- 9 killed, over 40 injured as Bengaluru-Ernakulam Express train derails near Hosur
- SC says allegations grave, but grants relief to Teesta Setalvad in cheating case
- All you need to know about AAP's WiFi Delhi promise
- 19 killed as militants storm Shia mosque in Pakistan
- Modi’s cricket diplomacy: Renewing political contact with Pakistan
The National Cyber Security Policy is a much awaited blueprint. The devil is in the trade-off
Against the backdrop of continuing revelations on the US National Security Agency's mammoth electronic surveillance and data-mining programme, the Centre has released the National Cyber Security Policy, 2013 (NCSP). The policy is an attempt to create a cyber security framework that will shore up India's offensive and defensive capabilities in cyberspace. With the increasing international focus on cyberspace as a vulnerable strategic space that needs to be secured against attacks from a variety of external state and non-state actors, as well as on the opportunity it accords to nations to conduct similar operations of their own, there is little doubt that India needs to address cyber security on a national level. The NCSP offers a starting point, especially as it conceives of securing cyberspace as a more broad-based task than the admittedly important job of protecting critical infrastructure, like power grids and nuclear plants.
Still, the NCSP reads like a collection of lofty goals with inadequate clarity on how any of them is to be achieved. Details are scarce. For instance, while the policy calls for the creation of several agencies, including a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC), to be housed under the beleaguered NTRO, it fails to outline their operational structure. The NCIIPC is to be the nodal agency to protect critical infrastructure, while another 24x7 agency, CERT-In, is to coordinate all emergency response and crisis management. The policy fails to outline the ways in which the objectives of these agencies are different, or even lay out protocols to establish inter-agency chains of command. Similarly, the NCSP says it will create a workforce of five lakh cyber security professionals in five years, but vague hints at "capacity-building" and "skill development" to achieve that goal do not inspire confidence, given that the IT industry has, for years, struggled to find employable labour.