In an effort to stop the rising cyber attacks, the government has released the National Cyber Security Policy 2013 to safeguard both physical and business assets of the country.
" The new policy is a framework document and it gives you a broad outline of what our vision is...the real task or the challenge is the operationally of this policy," said Minister of Communications and IT Kapil Sibal..
Sibal said the critical infrastructure such as air defence system, power infrastructure, nuclear plants, telecommunications system have to be protected otherwise it may create economic instability.
"Air defence system, power infrastructure, nuclear plants, telecommunications system will all have to be protected to ensure there is no disruption of the kind that will destabilise the economy...instability in cyber space means economic instability no nation can afford economic instability, therefore it is essential not just to have a policy but to operationalise it," Sibal said.
The new cyber policy has come at a time when there is more possibility of attacks from state and non-state actors, corporates and terrorists through internet as it has no geographical barriers and is anonymous in nature.
Sibal added it will not be able to point out to a particular country to say the source of the attack because it will difficult in the cyberspace to figure it out.
"In the ultimate analysis, we have to develop global standards because there is no way that we can have a policy within the context of India which is not connected with the rest of the world because information knows no territorial boundaries. We don't know who attack our systems, so we have to ourselves secure our systems," Sibal added.
In order to create a secure cyber ecosystem, the policy plans to set up a national nodal agency to coordinate all matters related to cyber security in the country with clearly defined roles and responsibilities.
It plans to establish a mechanism for sharing information, identifying and responding to cyber security incidents and for cooperation in restoration efforts. The policy lays out 14 objectives which include creation of a cyber ecosystem in the country, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation.
It also plans "to create a workforce of 5,00,000 professionals skilled in cyber security in the next five years through capacity building, skill development and training".
Elaborating more on the objectives, Sibal said, "National and sectoral level 24x7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective, predictive, preventive, proactive response and recovery actions."
The policy also identifies eight strategies to create a secure cyber ecosystem which include a designated national nodal agency to coordinate all matters related to cyber security.
It calls for developing a dynamic legal framework and its periodic review to address the cyber security challenges arising out of technological developments in cyber space.
The policy plans to operate a 24X7 national level computer emergency response team (CERT-In) to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.
"CERT-In will function as an umbrella organisation in enabling creation and operationalisation of sectoral CERTs as well as facilitating communication and coordination actions in dealing with cyber crisis situations," the policy said.