Addressing cyber security in a holistic manner
Government is aware of the nature of the threats in cyber space and is taking appropriate measures to address these threats by way of an integrated approach with a series of legal, technical and administrative steps to effectively deal with the issue of cyber security in the country and to ensure that necessary systems are in place to address the growing threat of cyber attacks. In support of this approach, the Information Technology Act, 2000 has included adequate provisions for protection of critical information infrastructure and cyber security incident response in the country, the Minister of State for Home R.P.N. Singh has said in the Parliament.
In order to address the issues of cyber security in a holistic manner, the government has come out with a draft “National Cyber Security Policy” after public consultation, to unify the various activities and programmes of the government to address the cyber security challenges with an integrated vision and a set of sustained and coordinated strategies for implementation. In addition, government is taking various measures to ensure necessary awareness and robust security system in all the critical government agencies. Salient features of the steps taken by the government are:
ComputErs sECurIty polICIEs, stAnDArD opErAtInG proCEDurEs and guidelines were formulated and circulated to all ministries/ departments for implementation. All CEntrAl GovErnmEnt mInIstrIEs/DEpArtmEnts AnD stAtE/unIon territory government have been advised to conduct security auditing of entire information technology infrastructure including websites periodically to discover gaps with respect to security practices and take appropriate corrective actions. NAtIonAl InFormAtICs CEntrE (NIC) HAs BEEn DIrECtED not to Host websites, which are not audited with respect to cyber security. A CrIsIs mAnAGEmEnt plAn For CountErInG CyBEr AttACks AnD CyBEr terrorism is in place and circulated for implementation by all ministries/departments of Central Government, state governments and their organisations and critical sectors. THE InFormAtIon TECHnoloGy ACt, 2000 As AmEnDED By tHE InFormation Technology (Amendment) Act, 2008 has been enforced with effect from October 27, 2009. The Act provides legal framework to address the issues connected with security breaches of information technology infrastructure. THE InDIAn ComputEr EmErGEnCy REsponsE TEAm (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis.