Cyber Safety for Government

Central and State Governments in India are increasingly transforming infrastructure and public services so that they are digitized and delivered via the internet and other electronic forms. For example, the State of Kerala is currently in the process of becoming a 'digital state' and moving all services from banking, citizen state communications, and everyday transactions to a digital platform. National projects range from shifting corporate transactions to e-format in order to reduce corporate fraud, to establishing one integrated database for governmental information from various departments.

Though the shift to the digital allows governments to be more transparent and efficient while allowing citizens and residents to register for government services, obtain and file government forms, apply for employment, it also allows for further expanded government collection and collation of personally identifiable data. With the increasing use of technology in government-to-citizen interactions it is important to ensure that when e-government projects are implemented, they adopt integrated schemes to maintain adequate privacy safeguards prior to collecting and using data. The Indian government‘s growing practice in collecting, retaining, and managing personal data without adequate privacy protection in place, pose a wide range of privacy concerns such as data mining, profiling, function creep, and inappropriate use of data.

Here are some priority policy action items for the government based on the global developments and learning.

  • Create a National Structure for Cyber Security which clearly defines roles and responsibilities for every stakeholder, establishes coordination & information sharing mechanisms, focuses on building Public Private Partnership models and creates environment for enhancing trust between the industry and government. A fully empowered head for Cyber Security should be appointed, positioned at the highest level within the government.
  • Design and Implement a Competency Framework for building a competent and adequate Cyber Security Workforce. The Competency Framework should assess the security skills requirements, identify existing gaps & challenges, define competency areas across different security roles and devise strategies and programs for building the required capacity.
  • Create and maintain an Inventory of Critical Information Infrastructure in the country to provide the required visibility over the critical information infrastructure and help prioritize deployment and monitoring of the protection measures.
  • Establish a Centre of Excellence for Best Practices in Cyber Security to institutionalize the development, sharing, collation, distribution and implementation of best practices in the country.
  • Establish a National Threat Intelligence Centre which should integrate all the existing information sources such as sectorial CERTs, intelligence bodies, security alerts issued by security vendors, threats seen by critical sectors and industry to enable cross-domain awareness and a comprehensive view of cyber threats at a national level.
  • Build Capacity of the Law Enforcement Agencies in Cyber Crime Investigations and Cyber Forensics by establishing training facilities in every state and union territory.
  • Build Lawful Interception Capabilities for balancing national security and economic growth by establishing a national center for performing research in encryption and cryptanalysis.
  • Establish a Centre of Excellence for Cyber Security Research to develop solutions that will protect country's information infrastructure in the future by defining and executing a research roadmap developed based on country's research needs.
  • Set up Testing Labs for accreditation of ICT products to mitigate security risks arising from procurement of ICT products especially from foreign vendors and yet take full benefits from the global supply chain that includes access to world class products, services and expertise at competitive prices.
  • Establish a Cyber Command within the defense forces to defend the Indian Cyberspace. The Cyber Command should be equipped with defensive and offensive cyber weapons, and manpower trained in cyber warfare. The government should implement the above recommendations in parallel through effective public-private partnerships. The industry should actively support the government in the implementation of these recommendations. Government and industry cannot overcome the cyber security challenge in isolation; the imperative is to work together in a trusted and collaborative environment, leveraging each other's strengths to strengthen the cyber security posture of the country and take lead in global cyber security efforts3

In the information age, Internet is the engine for global economic growth and the cyber security initiatives of any country should not impede it, instead these initiatives should create enablers for growth of the Internet and other technology innovations. The world has to find a way to cooperate so that the cyberspace—the biggest global commons—remains a driver of economic prosperity of nations and a cloud where people from all countries can safely interact and exchange goods and services.