In today’s digital era, cybersecurity has become a pressing concern for governments, businesses, and individuals alike. As one of the largest and fastest-growing digital ecosystems in the world, India faces a rising tide of cyber threats. To address these challenges, a comprehensive National Cyber Security Strategy (NCSS) has been formulated to safeguard the country’s digital infrastructure and ensure the safety of its citizens in cyberspace.
What is the National Cyber Security Strategy?
The National Cyber Security Strategy is a structured framework aimed at protecting India’s digital ecosystem. It focuses on securing critical information infrastructure, promoting robust data protection, enhancing cyber resilience, fostering collaboration across sectors, and addressing emerging cyber threats. Ultimately, the strategy ensures both national security and economic stability in the digital age.
Objectives of the National Cyber Security Strategy
Introduced in 2020 under the leadership of Lt General Rajesh Pant and spearheaded by the Data Security Council of India (DSCI), the strategy identifies 21 key focus areas. Its primary objectives are:
- Strengthen Cyber Defences: Establish robust mechanisms to protect critical information infrastructure (CII) from sophisticated cyber threats.
- Promote Data Protection: Ensure the confidentiality, integrity, and availability of data across sectors.
- Enhance Collaboration: Foster cooperation among government bodies, private enterprises, and international stakeholders to tackle cybersecurity challenges.
- Capacity Building: Develop technical expertise, train professionals, and reinforce institutional frameworks to combat cyber risks effectively.
Why India Needs a National Cyber Security Strategy
With rapid digital adoption and escalating cyber threats, India’s digital infrastructure requires a strong, unified strategy. Key factors driving the need for NCSS include:
- Rising Cyber Threats: CERT-In reported over 1.3 million cyber incidents in 2022, including phishing attacks, ransomware, and data breaches. Cyberattacks are projected to grow to 1 trillion annually by 2033 and 17 trillion by 2047, according to a PRAHAR study.
- Surge in Digital Transactions: The launch of the Unified Payments Interface (UPI) has led to an exponential rise in digital payments, demanding robust cybersecurity measures.
- Protection of Critical Infrastructure: Vital sectors such as energy, banking, healthcare, and defence face targeted cyberattacks, making national-level protection crucial.
- Geopolitical Risks: State-sponsored and non-state cyber actors increasingly target Indian assets, underlining the need for coordinated cyber resilience strategies.
- High Cost of Data Breaches: A 2023 IBM report estimated that the average cost of a data breach in India was ₹17.6 crore.
- Emerging Technologies: Advancements in 5G, Artificial Intelligence, the Internet of Things (IoT), and other technologies create new cybersecurity challenges that must be addressed proactively.
Key Components of the National Cyber Security Strategy
The NCSS is built around three core pillars: Security Strategies, Strengthening Strategies, and Synergising Strategies.
Security Strategies
These strategies focus on safeguarding critical assets, supporting large-scale digitisation, and addressing challenges posed by emerging technologies.
- Large-Scale Digitisation of Public Services: Advanced cybersecurity operations are required to secure digital services and build institutional capability for device assessment.
- Supply Chain Security: The strategy employs a two-pronged approach to ensure the integrity of the supply chain for both globally manufactured and India-developed products.
- Critical Information Infrastructure (CII) Protection: Integrating supervisory control and data acquisition (SCADA) with enterprise security ensures continuity of essential services during cyberattacks.
- Advanced Technology: Investments in understanding the cybersecurity implications of 5G, AI, IoT, robotics, and the metaverse are central to staying ahead of emerging threats.
Strengthening Strategies
Strengthening strategies aim to fortify institutional frameworks, boost resources, develop skills, and implement robust crisis management systems.
- Institutional Frameworks: Aligning national cybersecurity governance with global best practices is essential for a country of India’s scale.
- Budgetary Provisions: Allocating at least 0.25% of India’s annual budget to cybersecurity, with scope to increase as the digital economy expands.
- Capability and Skill Development: Fostering a skilled workforce to support India’s $1 trillion digital economy.
- Audit and Assurance: Updating frameworks to manage risks arising from rapid digitisation and sophisticated cyber threats.
- Crisis Management: Employing advanced science, technology, and process innovation to predict, manage, and respond to cyber crises effectively.
Synergising Strategies
These strategies focus on enhancing digital infrastructure, developing technical standards, promoting cyber insurance, branding India as a cybersecurity hub, advancing cyber diplomacy, and improving cybercrime investigation.
- Internet Infrastructure: Strengthening ICT and IT-enabled services to leverage India’s $350 billion IT industry by 2025.
- Standards Development: Investing in technical standards for IoT and emerging technologies to manage cybersecurity at scale.
- Cyber Insurance: Expanding awareness and developing the market to manage cyber risks effectively.
- Brand India: Positioning India as a global hub for cybersecurity products, research, and talent.
- Cyber Diplomacy: Promoting India’s leadership in global cyberspace governance, considering its large internet user base and start-up ecosystem.
- Cybercrime Investigation: Utilising cutting-edge technology, digital forensics, and legal procedures to investigate cybercrime efficiently.
Challenges Facing the National Cyber Security Strategy
Despite its robust framework, the NCSS faces several challenges:
- Shortage of Skilled Workforce: Insufficiently trained professionals leave critical infrastructure vulnerable.
- Fragmented Cybersecurity Framework: Lack of integration complicates threat detection and response.
- Evolving Threats: Rapid technological advancements introduce complex new risks that require constant vigilance.
- Budget Constraints: Limited funding can impede infrastructure development, advanced technology adoption, and talent acquisition.
- Limited Public Awareness: Many citizens remain unaware of basic cyber hygiene practices, heightening the risk of fraud and data breaches.
For More Readings: ENFORCEMENT DIRECTORATE | INSTITUTIONAL PERSPECTIVE OF e-GOVERNANCE IN INDIA