It's Time For India to Update Its Cybersecurity Policy
India must update its cybersecurity policy to respond to growing threats in cyberspace.

A central part of the Government of India’s development policy is the “Digital India” campaign, aimed at digitally empowering Indian citizens by boosting connectivity, expanding access, and improving electronic delivery of government services. However, as it makes progress on these goals, and as threats in cyberspace continue to grow, India needs to prioritize the security of the personal data of its citizens and update its Cyber Security Policy.

India announced its first ever national-level Cyber Security Policy in 2013, against the backdrop of revelations of NSA surveillance. The policy, which was articulated by the Ministry of Communications and Information Technology, served as “basically a statement of first principles” rather than a comprehensive framework for cybersecurity policy, according to Arun Sukumar, the head of the Cyber Security and Internet Governance Initiative at the Observer Research Foundation. Now, four years after its inception, the government needs a new policy that outlines a specific framework towards implementing broad principles outlined in the 2013 policy.

The Need for A New Policy

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

In the last four years since the announcement of the Cyber Security Policy, India’s cyber landscape has witnessed growing digitization as part of the Government’s Digital India push, as as well as more sophisticated cyber threats, particularly the WannaCrypt and Petya ransomware attacks that hit Indian networks this year. These radical changes necessitate a revision and update to India’s policy on Cyber Security.

Beyond responding to the changing cyber landscape, the government must also proactively address India’s ability to respond effectively to cyber threats by outlining an institutional framework ensure the country’s digital safety. Indeed, cyber policy in the Indian government has multiple stakeholders, ranging from the Ministry of Electronics & Information TechnologyNational Critical Infrastructure Information Protection Center, the Ministry of Home Affairs through its oversight of investigative authorities, and the newly created National Cyber Coordination Centre. Rudra Murthy, the Chief Information Security Officer of Digital India within the Ministry of Home Affairs, argues that because of these multiple stakeholders, “there would be confusion as to whom to approach,” and called for an updated cyber policy to include “an institutional arrangement” to respond effectively to threats.

From Broad Principles to Comprehensive Implementation

The 2013 Policy took a welcome first step in outlining the broad principles of how India can approach cyber security. However, the government of India needs an updated policy to move beyond simply a statement of principles and outline how to operationalize cyber security, from training cybersecurity personnel, to establishing public-private partnerships, and to facilitating civil-military collaboration.

The National Cyber Security Policy broadly outlined a vision for “To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training” in 2013. After nearly four years, the number for such skilled personnel is only 50,000 or 10% according to latest reports. An updated Cyber Security Policy should outline specific guidelines for the training and recruitment of such cyber specialists in a time-bound manner.

Public-private partnerships were a central feature of India’s cyber policy as well. The policy called for the “develop[ment] effective public private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.” However, there has been little development on this space. Industry partners such as the Information Systems Audit and Control Association (ISACA), the National Association of Software and Services Companies (NASSCOM), and the Data Security Council of India (DSCI) have collaborated to address private sector cyber security needs, but these processes have not yet aligned with government efforts. Addressing this gap must be at the heart of the government’s updated policy.

Another area of priority for a new cyber security policy must be fostering greater civil-military cooperation on cyber security. A group of eighty leading defense, strategic and intelligence officials, ranging from former Director of the Intelligence Bureau PC Haldar, former Admiral Arun Prakash, former Chief of the Air Staff PV Naik, and former Foreign Secretary Shyam Saran called upon Prime Minister Modi to “take urgent steps” to improve India’s cyber security standards. In particular, they highlighted the need for “more regular, more formalised interaction” between the civilian and military branches of government. The government’s updated policy must go beyond the vision of greater collaboration outlined in the 2013 policy, and outline the frameworks for such greater collaboration, potentially under the aegis of the newly created National Cyber Coordination Centre operationalized in August 2017.

Given the rapid transformation of the cyber landscape since 2013, as well as the need for a more comprehensive framework for the operationalization of the vision of cyber security policy as laid out by the government, India needs to update its cyber security policy.

Aman Thakker is an Analyst with Protagonist (formerly Monitor 360) and a graduate of the George Washington University’s Elliott School of International Affairs. He writes about Indian foreign and domestic policy.


Source :

Given the complexities of digital financial world, let us put cybersecurity as core focus, for the leaks of data security can jeopardize the credibility and growth of the whole industry. For this reason, Asosiasi FinTech Indonesia fully supports Cyber Security Indonesia 2017 to create top of mind awareness on cybersecurity issue.

Niki Santo Luhur
Chairman - FinTech Indonesia Association

Now the whole industry begins to understand that it's better to prevent than to lose access and control data because of negligence to keep the data secure. Hence, this encourages APTIKNAS to endorse the implementation of Cyber Security Indonesia.

Fanky Christian
Head of DPD DKI - APTIKNAS (Indonesian ICT Business Association)

Indonesia, with its vast wealth of information is in urgent need of preventive and defensive measures against cyber threats. Other than protecting national interest, such measures are also required to protect the interest of its citizens. Actions taken may not be adequate through policies and regulations but through concrete actions involving all components of the nation. Hence LEMSANEG welcomes and endorses Cyber Security Indonesia 2017.

Major General (TNI), Dr Djoko Setiadi, M.Si
The Head of LEMSANEG (State Cryptography Agency)

ATSI (Indonesian Telecommunication Providers Association) supports Cyber Security Indonesia 2017 to encourage concern and awareness of the important needs of cyber protection system to prevent and minimise cyber crime for individuals, communities, governments and also companies in Indonesia.

Sutrisman Raden
Executive Director of ATSI