The central government recently unveiled the National Cyber Security Policy (NCSP) 2013 that aims at building a secure and resilient cyberspace for citizens, businesses and the government. The biggest highlight in this policy is creation of a 24x7 National Critical Information Infrastructure Protection Center - NCIIPC, Cyber Workforce of 500,000 in the next 5 years, regulatory framework, promotion of R&D in security and increased public private partnership.
However, the key to the success of this policy would be on how it is mandated, operationalized, regulated, enforced and complied with.
Although framework for national cyber security has been due for some time now and the new policy has come at a time when countries and organizations are finding it difficult to tackle cyber threats. We are already in an era where instances of cyber wars are waged against countries and brands and this will continue to happen. This happens in a very organized manner and sometimes funded by countries itself.
In the view of security vendors, this policy provides a great opportunity to them. The policy speaks about promotion of R&D in security and increased public private partnership. As a result, a huge amount of projects are expected to come to the security vendors. Since this policy is a big step forward, it will require huge amount of expertise and understanding.
Speaking on the formation of this new policy, Pankaj Jain, director at ESET India said, "The amended NCSP 2013 is a big step forward. This cyber policy was necessary in the response of possible attacks from state and non-state actors, corporates and terrorists as the Internet world has no geographical barriers and is humongously vast."
Â
Agreeing to Jain, Anand Naik, MD, sales, India and Saarc, Symantec said, "The policy shows the Government's visionary approach towards Cyber security in adopting a multi-stakeholder engagement model to create a secure cyber ecosystem in India; working across Government agencies and collaborating with industry, both domestic and foreign. Cyber security requires a multi-disciplinary approach, adopting best of breed technology, and global best practices to build a multi-layered defense. Symantec has worked closely with Governments all over the world in a variety of public-private partnerships and looks forward to collaborating with GOI to protect India's information and critical infrastructure."
In the word of Sunil Sharma, VP Sales and Operations - India&SAARC, Cyberoam pointed out that, "Government of India has taken a noteworthy step with the launch of Cyber Security policy. Not only this will help in bridging the digital divide more effectively but shall also offer much needed security awareness in taking e-governance and IT led development programs with enhanced cyber protection. security vendors must portray proactive readiness to align their offerings and approach in sync with the objectives aimed through this Policy.
Â
As for the opportunity part of it, we see a big picture. This being a comprehensive policy level decision, it has brought in enhanced awareness towards the need for specific cyber security solutions across organizations and individuals. By providing fiscal benefits / schemes / incentives for adoption of standard security practices, we see more and more businesses opting for a safe and secure cyber environment."
Â
Sharing a different perspective, Jagdish Mahapatra, MD, McAfee India and Saarc, added, "It will provide a roadmap for strengthening cyber security and a secure computing framework that will inspire consumer confidence for electronic transactions. At a macro level, the policy will facilitate cyber security intelligence that will form an integral component to anticipate attacks and quickly adopt counter measures. The policy will also provision sufficient checks and balances to regularly determine the health of government systems while encouraging conformity to regulatory compliance and security best practices. On the other hand, as with all governments globally, ensuring the protection of the Indian governments' most critical assets from today's most likely threats is the biggest challenge. In this context, it is reported that the policy also proposes a contingency plan to handle cyberattacks on vital installations and critical infrastructure. This is a positive sign given their inherent economic importance, that make them strong targets for political sabotage, data infiltration and extortion. With the advent of this policy, we look forward to deepening our association with the Indian government in the pursuit of protecting India's mission critical government initiatives."
Pavan Thatha, co-founder and CEO at ArrayShield, mentioned, "Yes, we see a lot of opportunities in the coming years for security software vendors, if proper implementation of the policy is done. The primary challenge would be in implementing these policies successfully. Government should form a regulatory body for cyber security that creates a comprehensive scheme to ensure each organization implements a full time security team to protect them. The organizations should hire a competent CISO who can help them better frame the security policy. With so much assets of organizations exposed outside, having an effective security policy is pertinent."
With hackers getting smarter and smarter, it is high time that the government, organizations and the security vendors work together and come up with customized solutions that can shield against all forms of attacks. And that certainly calls for a coordinated effort.