By Digvijaysinh Chudasama, Partner, Deloitte India
India has observed two significant initiatives in the last few weeks that shall accelerate India in the next decade of building Cyber Surakshit Bharat. First, the Launch of National Cybersecurity Response Framework (NCRF) for National Critical Infrastructure by NSCS (National Security Council Secretariate) and second, the guidelines on Information Security Practices for Government Entities by CERT-In. These developments together will address the threat landscape of a large number of the nation’s critical organisations.
These two notable initiatives are quite timely as the nation continues to see a rise in Malware, Ransomware, and sophisticated attacks in Indian organisations. This further intensifies the activities of urgency and high priority agenda across all the Ministries and authorities dealing with National Assets and National Critical Infrastructure.
CERT-In has taken a very comprehensive approach in detailing the best practices and processes to be followed for cyber security across standard ICT components and a few emerging threats. This includes cyber securing social media, third parties (Vendors) and cloud service adoption overlapped with regular audit assessments for cyber security posture. While these are specific to government entities, the guidelines can also be used as a reference by other non-government entities. Emphasis on roles like CISO, CIO and having appropriate cyber budget is a welcome recommendation.
Governance, Risk & Compliance are major functions for any organisation to be resilient and sustainable to protect their infrastructure. NSCS has benchmarked this as a guiding principle to build the reference architecture and network design for critical infrastructure that extensively depends on IT and OT technologies in their operations. NCRF, once issued in public domain, will become the ‘go-to’ framework for the entire industry to solve some of the important questions of whether to have IT and OT SoC as a separate unit or how to have integrated response to some of the coordinated multi-channel attacks. These and more, I believe will be covered in the guidelines.
With G20 Summit in September this year, the Government of India has accelerated the pace with early engagement of participating countries through G20 cyber conference that was hosted on 13-14th July. This will lead Indian authorities to have early dialogues and bilateral arrangements across boundaries to further collaborate in building dedicated eco-system that helps identify early threat warnings, exchange reports, source of origins, actors and sharing of financial/digital transactions to mitigate these risks through unified Global Laws. There is increased propensity to use social channels, deepfakes and AI to create disharmony, misinformation and distrust among larger population that is moving on digital platform through smart phones in India. Over 3000+ complaints are reported on daily basis for fraud and scam, half of these are online impacting citizens and corporate for millions of rupees.
With the changing geo-political and economic shifts, the Government of India (GoI) has taken far reaching steps to evolve in cyber space. This includes strengthening internal safety and security under MHA, investment in defence infrastructure and having bilateral agreements with countries across the globe, to remain coordinated and have defensive-offensive strategies for the interest of the nation, it’s citizens and the industry. We have over a dozen departments and authorities that are relentlessly making efforts in this direction to make Cyber Surakshit Bharat.