The document outlines India's national cyber security policy and strategies. It aims to build a secure and resilient cyberspace for citizens, businesses, and government. The key objectives are to create a secure cyber ecosystem, strengthen regulatory frameworks, enhance mechanisms for information gathering and response, protect critical information infrastructure, develop indigenous security technologies, and create a cybersecurity workforce. The strategies to achieve these objectives include designating agencies to coordinate cybersecurity efforts, encouraging adoption of best practices, developing testing and certification processes, and fostering public-private partnerships and cooperation.
3. Complex environment of integrations between people,
software and services
Common pool used by citizens, businesses , critical
information infrastructure ,military and groups
Vulnerable to a wide range of incidents, whether intentional
or accidental, manmade or natural, and the info can be
exploited by both nation states and non state actors
SANTOSH KHADSARE 3
CYBERSPACE IS…..
4. Caters to the whole spectrum of ICT users and
providers and is an evolving process
IT SERVES AS AN UMBRELLA FRAMEWORK FOR
DEFINING AND GUIDING THE ACTIONS RELATED
TO SECURITY OF CYBER SPACE
It also enables the individual sectors and org in
designing appropriate cyber security polices to suit
their needs
SANTOSH KHADSARE 4
CYBER SECURITY POLICY
5. TO BUILD A SECURE AND RESILIENT
CYBERSPACE FOR CITIZENS,
BUSINESSES AND GOVERNMENT
SANTOSH KHADSARE 5
VISION
7. SANTOSH KHADSARE 7
OBJECTIVES
Create a secure
cyber ecosystem
Create an assurance
framework
Strengthen the
regulatory
framework
Enhance and create
national and
sectorial level 24x7
mechanisms for
info gathering
Enhance protection
and resilience of CII
by operating 24x7
NCIIPC
Develop indigenous
security
technologies
8. SANTOSH KHADSARE 8
OBJECTIVES
Est infrastructure
for testing &
validation of
security of such
products
Create workforce of
500,000
professionals in
next five years
Fiscal benefits to
businesses for
adoption of std
security practices
and processes
Enable effective
prevention ,
investigation and
prosecution of
cyber crime
Create culture of
cyber security
Develop public pvt
partnerships and
enhance global
cooperation
9. Designate a national nodal agency to coordinate matters(cyber
security) with clearly defined roles and responsibilities
designate CISO in every org who will be responsible for cyber
security efforts and initiatives
Org to devp info security policies and implement them as per
international best practices
Org to earmark a specific budget for cyber security
SANTOSH KHADSARE 9
STRATEGIES : CREATING A SECURE
CYBER ECO SYSTEM
10. Provide fiscal schemes and initiatives to encourage entities to
install and upgrade info infrastructure fro cyber security
Prevent occurrence and recurrence of cyber incidents
(proactive actions)
Est mechanism for sharing info
Procurement of trustworthy indigenously manufactured ICT
products
SANTOSH KHADSARE 10
STRATEGIES : CREATING A SECURE
CYBER ECO SYSTEM
11. Promote adoption of global best practices in info security and
compliance.
Create infrastructure for conformity assessment and
certification of compliance to cyber security best practices, std
and guidelines (e.g ISO 27001 ISMS certification).
Enable implementation of global security best practices for risk
management.
Identify and classify info infrastructure facilities and assets.
SANTOSH KHADSARE 11
STRATEGIES : CREATING A
ASSURANCE FRAMEWORK
12. Encourage secure appln/software devp processes.
Create conformity assessment framework for periodic
verification of compliance to best practices, std and guidelines
on cyber security.
Encourage all entities tom periodically test and evaluate the
adequacy and effectiveness of tech and op security measures
implemented in IT sys and networks .
SANTOSH KHADSARE 12
STRATEGIES : CREATING A
ASSURANCE FRAMEWORK
13. Encourage use of open standards to facilitate interoperability
and data exchange among different products and services.
Promote a consortium of Govt and private sector to enhance
availability of tested and certified IT products on open
standards.
SANTOSH KHADSARE 13
STRATEGIES : ENCOURAGING OPEN
STANDARDS
14. Devp dynamic and legal framework and its periodic review to
address Cyber security challenges.
To mandate periodic audit and evaluation.
To enable, educate and facilitate awareness of the regulatory
framework.
SANTOSH KHADSARE 14
STRATEGIES : STRENGTHENING
THE REGULATORY FRAMEWORK
15. To create National lvl sys , processes, structures and
mechanisms to generate situational scenario of
existing and potential threats and enable timely info
sharing for proactive, preventive and protective
actions.
To operate 24x7 CERT-in to function as a Nodal
Agency for coordination of all efforts for cyber
security emergency response and crisis mgt
(Umbrella org).
SANTOSH KHADSARE 15
STRATEGIES : CREATING MECHANISMS FOR EARLY
WARNING , VULNERABILITY MGT & RESPONSE
16. Operationalise 24x7 sectorial CERTs.
Implement Crisis Mgt plan for dealing with incidents impacting
critical national processes or endangering public safety and
security of the nation.
To conduct and facilitate regular cyber security drills and
exercises at National, sectorial and entity levels.
SANTOSH KHADSARE 16
STRATEGIES : CREATING MECHANISMS FOR EARLY
WARNING , VULNERABILITY MGT & RESPONSE
17. To mandate implementation of global security best practices,
business continuity mgt and cyber crisis mgt plan for all e-
Governance initiatives .
To encourage wider usage of PKI within Govt. for trusted
communication and transactions.
To engage info security professionals / org to assist .
SANTOSH KHADSARE 17
STRATEGIES : SECURING E-
GOVERNANCE SERVICES
18. To devp plan for protection of CII.
To operate 24x7 National Critical Information Infrastructure
Protection Centre(NCIIPC) to function as Nodal agency for CII
protection.
To facilitate identification, prioritisation, assessment,
remediation and protection of CII and key recourses.
To encourage and mandate as appropriate, the use of validated
and certified IT products.
SANTOSH KHADSARE 18
STRATEGIES : PROTECTION AND RESILIENCE
OF CRITICAL INFO INFRASTRUCTURE
19. To mandate security audit of CII on periodic basis.
To mandate certification of all security roles right from CISO
/CSO to those involved in operation of CII.
To mandate secure appl /software devp process.
SANTOSH KHADSARE 19
STRATEGIES : PROTECTION AND RESILIENCE
OF CRITICAL INFO INFRASTRUCTURE
20. To undertake R&D programs aimed at short term, medium term
and long term goals.
To encourage R&D to produce cost effective, tailor-made and
indigenous security solutions .
To facilitate transition, diffusion. And commercialisation of
outputs of R&D into commercial products and services for use
in public and private sectors.
SANTOSH KHADSARE 20
STRATEGIES : PROMOTION OF R&D
IN CYBER SECURITY
21. To set up Centre of Excellence in areas of strategic importance
for the point of security of cyber space .
To collaborate in joint R&D projects with industry and academia
in frontline technologies and solution oriented research.
SANTOSH KHADSARE 21
STRATEGIES : PROMOTION OF R&D
IN CYBER SECURITY
22. To create and maintain testing infrastructure and facilities of IT
security product evaluation and compliance verification.
To build trust relationships with product / system vendors and
service providers for improving end-to-end supply chain
security visibility.
To create awareness of the threats, vulnerabilities and
consequences of breach of security related to IT procurement.
SANTOSH KHADSARE 22
STRATEGIES : REDUCIN SUPPLY
CHAIN RISKS
23. To foster education and trg programs both in formal and
informal sectors to support the nation’s cyber security needs
and build capacity.
To est cyber security trg infrastructure across the country by
way of public private partnership arrangements.
To est cyber security concept labs for awareness and skill devp
in key areas.
To est institutional mechanisms for capacity building for Law
Enforcement Agencies.
SANTOSH KHADSARE 23
STRATEGIES : HRD
24. To promote and launch a comprehensive national awareness
program on security of cyber space.
To sustain security literacy awareness and publicity campaign
through electronic media.
To conduct, support and enable cyber security workshops /
seminars and certifications.
SANTOSH KHADSARE 24
STRATEGIES : CREATING CYBER
SECURITY AWARENESS
25. To facilitate collaboration and cooperation among stakeholder
entities.
To create models of collaborations and engagement with all
relevant stakeholders.
To create a think tank for cyber security inputs, discussion and
deliberations.
SANTOSH KHADSARE 25
STRATEGIES : DEVP EFFECTIVE
PUBLIC PVT PARTNERSHIPS
26. INFO SHARING AND COOPERATION (among security agencies,
CERTs, defence agencies, Law enforcement agencies and judicail
systems).
PRIORTIZED APPROACH FOR IMPLEMENTATION.
SANTOSH KHADSARE 26
OTHER STRATEGIES