Parts-Syllabus
Part B
EM201 Advanced Navigation and Maritime Cyber Security
Cyber Security
Cyber Security Introduction
Indian National cyber security policy 2013,

Indian National cyber security policy 2013,

Of course. Here is a comprehensive overview of the Indian National Cyber Security Policy, 2013 (NCSP 2013).

The NCSP 2013 was a landmark document for India, representing the first formal, overarching framework to address the challenges of cyberspace.

1. Context: Why Was it Created?

By 2013, India was experiencing:

  • Rapid Digitization: A fast-growing internet user base, an expanding e-commerce market, and increasing use of digital services in governance.
  • Growing Threats: A significant rise in cyberattacks, including phishing, malware, website defacements, and targeted attacks on government and corporate networks.
  • Lack of a Coordinated Framework: While the IT Act of 2000 (and its 2008 amendment) provided a legal basis, there was no single policy to guide national efforts, coordinate between different agencies, or build capacity.
  • Global Espionage: The revelations by Edward Snowden highlighted the vulnerability of national data and communication to foreign surveillance, creating an urgent need for a robust domestic cybersecurity posture.

The policy was released by the Department of Electronics and Information Technology (DeitY), which is now the Ministry of Electronics and Information Technology (MeitY).

2. Vision and Mission

  • Vision: To build a secure and resilient cyberspace for citizens, businesses, and the government.
  • Mission: To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities, and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation.

3. Key Objectives and Strategies (The Pillars of the Policy)

The NCSP 2013 was built on several key pillars:

1. Creating a Secure Cyber Ecosystem:

  • Encouraging all organizations (public and private) to adopt security best practices and implement internationally recognized security standards.
  • Spreading awareness about cyber threats among citizens and businesses.

2. Creating a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC):

  • This was a major outcome of the policy. The NCIIPC was established as the nodal agency to protect Critical Information Infrastructure (CII).
  • CII includes sectors vital to the nation, such as Power, Banking & Finance, Telecom, Transport, and Strategic and Public Enterprises.

3. Strengthening the National Computer Emergency Response Team (CERT-In):

  • While CERT-In was already operational, the policy formally designated it as the national nodal agency for all cybersecurity incident response activities.
  • Its role was to collect, analyze, and disseminate information on cyber incidents and issue alerts and advisories.

4. Building a Skilled Workforce:

  • This was one of the most ambitious and widely discussed goals. The policy aimed to create a pool of 500,000 cybersecurity professionals in the country within five years through training, education, and skill development programs.

5. Promoting Research and Development (R&D):

  • To encourage indigenous development of cybersecurity technologies to reduce dependence on foreign products and build trust in domestic solutions.

6. Fostering Public-Private Partnerships (PPP):

  • Recognizing that the government cannot secure cyberspace alone, the policy emphasized collaboration with the private sector for expertise, technology, and operational coordination.

7. Developing a Cyber Command:

  • The policy envisioned the creation of a Cyber Command to enhance the country’s cyber defense capabilities, though this has primarily been pursued within the military domain (e.g., the Defence Cyber Agency).

8. Strengthening the Legal Framework:

  • To ensure that the Indian legal system was equipped to handle cybercrimes effectively and was in harmony with international laws.

9. Encouraging International Cooperation:

  • To collaborate with other countries and global bodies to combat transnational cyber threats.

4. Achievements and Impact

  • Foundational Document: It was the first-ever comprehensive policy that put cybersecurity firmly on the national agenda.
  • Institutional Framework: It led to the creation of the NCIIPC and the establishment of the high-level National Cyber Security Coordinator (NCSC) office under the Prime Minister’s Office (PMO) to coordinate all national cybersecurity efforts.
  • Increased Awareness: It significantly raised awareness about cybersecurity within government departments and the corporate sector.
  • Spurred the Industry: It gave a push to the cybersecurity services and training market in India.

5. Criticisms and Challenges

Despite its vision, the NCSP 2013 faced significant criticism and challenges in its implementation:

  • More of a Vision, Less of a Strategy: Critics argued that the policy was a broad statement of intent rather than a detailed, actionable plan with clear timelines, budgets, and responsibilities.
  • The 500,000 Professionals Goal: This target was widely seen as unrealistic and was not achieved. The country still faces a massive shortfall of skilled cybersecurity professionals.
  • Vague on Public-Private Partnership: The mechanism for the PPP model was never clearly defined, leading to limited and ad-hoc collaboration.
  • Lack of Dedicated Funding: The policy was not backed by a dedicated budget, hindering the progress of many of its objectives.
  • Rapidly Outdated: The cyber threat landscape evolves extremely fast. A policy from 2013 quickly became outdated with the rise of new threats like sophisticated ransomware, IoT vulnerabilities, and threats from state-sponsored actors.
  • Focus on Security over Privacy: The policy was heavily focused on security and surveillance, with less emphasis on individual data privacy—a topic that gained prominence later.

6. The Path Forward: The Need for a New Policy

Recognizing the limitations of the 2013 policy, the Indian government has been working on a new framework. The National Cyber Security Strategy 2020 (sometimes referred to as the 2021 strategy) has been in the works for several years but has not yet been officially released.

This upcoming strategy is expected to be more robust and aims to address the shortcomings of the 2013 policy by focusing on:

  • Securing the entire supply chain.
  • Developing standards for IoT/IIoT devices.
  • Leveraging Artificial Intelligence and Machine Learning for cyber defense.
  • Creating a “Cyber Security Health Index” for organizations.
  • Integrating cybersecurity with data protection, in line with the new Digital Personal Data Protection (DPDP) Act, 2023.

Conclusion

The National Cyber Security Policy 2013 was a crucial first step for India. It successfully laid the foundational groundwork and created key institutions like the NCIIPC and the NCSC. However, its lack of a concrete implementation plan and its ambitious but unmet goals highlighted the need for a more dynamic, funded, and actionable strategy to tackle the complex cyber challenges of the modern era. It is best viewed as a pioneering but ultimately incomplete effort that paved the way for future cybersecurity initiatives in India.

Indian National Cyber Safety and Security Standards (NCSSS),maritime cyber security awareness,