product evaluation and compliance verification in accordance with global standards and practices.
2) Building reliable relationships with product/system vendors and service providers to improve overall supply chain security visibility.
3) To create awareness among entities about threats, vulnerabilities and consequences of security breaches to manage supply chain risks related to the procurement of IT (products, systems or services).
J. Human resource development
1) Promote education and training programmes in both the formal and informal sectors to support the cybersecurity needs of the nation and build capacity.
2) Establish cybersecurity training infrastructures throughout the country through public-private partnership arrangements.
3) To establish cyber security concept laboratories for awareness and skills development in key areas.
4) Establish institutional mechanisms for capacity-building for law enforcement agencies.
K. Creation of cyber security awareness
1) Promote and initiate a comprehensive national awareness programme on the protection of cyberspace.
2) To continue the security literacy awareness and promotion campaign through electronic media to help citizens become aware of the challenges of cybersecurity.
3) Conduct, support and enable cybersecurity workshops/seminars and certification.
L. Development of effective public-private partnerships
1) Facilitate cooperation and collaboration among stakeholder entities, including the private sector, in the area of protecting critical information infrastructures for cybersecurity in general and actions related to cyber threats, vulnerabilities, violations, possible protective measures and the adoption of best practices in particular.
2) To formulate models for cooperation and engagement with all relevant stakeholders.
3) Creating a think tank for cybersecurity policy input, discussion and deliberation.
M. The Information sharing and collaboration
1) To develop bilateral and multilateral relations in the field of cybersecurity with other countries. 2) Enhancing national and global cooperation among security agencies, security and training institutions (CERT), defence agencies and forces, law enforcement agencies and judicial systems. 3) To create mechanisms for dialogue on technical and operational aspects with industry to facilitate efforts for the recovery and resilience of systems, including critical information infrastructures.
N. Priority approach to implementation
1) to adopt a priority approach to the implementation of policy so that the most important areas are the first to be addressed.
O. Implementation of the policy
The policy will be implemented through detailed guidelines and action plans, wherever appropriate, at various levels such as national, regional, state, ministry, department and enterprise, to meet the challenging requirements of security of cyberspace.
Read Also:
- Adani Group Legal Victory: Supreme Court Orders Removal Of 266 Youtube And Instagram Videos Alleging Land Scam
- Election Fraud Exposed: Huge Irregularities Found In Voter List
- Vote Theft Controversy In India: Analysis Of Rahul Gandhi Allegations Against ECI
- The Big Financial Controversies Of BJP Time: An Investigation Of Alleged Scams And Allegations
- Security Issues Of E-Commerce
- Cyberterrorism And Cyberattack
- Protection Of Your Personal Data From Fraud And Scams
- Detecting Fraud And Scams From Communications
- Artificial Intelligence (AI) Fraud Scams
- Never Pay For A Job: Understanding The Trap
- Always Use Trusted Platforms To Avoid Fraud And Scams
- The Hidden World Of Task Scams: A Modern Epidemic
- Fake Offer Letter Scams: The Misleading Trap Of Employment Fraud
- Important Tips And Methods To Protect Your Personal Data From Fraud And Scams
- Big Scams And Controversies Related To Mamata Banerjee And Trinamool Congress (TMC)
- Reshipping Scams: Modern Global Fraud That Exploits Trust And Opportunity
- Working From Home Scams: The Hidden Epidemic Of Modern Labour Fraud
- Phishing And Email Scams
- The World Of Advance Fee Fraud
- The Dark Truth About Fake Job Listings And Fraudulent Websites
- Rise Of Fraudsters And Scammers In Contemporary India
- Image Of Mamata Banerjee As The Main Fraudster In India
- Understanding Skype Accounts
- Auditor Should Develop New Ways Of Preventing Fraud In Government Departments, Improving Capacity: Modi
- Digital Fraud Doubled Home Ministry Told Parliament-UPI Also Included
- Attention Cyber Attackers Are Hidden In Your Phone, Government Warns, Told The Way To Rescue
- New Law To Surf Torrent Site In India
