India is all set to announce a new cyber security policy to counter increasing threats from external factors, to both its corporate sector and critical infrastructure.
India’s Prime Minister Narendra Modi making the new announcement on the occasion of the country’s 73rd Independence Day celebrations said, “In the coming times, we will have to integrate everything and then work within the framework of this cyber security. We will formulate strategies to move forth.”
“It can be a threat to the social fabric of our country, our economy and can even threaten the development of our nation; we are very well-aware of that. India is very cautious and is planning to take steps to combat these risks,” he said.
The renewed focus on the subject comes in the wake of a perception of increased threat from both external state and non-state actors in recent months.
The targets
In June CYFIRMA Research issued a report indicating increased cyber threat due to the India-China conflict.
“Our research points to hackers discussing the extensive target lists which include government agencies and private companies.
The targets may not be limited to the lists published as the threat has increased.
Hackers could be planning a nationwide cyberattack,” the report said, urging the Indian Computer Emergency Tesponse Team (CERT IN) to send out a nationwide public advisory, given the scale of the potential cyberattack.
“We continue to monitor the situation and the telemetry shows more targets have been identified, the scale has expanded, and more compromised IP addresses have been discussed as vulnerabilities for technical exploits,” it added.
In July, another report by Kaspersky said India is among the top victims of a novel attack by hackers linked to North Korean APT (Advanced Persistent Threat) to be using an advanced malware framework called MATA to use Windows, Linux and Mac Operating Systems.
The new policy is expected to have some major changes compared to the National Cyber Security Policy of 2013 which introduced a national and sectoral 24X7 mechanism to deal with cyber threats through National Critical Information Infrastructure Protection Centre (NCIIPC).
CERT-In was designated to act as a nodal agency for coordination of crisis management efforts and act as an umbrella organization for coordination actions and operationalization of sectoral CERTs.
The existing framework however, according to experts, is far away from being centralised and has 36 different bodies with many ministries having their own initiatives to deal with cyber issues. State governments also have their own CERT.