On June 12, the national cyber security coordinator of the National Security Council Secretariat, Lt Gen Rajesh Pant (Retd), stated that the National Cyber Security Strategy 2023 is in the final stages of being approved. The official announced at an event hosted by Persistent Systems Limited in Pune that the initial version of the National Cybersecurity Reference Framework (NCRF) document is prepared for public release.
Lt Gen Pant said, “National Cyber Security Strategy 2023 is an important document that supersedes the 2013 policy. From 2013 till 2023, the world has changed as new threats have emerged, calling for a new strategy. The document will be put in the public domain after a final check by the committee to ensure that nothing confidential is released”.
According to Lt Gen Pant, the government has been continuously trying to provide structured guidance on cyber security to the vital sectors of the country, including telecom, electricity and energy, transportation, finance, strategic institutions, government entities, and health. This significant undertaking is led by the National Critical Information Infrastructure Protection Centre as part of a project financed by the National Security Council Secretariat.
He said, “Organisations can use the NCRF to improve their cybersecurity posture, reduce data breach risk or any cybersecurity incident, ensure compliance with regulations and enhance operational efficiency”. He added that the central government has also invested 700 crores in a nationwide project to promote cyber awareness and skill development.
According to the National Cyber Security Coordinator, the government will release the framework document in a month after reviewing the document. He added the first draft of the framework was created by IIT-Bombay and the IT firm Persistent Systems, and the government later refined it.
While talking about cyber security Lt Gen Pant stated, “There are two aspects to cyber security. First is cyber hygiene for all of us and cyber skilling of the cyber workforce i.e. the people who enforce cyber security. For the first part, we have a programme ISEA (Information Security Education and Awareness) programme, which is now in phase II, implemented by the Ministry of Electronics and IT and CDAC; Hyderabad is the nominated agency for spreading public awareness. Cyber skilling is another programme run in government and private universities where the syllabus has changed as per the changing needs. I agree that a lot more needs to be done”.
Cybersecurity has become a major concern as ransomware attacks are causing critical damage to the country’s economy. But the growing technological advancements have urged the government to revise the existing 2013 National Cyber Security Strategy.
In February, while speaking at the India Digital Summit 2023, organised by the Internet and Mobile Association of India (IAMAI), Lt Gen Pant said the new framework would be founded on the idea of “common but differentiated responsibility,” according to which there are diverse responsibilities for individuals, corporations, academia, and the government.
He stated,”It is important for individuals to have good cyber hygiene, and enterprises should have zero trust architecture”.
Additionally, Lt Gen Pant stated that the ITU (International Telecommunication Union)-approved 5G architecture is safer than 4G as it uses 256-bit encryption. He further discussed about network slicing, but he warned that vulnerabilities may arise from the Internet of Things (IoT).
According to Pant, the power and telecom sectors are recognised as supercritical. He added that since the implementation of the security directive regarding the telecom sector, there has been no disruption,”We initiated a national security directive for the telecom sector, and implemented from June 15, 2021 which stipulates that any product connected to a telecom network has to be from a trusted source”.
To fight against cybercrime, the central government has established the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA). Even the Ministry of Electronics and Information Technology have established the Computer Emergency Response Team, or CERT-In to serve as the federal government’s technological defence arm against cyberattacks and safeguards against hacking, phishing, and similar-based online attacks.
The new framework, National Cyber Security Strategy 2023, will be vital for providing a revised structure for these organisations to tackle the growing cyberattacks happening in India.