National Security Advisor Shivshankar Menon on Monday opened up the national security regime to the private sector, with the launch of a cyber security report titled ‘Recommendations of Joint Working Group on Engagement With Private Sector On Cyber Security’. The Hindu was the first to report that such an initiative would be launched this week.
“The enormous potential for damage has made cyber security a major concern. There is no question that both the government and private sector need each other. The unique nature of this collaboration is because of the unique nature of the domain, and we need to develop the habit of working together that hasn’t existed in the past,” Mr. Menon said.
Referring to the recent spate of riots in Uttar Pradesh, Assam and Mumbai, Mr. Menon said, “We have seen the misuse of social media to affect communal harmony. The important thing is to create a virtuous circle of security while maintaining our democratic rights of freedom of speech and privacy.”
Deputy NSA Vijay Latha Reddy, who is credited with leading the initiative from its conception, only a few months ago in July, said, “The primary objective of creating a permanent mechanism for public-private partnership (PPP) in the area of cyber security is to eventually establish India as the global hub for cyber security services, products and manpower.”
According to Special Secretary, Ministry of External Affairs (MEA), Asoke Mukerji, the MEA could provide meaningful support as the international dimensions of securing what is a large global commons is self evident. “India has initiated dialogue with the U.S., the U.K., Japan, Russia and the EU to develop norms to reduce critical risks,” he said.
Secretary, Department of Electronics and IT (DeitY), J. Satyanarayana, complimenting Ms. Reddy’s leadership in releasing a fast and comprehensive road map for PPP in cyber security, said, “India requires a mind boggling five lakh professionals to protect cyber space, but available talent is just a fraction of this, necessitating a rapid scale-up of capacities.”
Chairman, Communications and Digital Economy Committee of FICCI, Virat Bhatia, said, “Cyber security needs an integrated effort from the government, industry and civil society. By its very nature, cyber threats could arise from international locations including from non-state actors, which makes international cooperation at a multi-stakeholder level a prerequisite.”
Chairman of the National Committee on Telecom & Broadband of CII Kiran Karnik emphasised on the “exceptional interest and understanding of the cyber security challenge, which would come to fruition through the joint working arrangement.”
According to the cyber security report, collaboration is invited across four issues: the setting up of a permanent JWG under the aegis of the National Security Council Secretariat (NSCS), with representatives from government and private sector; a permanent advisory committee called ‘Joint Committee on International Cooperation and Advocacy to promote India’s national interests at various international fora; and Information Sharing & Analysis Centres in various sectors to cooperate with Computer Emergency Response Teams at the operational level. The composition of these working groups will be finalised in consultation with industry associations.
Capacity building
Capacity building was identified as a major thrust area. A critical shortage of cyber security professionals needs to be tackled in “mission” mode, through a PPP initiative, the report says. Capacity building will require collaboration between the Ministry of Communications & IT (MCIT) and the Ministry of Human Resource Development. The Ministry of Home Affairs and the MCIT will set up training facilities for law enforcement agencies in cybercrime investigation and cyber forensics. It will also undertake cyber security awareness campaigns.
The group will look at developing security standards and audits, particularly by defining baseline security in critical sectors. It will define enhanced standards and guidelines for groups that fall in a high risk category, such as those which fall in critical information infrastructure. It will also lay down security standards and guidelines for acquisition of IT products and services, and work on establishing an institute of cyber security professionals. There is a move to make cyber security audit mandatory through appropriate amendments in the listing requirements under the Companies Act.
Lastly, testing and certification will be undertaken by specific National Testing and Certification Schemes under the supervision and oversight of appropriate empowered entities under the MCIT. An independent government certification body for IT products under the MCIT is already under way. The group will also consider the setting up of privately-owned testing laboratories and the government may provide necessary incentives for the private sector to open testing labs.
In the short term, four pilot projects — the setting up of a pilot testing laboratory, conducting a test audit, studying the vulnerabilities in a sample of Critical Information Infrastructure, and the establishment of a multidisciplinary Centre of Excellence — have been identified.
Other speakers at the launch function included former Nasscom chairman Rajendra Pawar, FICCI Secretary General Rajiv Kumar and Data Security Council of India CEO Kamlesh Bajaj.
