India has emerged as a significant player in cybersecurity, with numerous startups gaining international recognition. However, the country is facing a growing challenge due to the increasing number of cyber attacks and data breaches.
Indian Prime Minister Narendra Modi has announced a plan to to convene a cybersecurity gathering with the goal of enhancing India’s cybersecurity posture for critical information infrastructure protection.
How big is the risk critical information infrastructure in India faces? What is the role of cybersecurity institutions like CERT-In? What are the government’s initiatives to strengthen cybersecurity in the country?
What is critical information infrastructure?
Critical information infrastructure or CII is a comprehensive sector encompassing security, network, and humans — playing a crucial part in facilitating the digital infrastructure in the country.
Apart from being an important part of the country’s day-to-day operations, the critical information infrastructure also includes complex technological frameworks and interdependent mechanisms that boast India’s telecommunications, energy, transportation, finance, and various government entities.
The Information Technology Act of 2000 explains India’s critical information infrastructure as “a computer resource, the incapacitation or destruction of which shall have a debilitating impact on national security, economy, public health or safety.”
Moreover, under the IT Act of 2000, the government possesses powers to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
“Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years”, reads Section 70 of the IT Act.
To explain it in more simpler terms, India’s critical information infrastructure is the key pillar in the country’s sustainability against cyber attacks and online fraud.
Serving as the country’s backbone, the critical information infrastructure ecosystem and the Indian government has been working towards providing safety to public data and mitigation strategies to fight the ongoing cyber war.
Critical infrastructure security in India
The use of critical infrastructure security has increased in recent years in India. The country faces multiple cyber attacks at regular intervals. According to a report by Symantec Corp, the country ranks among the top five nations affected by cybercrime.
Moreover, despite having a digitally progressive government and a thriving IT-enabled service sector, India lags in critical infrastructure, national digital economy adoption, and cybersecurity regulations.
However, several security agencies work tirelessly, boasting India’s cybersecurity posture. Among these agencies, Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC) are at the forefront of protecting critical infrastructure security in India.
While CERT-In builds guidelines and reports cybersecurity incidents, NCIIPC is responsible for safeguarding critical information infrastructure across various sectors, such as power, banking, transportation, and communication.
PM Modi to review cybersecurity issues in India
The Prime Minister of India, Narendra Modi, has been actively involved with India’s IT and security sectors. PM Modi recognizes the urgency of addressing cybersecurity concerns and intends to hold a high-level meeting to tackle this issue.
The gathering will primarily focus on enhancing India’s cybersecurity defenses against cyber attacks, particularly from neighboring countries; with India ranking third globally for the highest number of internet users, robust cybersecurity measures are the need of the hour.
Last year, The Economic Times reported on Prime Minister Narendra Modi’s take on the cybersecurity sector. On February 25, 2022, Modi explained the issues regarding the cyber security sector and how it connects with national security.
“India’s IT sector is our great strength. The more we use this power in our defense sector, the more confident we will be in our security. For example, cyber security is no longer limited to the digital world. It has become a national security matter, ” Prime Minister Narendra Modi said on Twitter.
Role of cybersecurity institutions and government
The Computer Emergency Response Team (CERT-In) is crucial in ensuring cybersecurity in India.
Established in 2004 under the Ministry of Electronics and Information Technology, CERT-In is an early warning system for vulnerabilities, data breaches, and cyber-attacks.
It collects and analyzes information from various sources, including international CERTs, security researchers, and organizations, and disseminates it to relevant stakeholders. CERT-In also coordinates incident response efforts, assisting affected organizations in recovering from cyber attacks.
Recognizing the importance of cybersecurity, the Indian government is taking significant steps to enhance the nation’s cyber defenses. CERT-In recently released new guidelines mandating timely reporting of cybersecurity incidents and maintaining logs for a specified period.
The government is also finalizing the National Cyber Security Strategy 2023, which supersedes the 2013 policy, reported Organizer.
The strategy will provide structured guidance on cybersecurity to leverage better cybersecurity measures, boasting India’s critical information infrastructure.