Review of India's 2013 National Cyber Security Policy
1. Review of
National
Cyber
Security
Policy 2013 By
Chintan T. Pathak
LL.M,PGDIT,PGDTM,B.Com,DCL
Research Scholar
At
Veer Narmad South Gujarat
University
1
Review of National Cyber Security
Policy 2013 Chintan T. Pathak
2. The Internet has become the first
computing platform:
Standalone apps ---Web Based ---Cloud Computing
Some most frequently used Computer Applications:
Emailing, Texting
Gaming
Search Engines
Amazon, ebay
Word Processors
Wikipedia, Google maps
Drop Box, Google Drive, Sky drive
Web Browsers
Review of National Cyber Security Policy 2013
Chintan T. Pathak
2
3. How Much Data are on the Internet?
The big four online storage & service companies
(Google, Microsoft, Amazon & facebook) have got
1200 petabytes( or 1.2 million terabytes)
(http://sceincefocus.com/qa/how-many-terabytes-
data-are-internet)
Facebook process more than 500TB of data daily
(http://news.cnet.com/)
Review of National Cyber Security Policy 2013
Chintan T. Pathak
3
4. Why Cyber Security is an issue?
New Technology may bring new vulnerabilities
Large data on Internet (1.2 million terabytes)
Evolving tactics by attackers
Automation has made attackers more profitable
Attack techniques propagation is now more rapid &
easier.
Action at a distance is now possible
Wireless networking
Mobile computing
Review of National Cyber Security Policy 2013
Chintan T. Pathak
4
5. What is cyber security?
Cyber security standards are security standards which enable
organizations to practice safe security techniques to
minimize the number of successful cyber security attacks.
Cyber security refers to the technologies and processes
designed to protect computers, networks and data from
unauthorized access, vulnerabilities and attacks delivered via
the Internet by cyber criminals.
Though, cyber security is important for network, data and
application security.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
5
6. What is…?
Communication security-protecting organization
communication media , technology , and content.
Network security-is the protection of networking
components, connection and content.
Information security-protection of information and its
critical elements , including the systems and hardware
that use , store or transmit that information.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
6
7. Cyber Security – India Perspective
Review of National Cyber Security Policy
2013 Chintan T. Pathak
7
8. Cyber Security – India Perspective
Spam in India:
Spam originating in India accounted for one
percent of all spam originating in the top 25 spam
producing countries making India the eighteenth
ranked country worldwide for originating spam.
A high percentage of email originating in India
constituted spam. Of the messages originating in
India 76 percent were considered spam.
(www.cert-india.com)4
Review of National Cyber Security Policy 2013
Chintan T. Pathak
8
9. Cyber Security – India Perspective
Threats to Confidential Information
Review of National Cyber Security Policy 2013
Chintan T. Pathak
9
10. Cyber Security – Global Trend
Review of National Cyber Security Policy 2013
Chintan T. Pathak
Recent studies reveal three major findings:
Growing threat to national security - web espionage becomes increasingly
advanced, moving from curiosity to well-funded and well-organized operations
aimed at not only financial, but also political or technical gain
Increasing threat to online services – affecting individuals and industry
because of growth of sophistication of attack techniques
Emergence of a sophisticated market for software flaws – that can be used to
carry out espionage and attacks on Govt. and Critical information
infrastructure. Findings indicate a blurred line between legal and illegal sales
of software vulnerabilities.
10
11. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Review of National Cyber Security Policy 2013 Chintan
T. Pathak
Preamble:
“..This policy, therefore, aims to create a cyber security framework,
which leads to specific actions and programmes to enhance the security
posture of country’s cyberspace..”
Vision:
Build a secure & resilient cyberspace for Citizen, Business &
Government.
11
12. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Review of National Cyber Security Policy 2013
Chintan T. Pathak
Mission:
1. To Protect information & information infrastructure
2. Build capability to:
- Prevent and Respond to Cyber threats.
3. Reduce vulnerability
4. Minimise damage from cyber incidents through – Institutional
Structure, People,
5. Process & Technology.
12
13. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Key Highlights of the Policy:
Policy aims at creating a national level nodal agency that will co-
ordinate all matters related to cyber security in the country.
It will encourage organizations to develop their own security policies
as per international best practices.
The policy will ensure that all organizations earmark a specific budget
to implement their security policies and initiatives.
Policy plans to offer various schemes and incentives to ensure that
proactive actions are taken for security compliance.
To create an assurance framework, policy will create conformity
assessment and certification of compliance to cyber security best
practices, standards and guidelines.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
13
14. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Key Highlights of the Policy:
Policy aims at encouraging open standards that facilitate
interoperability and data exchange among different IT products and
services.
A legal framework will be created to address cyber security challenges
arising out of technological developments in cyber space.
The policy also plans to enforce a periodic audit and evaluation of
adequacy and effectiveness of security of Information infrastructure in
India.
The policy will create mechanisms to get early warnings in case of
security threats, vulnerability management and response to the
security threats thereof
Review of National Cyber Security Policy 2013
Chintan T. Pathak
14
15. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Key Highlights of the Policy:
A 24X7 operational national level computer emergency response team
(CERT-in) will function as an umbrella organization that will handle all
communication and coordination in deal with cyber crisis situations.
To secure e-governance services, policy will take various steps like
encouraging wider usage of Public Key Infrastructure (PKI) standards in
communications and engagement of expert security professionals /
organizations to assist in e-governance.
The policy will encourage and mandate use of tested, validated and
certified IT products in all sensitive security areas
The policy also plans to undertake and invest in various R&D programs in
area of national cyber security
Review of National Cyber Security Policy 2013
Chintan T. Pathak
15
16. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Issues not to be addressed satisfactory in Policy:
Cloud Computing
Citizen Privacy
Governance of Social Media
Policy is silent for data collection, handling ,storage and transmission
methods
Policy is also silent about how it balancing citizen liberty and security
of nation.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
16
17. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Conclusion:
The key to success of this policy lies in its effective implementation.
The much talked about public-private partnership in this policy, if
implemented in true spirit, will go a long way in creating solutions to
the ever-changing threat landscape.
Indigenous development of cyber security solutions as enumerated in
the policy is laudable but these solutions may not completely tide over
the supply chain risks and would also require building testing
infrastructure and facilities of global standards for evaluation.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
17
18. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Conclusion:
The provisions to take care security risks emanating due to use of new
technologies e.g. Cloud Computing, has not been addressed.
Another area which is left untouched by this policy is tackling the
risks arising due to increased use of social networking sites by
criminals and anti-national elements.
There is also a need to incorporate cyber crime tracking, cyber
forensic capacity building and creation of a platform for sharing and
analysis of information between public and private sectors on
continuous basis.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
18
19. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Suggestions:
Social economic political and technological background should be
taken into account while finalizing this policy.
As India is a developing country hence it should be considered not in
continuum with developed world while finalization of this policy.
Short and long term consistent realistic objectives should be there in
the policy.
Fundamental root issues should be addressed in order to be able to
sustain secondary issues.
Policy should consider available resources and their budgeting to
support the short and long term objective.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
19
20. National Cyber Security Policy 2013
Need of Today & Necessity for Tomorrow
Suggestions:
Policy should not be static in nature. So as to be tuned to the changing
needs. There must be a provision for a constant review in order to
improve the policy and remove the impediments if any.
Review of National Cyber Security Policy 2013
Chintan T. Pathak
20
21. Thank You
“ In Security matters, there is nothing like
absolute Security”
Review of National Cyber Security Policy 2013
Chintan T. Pathak
21