National Cyber Security Policy, 2013
Vision
To build a secure and resilient cyberspace for citizens, businesses and Government
Mission
To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
Objectives
- To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
- To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
- To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective, response and recovery actions.
- To enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices related to the design, acquisition, development, use and operation of information resources.
- To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training.
- To provide fiscal benefits to businesses for adoption of standard security practices and processes.
- To develop effective public private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.
- To enhance global cooperation by promoting shared understanding and leveraging relationships for furthering the cause of security of cyberspace.
Strategies
Creating a Secure Cyber Ecosystem:
1. National Nodal Agency:
- Designate a national nodal agency for cyber security coordination.
2. CISO Appointments:
- Encourage organizations to appoint Chief Information Security Officers (CISOs).
3. Information Security Policies:
- Develop and implement integrated information security policies.
- Include standards for secure information flow, crisis management, and proactive security assessments.
4. Budget Allocation:
- Allocate specific budgets for cyber security initiatives.
- Provide fiscal schemes and incentives for infrastructure upgrades.
5. Incentives for Prevention:
- Offer incentives for technology development, compliance, and proactive cyber actions.
6. Information Sharing:
- Establish mechanisms for information sharing and incident response.
- Encourage guidelines for trustworthy ICT product procurement.
Creating a Secure Cyber Ecosystem:
1.Global Best Practices:
- Promote adoption of global best practices in information security.
- Create infrastructure for conformity assessment and certification.
2.Risk Management:
- Implement formal risk assessment and management processes.
- Identify and classify information infrastructure for security protection measures.
3. Secure Development:
- Encourage secure application/software development practices..
Encouraging Open Standards:
1. Open Standards Usage:
- Promote the use of open standards for interoperability.
2.Consortium Collaboration:
- Establish a consortium for tested and certified IT products based on open standards.
Strengthening Regulatory Framework:
1. Dynamic Legal Framework:
- Develop and periodically review a legal framework.
- Harmonize with international frameworks to address evolving cyber threats.
Security Threat Management:
1. National Threat Systems:
- Create national systems for cyber threat assessment and information sharing.
- Operate 24×7 National CERT-In for emergency response and crisis management.
2.Sectoral CERTs:
- Operationalize sectoral CERTs for coordinated actions within specific sectors.
- Implement Cyber Crisis Management Plans.
Securing E-Governance:
1. Security Mandates:
- Mandate global security practices for all e-Governance initiatives.
- Encourage PKI for trusted communication.
Critical Information Infrastructure:
1. Protection Plans:
- Develop protection plans for critical information infrastructure.
- Operate 24×7 National Critical Information Infrastructure Protection Centre (NCIIPC).
2. Security Audit Mandates:
- Mandate security audits and certifications for critical infrastructure.
- Emphasize secure application development.
Research & Development:
1. R&D Programs:
- Undertake R&D programs for trustworthy systems and cutting-edge technologies.
- Establish Centers of Excellence.
2. Supply Chain Security:
- Create testing infrastructure for IT security product evaluation.
- Raise awareness of supply chain risks.
Human Resource Development:
1. Education Programs:
- Foster education and training programs for cyber security.
- Establish cyber security training infrastructure.
Cyber Security Awareness
1. National Awareness Program:
- Launch a comprehensive national awareness program on cyber security.
Public-Private Partnerships
1. Collaboration Models:
- Facilitate collaboration among stakeholders through public-private partnerships.
- Create a cyber security policy think tank.
Information Sharing and Cooperation:
1. Global Cooperation:
- Develop bilateral and multi-lateral relationships in cyber security.
- Enhance cooperation among security agencies globally.
Prioritized Implementation
1. Prioritized Approach:
- Adopt a prioritized approach to implement policies, focusing on critical areas first.
