On July 2, the government of India released the National Cyber Security Policy 2013. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, and government and nongovernment entities. The policy aims to serve as an umbrella framework for defining and guiding the actions related to the security of cyberspace. The policy has been much delayed but has now been released amid reports of snooping by the US globally — and ever-increasing threats to India as a country.
The policy defines 14 diverse objectives that provide an overview of the government’s approach to the protection of cyberspace in the country. A few objectives that will have a positive impact on S&R professionals in India caught my attention:
- The appointment of chief information security officer (CISO). Organizations may or may not have a designated person responsible for cybersecurity initiatives today. With the release of National Cyber Security Policy 2013, organizations will be mandated to appoint a person in a senior management role as CISO.
- A strong security workforce. The government plans to create a strong workforce of 500,000 security professionals in the next five years through skill development and training programs. This will mean more opportunities to enhance skills and more job opportunities for S&R professionals.
- Fiscal benefits. The government will provide fiscal benefits to businesses adopting standard security practices. This objective will attract the senior management within organizations. They will be more supportive to the security department and its initiatives.
- An enforced security budget. The policy mandates all organizations to earmark a specific budget each year for security initiatives. This will come as a relief to S&R professionals, who tend to struggle with ever-tightening security budgets.
The formulation of such a policy is a commendable first step initiated by the government of India. However, the policy fails to match up with its international counterparts on several parameters, such as:
- Improved international cooperation. International co-operation and the need for better alliances and partnerships with like-minded countries or allies, including facilitating capacity building of less developed countries are shared as key objectives by most strategies.
- Respect for fundamental values. All strategies place a strong emphasis on the need for cybersecurity policy to respect fundamental values, which generally include privacy, freedom of speech, and the free flow of information.
India is likely to face many more cybersecurity challenges over the coming decades as the mobile Internet begins to pervade a greater proportion of the population. These policy developments will likely be one of many improvements and refinements to be made which will directly impact S&R professionals. It’s these effects that I intend to research over the coming year.
What are the specific challenges you think India will face? What do you feel you will need to know more about to become more effective in the S&R role in India? Let me know your thoughts and we’ll develop our research efforts around what is likely to be most useful to you.