Setting up of Cyber Surakshit Bharat (CSB) by the Ministry of Electronics and Information Technology (MeitY), in association with National e-Governance Division (NeGD) and industry partners, have been welcomed by the Indian CISOs community. It is the first public-private partnership of its kind and will leverage the expertise of the IT industry in cybersecurity.
To begin with five-six IT companies have come forward for some big role such as Microsoft, Intel, Wipro, Redhat and Dimension Data to bring the best experts to help train and create a capability to deal with the latest cybersecurity challenges. It is targeted at CISOs and technical officials from the central government, state governments and union territories, public sector banks, public sector units and defense forces, defense PSUs and technical arms of the Air Force, Army, and Navy.
With increasing importance of identifying roles of the CIOs and CISOs in both government and private institutions, the government has taken various steps to strengthen the role of CISO as it is possibly a challenging role in any organization. Today, most of the ministries have put CISOs in place in themselves, organizations, various departments, financial sectors, in telecom and many key areas and trying to put in all efforts to equip them, give them the tools, organizational strength to perform their goals better.
MeitY had earlier issued a directive to all central government ministries to appoint a Chief Security Officer (CSO) to ensure cyber safety, in addition to issuing an RFP to all empanelled auditors to conduct a cybersecurity audit for government departments.
Commenting on the launch of Cyber Surakshit Bharat initiative, Deepak Agarwal, General Manager, Indian Oil Corporation says, “It is a good step taken by the GoI in its endeavor of strengthening the cybersecurity posture of the country. It is pertinent now that the key persons responsible for security in any organization/setup, that is the CISOs, be trained and be aligned with the common country goals. The CISO community certainly stands to gain from the initiative. The CISOs are always under pressure from various sections and especially in a moving goal-post environment, it would be really beneficial if they are equipped with the knowledge to handle specialized tasks.”
Anant Maheshwari, President – Microsoft India, says, “CSB is a significant initiative. Security and data privacy is the highest priority for Microsoft. We invest over a billion dollars every year globally in this area. Here in India, we launched our Cyber Security Engagement Center in October 2016 to build local capabilities and are now proud to be part of this important initiative. As part of this initiative, we will bring the best experts to help train and create a capability to deal with the latest cybersecurity challenges.”
Digital is a way of life today and whether is the private sector, public sector or government or general public, there is a huge focus on digital. While one gives impetus to digital, it is important to focus on cybersecurity. “I personally think that the Cyber Surakshit Bharat initiative to strengthen cybersecurity ecosystem in India is really a fantastic one and a very timely move. A really commendable part of this is that it is a public-private partnership where the expertise of government and IT industry in the country will be harnessed to make it a big success. One of the key pillars of cybersecurity is awareness and education.
This program is focused on principles of awareness, education, and enablement is really commendable. CISOs play a pivotal role in the organizations as the center-point of all efforts and it is really nice that the plan is to start with awareness sessions and sharing of best practices with them and then take it further in their organizations. It will help CISOs to enhance their own knowledge and capability and help them strengthen security in their organizations,” highlights Vijay Sethi, CIO, and Head – CSR, Hero MotoCorp.
Areas CSB can equip CISOs
As the digital assets of these large public companies are getting bigger, CISOs would have to be more proactive than reactive. In the case of oil behemoth, IOCL has a vast network – both physical and virtual. Obviously to manage the cybersecurity of this huge setup requires a lot of effort; and in a dynamic environment, the priorities keep on changing with the surroundings.
“We are now focusing on bringing complete visibility of our network on to a common platform – primarily to converge the IT and OT networks at a central point to enable us to ensure better security management of both the networks. Also, we are focusing on targeted attacks and are equipping our endpoint and gateways to detect and respond to any such attacks,” informs Aggarwal.
Similarly, for HeroMotoCorp, cybersecurity continues to be one of the top agendas and as the digital footprint is increasing so is focus on cybersecurity while the company will continue with focus on triad of people (awareness), process and technology, with increased usage of mobile, technologies related to mobile security will be a priority. In addition, enhancing dashboards and real-time view of overall threat and risk landscape and mitigation thereof would be a priority. Thirdly, the company will start exploring technologies like Machine Learning and Deep Learning as to how they can help further improve our security posture.
Where is the role of CISO heading?
CISOs role is important is now a banal statement. In future, its importance is only going to increase, with so much happening in the country on the digital front. The era of responding post an attack is going and the CISOs have to be preemptive in their strategy. One thing that CISOs have to learn from business is that no matter how much one is prepared for any eventuality, there would still be cases which are unseen and hence one cannot be complacent in any stream.
CISO role is becoming more and more critical and is moving beyond being just the technology and support providers for information security but being trusted advisors of the business in overall risk mitigation. One thing CISOs need to change is change their ‘language and approach’ from being technology centric to business-centric so that business can relate to them more.