Cyber crimes are fast developing as potential threats not only to normal internet users, but even to a country’s security and economy. With the advancement in technology, the ways to conduct cyber crimes are also becoming more advanced and lethal. It has been reported that as many as 308,371 Indian websites were hacked between 2011 and 2013, and worryingly, 78 of those were government websites. Hacking critical government websites can leak highly confidential information, and even reveal top secret military insights. Mobile devices are also in danger because it is relatively easier to hack them, which explains why there has been a substantial increment on the number of attempts made to hack mobile devices. There are over 800 million mobile, and 160 million Internet users in India. Thus, something has to be created to ensure safer computing environment. The first Act regarding cyber crimes was introduced in 2000, but National Cyber Security Policy 2013 is by far the best attempt made by the government in tackling this issue. In 2013, a national daily citing documents leaked by NSA whistleblower Edward Snowden, alleged that much of the NSA surveillance was focused on India’s domestic politics and its strategic and commercial interests. This led to spark furore among people. Under pressure, Government unveiled a National Cyber Security Policy 2013 under the Department of Electronics and Information Technology (DeitY) on 2 July 2013. It focuses on protecting the public and private infrastructure from cyber attacks. The policy also intends to safeguard “information, such as personal information (of National Cyber Security Policy 2 web users), financial and banking information and sovereign data”. The primary objective of this policy seems to create a ‘secure cyber ecosystem’ by creating a secure computing environment in India. It also points out how important IT is to our economy and how much it has contributed to our growth as a nation. It aims to build more trust in IT systems and transactions in the cyber space by introducing some strong policies. One of it is to strengthen the regulatory framework and make sure that every cyber attack is inspected and duly punished; legislative intervention would also take place in case of a cyber crime. It also mentions that 500,000 skilled cyber security professionals will be trained through extensive teaching. These experts will serve as the backbone for ensuring a safe and secure cyberspace in India. Some others objectives are:
1. To make sure that citizen’s data is protected so as to safeguard one’s privacy, and decrease the economic losses due to cyber frauds, or data theft.
2. To encourage industries and companies to adopt standard security procedures and practices so that they can be safeguarded from cyber attacks. Fiscal benefits will be given to the industries that do so.
3. To develop testing and validation of cyber security provided by ICT products and services.
4. To form and constantly improve a mechanism at the national and sectoral level which would: collect all the possible threats to ICT infrastructure, form situations to improve response, resolutions and crisis management by adopting predictive, preventive, protective response and recovery actions.
Implementation Nothing’s good, until it can be proven so. The plans laid out in this policy are commendable and they do take into consideration, the growing needs of a more secure cyberspace. Now, let’s see the strategies the government would apply to fulfill these objectives:
1. Forming a national agency which will be responsible for coordinating all the matters related to cyber security.
2. Advising all the private and public companies to have a Chief Information Security Officer who will be responsible for company’s cyber security.
3. Forming tie-ups between public and private industries so that the best practices for cyber security can be employed.
4. Educating and providing training programs to citizens and industries about 3 cyber security.
5. Promoting development and research in the field of cyber security.
6. Forming and operating a National Critical Information Infrastructure Protection Center which will oversee and safeguard all the critical information.
7. With the advancement in technology, government will face new challenges in curbing cyber attacks. Hence, NSCP talks about creating a dynamic legal framework which will look into challenges posed in areas such as cloud computing, mobile computing and social media.