Even as analysts welcomed the National Cyber Security Policy 2013, unveiled by the Minister of Communications and IT Kapil Sibal this week, stating that it will provide a roadmap for a secure computing framework in the country; a few experts believe it needs to be more detailed.
“The policy is an important step in creating a unified framework for operationalising India's response to cyber threats. Through the creation of a nodal agency, the policy is expected to play a significant role in orchestrating our response to these threats more effectively and efficiently. It brings focus to training, capacity building, fiscal incentives and creation of necessary legal support for cyber security management,” PwC India Executive Director Sivarama Krishnan said.
India as a country is vulnerable to cyber crime. As per the National Crime Record Bureau, the number of reported incidences of cyber crimes has grown manifold from 288 in 2008 to 2,761 in 2012. Another report by Norton states that 42 million Indians were victims of cybercrime last year.
“This policy shows government's visionary approach towards cyber security in adopting a multi-stakeholder engagement model to create a secure cyber ecosystem in India; working across government agencies and collaborating with industry, both domestic and foreign,” Anand Naik Managing Director, Sales – India & SAARC, Symantec said.
Echoing similar views, Jagdish Mahapatra, Managing Director, McAfee India & SAARC said the policy will provide a roadmap for strengthening cyber security and a secure a computing framework that will inspire consumer confidence for electronic transactions. “At a macro level, the policy will facilitate cyber security intelligence that will form an integral component to anticipate attacks and quickly adopt counter measures,” he added.
Experts said while the policy is an important first step, the key to its success will lie in effective implementation and providing the enabling environment for its sustenance. “There are several other aspects that need to be ironed out in due course of time. These include coordination between international agencies, standards for cyber security management, governance of private initiatives in the domain etc. The cyber world, at its very construct, is not given to easy policing. Pre-emption thus becomes the most important bulwark be it for businesses, individuals and governments,” Mr. Krishnan said.
The policy also pitches for public-private partnership for enhancing the security of cyberspace. Experts believe that private players in India, considered to be the technology backbone for the world, will play a critical role in creating solutions to meet the ever-changing cyber threat landscape.
“Private players are expected to contribute through employee education and awareness on cyber security, installing effective technology controls on devices at their premises and with their employees, establish technology interventions for prevention, detection and solution for cyber threats etc,” Mr. Krishnan said.
On the other hand, leading cyber security lawyer Pavan Duggal finds the government’s lacking, saying it does not provide with any definite action plans to deal with the cyber crime.
“I think the government needs to be complimented for the initiative. But it’s a bit too late. This should have been in place soon after the 26/11 Mumbai terror attack case. Also, while the objective is noble, policy seems to be a little vague. It is like a compilation of a number of ideas, not accompanied with any action plans. It seems to be incomplete. A lot still needs to be done,” he said.