Delay by Central and State government agencies in appointing Chief Information Security Officers is hampering government’s efforts to come up with an elaborate cyber security plan
Alarmed by the delay on the part of various Central ministries, departments and State governments in formulating crisis management plans (CMPs) for “countering cyber attacks and cyber terrorism,” the Cabinet Secretariat has shot off a letter, asking them to take “urgent time-bound action” in the matter. This is the third such letter in as many months that the Cabinet Secretariat has despatched.
“Detailed Cyber Security Plan along with name of Chief Information Security Officer has not been received in this Secretariat … All Ministries/Departments/State Governments/ UT Administrations are … once again requested that present status of appointment of Chief Information Security Officer [if not yet appointed] and preparation of their Cyber Security Plans may be furnished to this Secretariat on priority basis,” said the letter, issued late last month.
The letter talks about the recently prepared National Cyber Security Policy 2013 “for facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for protection of cyber space,” and asks all ministries and States to come up with their CMPs attuned to the policy.
“The policy talks about preparing sectoral and organisational CMPs separately. In the sectoral CMP, it is mandated to set up a ‘sectoral crisis management committee’ on the lines of National Crisis Management Committee along with a 24X7 control room to monitor crisis situation, besides designating a member of senior management as ‘Chief Information Security Officer.’ Similarly, the organisational CMP comprise a ‘Crisis Management Group’ with the head of the organisation as its leader besides preparing a detailed security plan and implementation of security control measures, among others,” said a senior government official.