What are the Institutional arrangements in India related to cybersecurity?
Over the past two decades, India has made a significant effort for providing cyber security, some of them are
-
Cyber security is given high priority by including cyber portfolios in PMO (Prime Minister’s Office).
-
The NSA chairs the National Information Board, the apex body for cross-ministry coordination on cybersecurity policymaking.
-
Establishment of National Critical Information Infrastructure Protection Centre under the NTRO. It protects critical information infrastructure,
-
In 2015, the Prime Minister established the office of the National Cyber Security Coordinator. It advises the Prime Minister on strategic cybersecurity issues.
-
Computer Emergency Response Team (CERT-In), is the nodal agency. It responds to various cybersecurity threats to non-critical infrastructure.
-
The Ministry of Defence has recently upgraded the Defence Information Assurance and Research Agency. It aims to establish the Defence Cyber Agency, a tri-service command of the Indian armed forces to coordinate and control joint cyber operations and craft India’s cyber doctrine.
-
Ministry of Home Affairs oversees “coordination centres”. It focuses on law enforcement efforts to address cybercrime, espionage and terrorism.
-
Ministry of External Affairs coordinates India’s cyber diplomacy with other countries and at international fora like the United Nations.
What are the issues in India’s cybersecurity framework?
-
Institutional framework for cybersecurity has the following concerns.
-
Lack of effective coordination.
-
Overlapping responsibilities
-
Lack of clear institutional boundaries and accountability.
-
-
India is yet to prepare a Cyber doctrine that defines the limits for offensive cyber operations, or the scope of countermeasures against cyber-attacks.
What is the way forward?
-
A clear-cut cyber doctrine similar to Nuclear doctrine is needed for protecting cyber spaces. For example, the ‘No First Use’ nuclear posture was critical in preventing a nuclear war despite rising tensions. The absence of a credible cyber deterrence strategy allows states and non-state actors to conduct cyberattacks on critical information infrastructure.
-
India should push for the debate on global governance architecture regarding Cyber space in international fora based on India’s strategic interests and capabilities. It should also push for making binding rules that makes cyberspace-attacks on critical infrastructure illegitimate. (health-care systems, electricity grids, water supply, and financial systems)
-
Need for improved coordination between the government and the private sector at the national and State levels. It will effectively counter threats from both state actors and their proxies.
-
Need to publish cyber-attack information in Public domain for enabling meaningful public discussions on future Cyber policies.