Dr Rudra Murthy KG, Digital India’s CISO – Ministry of Home Affairs has been playing a key role in strategizing the cybersecurity, cyber crime and national emergency response initiatives for the Digital India programme. He has been advocating for a central agency / ministry that can act as a one-stop centre for all issues related to cyber security and cyber crime. In a candid interview to Sandhya Michu, Dr Rudra Murthy talks about the reforms needed to strengthen the law and enforcement agencies to act swiftly for any cyber crime related adversary
Some edited excerpts:
Can you dwell upon the recent cyber security initiative that MHA has undertaken as part of the digital India programme?
We are trying to reduce the burden of jurisdiction by empowering the technical capabilities of law and enforcement agencies to handle cyber crime related issues. Presently, these state agencies are working in silos and we need to put them together by way of imparting technical training to them. Each state will have one training center and continuous training programme will be designed for these agencies.
The objective is to have 20 per cent trained police officers in each police station in next five years. We will not only train them, but we will help them by ways of cyber forensic analysis and technologies and tools for them to carry the investigation. As you know the capabilities existence within the agencies at this time is very low and we will pull the available resources from the market to meet the requirement. This project is under MHA as cybercrime must be prevented against women and children. Gradually, we are understanding the cyber threat vectors for other genders and we will rope them as part of the project. Secondly, we are strengthening up the technology components for cyber crime preventions and investigations for the common person.
Another area is to consolidate the National Emergency Response System (NERS) helpline. Presently, there are more than 48 both emergency and helpline numbers. The aim of this initiative is to ease up citizen life by introducing a unified emergency helpline number. The project is already announced by MHA, and testing is going on whereas TRAI has allocated 112 number for this purpose. We will be officially rolling out the ‘112’ emergency helpline project anytime soon. NERS is a unique and single helpline number that integrates all existing important emergency helpline numbers in one platform. People can access the service of the helpline by dialing 112.
The National Cyber Security Policy was unveiled in 2013. Is it geared up to address present day cyber security threats?
The National Cyber Security Policy came in 2013, while we are now almost at the end of 2017. In the last two years, digitization and the cyber threat landscape has undergone a radical change not only in India but globally. It is time the policy should be reviewed as per the current digital economy trends.
According to you, what are the new trends in cyber security?
Understanding the current situation and prevailing various departments to manage the cybersecurity framework in India, we have various bodies such as National Information Security Policy and Guidelines (NISPG) 2014, Computer Emergency Response Team (CERT-In), which works under MeITy (Ministry of Electronics & Information Technology) and National Critical Infrastructure Information Protection Center (NCIIPC) for safeguarding critical infrastructure. The lack of coordination is leading to delays in investigations. There is an absence of an integrated approach. In my view, there is a need for a national-level agency headed by a Secretary-level officer.
Do you think that emerging technologies like ML and AI are needed to counter the growing cyber threats?
To combat cyber risks, organizations are required to deploy a holistic approach to security, and need to convince employees, management and top executives the importance of internal threats. I have started seeing machine learning and pattern recognition techniques will improve the woeful state of computer security. The scope of AI in cyber security is yet to be analyzed for a better understanding.
How do you see the role of CISOs in the enterprise?
I personally feel that the role of CISO in an enterprise is not fully empowered. Their reporting is not part
of the board. The SME sector has to start thinking serious on the CISO as most of the recent attacks were targeted on SMEs. CISOs must also move out of policy making and should rather focus on automation by minimizing the human dependency in terms of decision making