The “National Cyber Security Policy 2013” aimed to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities, and strengthen national security in the digital domain.
What is the National Cyber Security Policy 2013?
The National Cyber Security Policy document outlines a roadmap to create a framework for a comprehensive, collaborative, and collective response to deal with the issue of cyber security at all levels within the country.
The National Cyber Security Policy 2013 aims at:
- (1) facilitating the creation of a secure computing environment
- (2) enabling adequate trust and confidence in electronic transactions and
- (3) guiding stakeholders’ actions for the protection of cyberspace.
The policy had a vision to build a secure and resilient cyberspace environment for citizens, businesses, and government.
The need to protect information
National Cyber Security Policy 2013 should be seen as about protecting information, such as personal information, financial/banking information, sovereign data, etc.
- Information empowers, and to empower people with information, we need to secure the information/data.
- There is a need to distinguish between data that can freely flow and data that needs to be protected.
- The “National Cyber Security Policy” has been prepared in consultation with all relevant stakeholders, user entities, and the public.
- This policy aims to facilitate the creation of a secure computing environment enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for the protection of cyberspace.
- The National Cyber Security Policy document outlines a roadmap to create a framework for a comprehensive, collaborative, and collective response to deal with the issue of cyber security at all levels within the country.
- The policy recognizes the need for objectives and strategies that need to be adopted both at the national level as well as international levels.
The objectives and strategies outlined in the National Cyber Security Policy
- Articulate our concerns, understanding, priorities for action as well as directed efforts.
- Provide confidence and reasonable assurance to all stakeholders in the country (Government, business, industry, and the general public) and the global community, about the safety, resiliency, and security of cyberspace.
- Adopt a suitable posturing that can signal our resolve to make determined efforts to effectively monitor, deter, and deal with cybercrime and cyber attacks.
Salient Features of the National Cyber Security Policy 2013
In brief, the National Cyber Security Policy covers the following aspects:
- A vision and mission statement aimed at building a secure and resilient cyberspace for citizens, businesses, and Government.
- Enabling goals aimed at reducing national vulnerability to cyber attacks, preventing cyber-attacks & cyber crimes, minimizing response & recovery time, and effective cybercrime investigation and prosecution.
- Focused actions at the level of Govt., public-private partnership arrangements, cybersecurity-related technology actions, protection of critical information infrastructure and national alerts and advice mechanism, awareness & capacity building, and promoting information sharing and cooperation.
- Enhancing cooperation and coordination among all the stakeholder entities within the country.
- Objectives and strategies in support of the National Cybersecurity vision and mission.
- Framework and initiatives that can be pursued at the Govt. level, sectoral levels as well as in public-private partnership mode.
- Facilitating monitoring of key trends at the national level such as trends in cyber security compliance, cyber attacks, cybercrime, and cyberinfrastructure growth.
Cyber Security related updates
- A National and sectoral 24X7 mechanism has been envisaged to deal with cyber threats through the National Critical Information Infrastructure Protection Centre (NCIIPC).
- The Computer Emergency Response Team (CERT-In) has been designated to act as a nodal agency for the coordination of crisis management efforts. CERT-In will also act as an umbrella organization for coordination actions and operationalization of sectoral CERTs.
- A mechanism is proposed to be evolved for obtaining strategic information regarding threats to information and communication technology (ICT) infrastructure, creating scenarios of response, resolution, and crisis management through effective predictive, prevention, response, and recovery action.
The policy emphasized the need for coordination among various stakeholders, including government agencies, private sector organizations, and academia, to effectively address cybersecurity challenges.
It highlighted the importance of capacity building in terms of cybersecurity skills, knowledge, and expertise.
The policy called for the establishment of a National Critical Information Infrastructure Protection Center (NCIIPC) to handle and respond to cybersecurity incidents and threats.
It emphasized the importance of public awareness and education about cybersecurity issues.