India's NCSS: To prevent further Cyber Attacks, Centre prepares National Cyber Security Strategy

NCSS is currently with the Union Cabinet, The strategy aims to ensure cyber awareness, safety through tight cyber audits, preventive measures, action during cyberattacks, protection of sensitive information, and remedial measures.

By Harkirpal Singh, Updated : Mar 04, 2021 12:59 IST
India's NCSS: To prevent further Cyber Attacks, Centre prepares National Cyber Security Strategy
India develops NCSS to counter Cyber attacks

According to defense sources, The Centre is preparing a National Cyber Security Strategy (NCSS) amidst reports of Chinese involvement in a cyber attack that resulted in a blackout in Mumbai last year and one in Telangana that was narrowly averted.

The NCSS case, currently with the Union Cabinet,  aims to ensure cyber awareness, safety through cyber audits, preventive measures, action during cyberattacks, and remedial measures.

The NCSS aims to plug loopholes in cyber laws, last updated in 2008. The NCSS aims to improve cyber awareness and cybersecurity through more strict audits. Impanelled cyber auditors will look more carefully at the security features of organizations that are legally necessary now.

Also Read-  Possible Bomb Threat at Taj Mahal in Agra, tourists asked to evacuate the monument

There will be table-top cyber crisis management exercises regularly to reinforce the idea that such cyber attacks can take place regularly. 

The NCSS will outline what has to be done while a cyber attack is going on. There is a clear recommendation about digital forensics, the need to collect digital evidence, and how to do it. The “chain of custody” will also be outlined. 

The NCSS looks at remedies. This involves taking the malware out of the system, after finding it and going ahead with the most difficult task: finding out the origin of the cyber attack. Identification of the ‘cyber kill chain’ is most difficult as attackers go through four or five hops and only the last IP address is easily identifiable. 

There will be references to PDP or personal data privacy. At present, Parliament is working on a PDP Bill. There is a need for an apex body to ensure operational coordination amongst various agencies and ministries.

At this point, there is the Computer Emergency Response Team or CERT, but the home ministry looks at cybercrime, the external affairs ministry looks after cyber diplomacy and there is a defence cyber agency, headed by a naval officer, a rear admiral.

Should Read- After Dual Cyber-Attacks from China, India seems to be in dire need of robust Cyber defense strategy

The apex body will ensure coordination: in most cases, all over the world, it comes under the prime minister or the national security adviser. 

The NCSS is necessary, highly placed government sources said, as the cyber situation is vastly different from 2013 when the policy was unveiled. Threats of cyber attacks have increased and issues like cryptocurrency, ransomware, and artificial intelligence barely existed then. 

The 2013 policy did not look at an action plan. Nor did consider funding, a crucial issue. This is why there have been crucial failings. For instance, the 2013 policy speaks of having 500,000 cyber skilled personnel by 2018. There are at best just over 100,000 today. The quality of the personnel is variable. 

📣 Follow at Twitter, Facebook, Instagram & Telegram. Stay updated for latest headlines.