Responding to a question in the Lok Sabha, the government has admitted it has formulated a draft National Cyber Security Strategy 2021. The government says the strategy looks at addressing the issues of security of national cyberspace.
It was first reported in March this year that India is contemplating a new National Cyber Security Strategy. National Cyber Security Coordinator Lt. General Rajesh Pant said that the plan will coordinate responses by multiple ministries and government offices, besides coordinating with specialized agencies like the CERT-In and the NCIIPC. The strategy is now expected to be released by year-end.
The Need for a New Strategy
India already has a National Cyber Security Policy, 2013. However, growing instances of intrusions, especially state-sponsored intrusions have forced the government to rethink the policy. Multiple nations, including the UK and the US, are overhauling their cybersecurity legislation and programs.
The government has recently revealed that the tri-command Defence Cyber Agency is now fully functional.
Increased Spending and Training on Cyber Security
The government has also revealed increased funding to strengthen cybersecurity. In 2021-22, the total allocation stands at Rs. 416 crores, up from Rs. 310 crores in 2020-21 and Rs. 162 crores in 2019-20.
The Indian Computer Emergency Response Team (CERT-In) is also conducting regular training programs for government officials. During 2020 and 2021 (up to June), CERT-In has trained over 1300 officials. It is also conducting cybersecurity posture and preparedness drills, in which 565 organizations have participated. These organizations belong to important sectors such as Finance, Defence, Power, Telecom, Transport, Energy, Space, etc.
Besides, through self-paced e-learning modules, the Ministry of Electronics and Information Technology has trained around 19,000 officials.
Measures to Prevent Cyber Attacks
The government has also informed Parliament about the measures it is taking to prevent cyber-attacks. It has revealed that CERT-In is sharing early warning threat intelligence alerts with over 700 organizations across sectors to enable active threat prevention. The NCIIPC is also providing real-time threat intelligence to protect critical information infrastructure.
It has also empanelled 58 security auditing organisations to support and audit the implementation of Information Security Best Practices.
The National Informatics Centre (NIC) has a 24X7 Security Monitoring Centre, which detects and responds to security incidents related to the NIC infrastructure and data centres.