The government of India has put its cyber security initiative on fast track after years of neglect and looming threat of cyber-attacks. Going a step further from the announcement of the Cyber Security Policy a few days ago, on Friday, the ‘Guidelines for Protection of National Critical Information Infrastructure,’ were placed in the public domain.
The first version of the guidelines was released by National Security Adviser to Prime Minister, Shivshankar Menon. The detailed document was prepared by the National Critical Information Infrastructure Protection Centre (NCIIPC) which is to function as a specialised unit under the National Technical Research Organisation (NTRO).
Across the world, critical information infrastructure is broadly defined as including those networks which are interrelated, interconnected and interdependent. In India, the guidelines would initially include information and communications, transportation, energy, finance, technology, law enforcement, security and law enforcement, government, space and sensitive organizations.
India’s new guidelines are an extension of a legislative recognition under the IT Act 2000, which defines critical information infrastructure as “those computer resource and incapacitation or description of which, shall have debilitating impact on national security, economy, public health or safety”.
The guidelines present 40 controls for protection of critical information infrastructure across sectors. These are generic and guiding controls, with each individual sector being left to evolve their own sector-specific controls.
Global standards
Stating that the guidelines were excellent, Mr. Menon emphasised it was the remarkable outcome of successful multi-stakeholder participation, which had been attempted for the first time. “Placing a comprehensive cyber security architecture with clear mandates and responsibilities is both topical and important. I am particularly happy that the guidelines are aligned with global standards since in an interconnected domain, we have no choice but to benchmark our defence and capabilities to the best in the world,” he added.
These guidelines go beyond the statement of intent expressed in the recently announced cyber security policy and have been formulated through a multi-stakeholder Joint Working Group (JWG) consisting of representatives from the government, academia and private sector.
The JWG was chaired by Associate Director of IISc, Bangalore, N. Balakrishnan and included Chairman, FICCI Communication and Digital Economy Committee, Virat Bhatia, former President, NASSCOM, and Chairman, CII National Telecom Committee, Kiran Karnik and Joint Commissioner, Delhi Police, Muktesh Chander, who till recently served as Centre Director, NTRO.
