A draft of the much needed National Cyber Security Policy has finally been released by the Ministry of IT / CERT-In, for public comments.
- Creation of a national level nodal agency on cyber security under CERT-in and sectoral CERT-ins for key sectors
- A national cyber alert system for early warning and response
- Local incident response teams at key locations, to liaison with expert teams with CERT-in for resolution
- Creation of a Chief Info-security Officer post in all government and key sectoral organizations
- Open standards to be encouraged and a govt-private sector consortium to be created to promote these
- School/college training program on cyber security to be instituted
My view: Great start. Good coverage in areas at least. A much needed start too - IT and offshoring-focused industries should be pleased. This is something that goes against India in a lot of global sourcing evaluations.
A few things missing too: Privacy has just a single passing mention. But any cyber security policy that requires public and corporate participation must address privacy over use of shared / collected data. Check out the US policy review. But then, privacy and civil liberties have rarely been a key element in Indian law.
A second lacuna is that it doesn't prioritize initiatives. The policy indicates over 10 major initiatives without any priorities or timelines. With so many different stakeholders involved in policy implementation, it is quite easy for the policy to remain largely in text. But then, this is common of most Indian policy. Again, this is an early draft, so hope things change.
Overall, a timely and much needed start.
Just in case, public comments can be sent to CENT-In/MIT at (grai AT mit.gov.in) till 15-May '11.