The Indian government has approved the proposed National Cyber Security Policy, which is aimed at creating a “secure computing environment and adequate trust and confidence in electronic transactions”.
The policy is not aimed only at government entities and big business, but at home users as well.
It enumerates the following priorities:
- Creation of necessary situational awareness regarding threats to ICT infrastructure for determination and implementation of suitable response
- Creation of a conducive legal environment in support of safe and secure cyber space, adequate trust & confidence in electronic transactions, enhancement of law enforcement capabilities that can enable responsible action by stakeholders and effective prosecution
- Protection of IT networks & gateways and critical communication & information infrastructure
- Putting in place 24 x 7 mechanism for cyber security emergency response & resolution and crisis management through effective predictive, preventive, protective, response and recovery actions
- Policy, promotion and enabling actions for compliance to international security best practices and conformity assessment (product, process, technology & people) and incentives for compliance.
- Indigenous development of suitable security techniques & technology through frontier technology research, solution oriented research, proof of concept, pilot development etc. and deployment of secure IT products/processes
- Creation of a culture of cyber security for responsible user behavior & actions
- Effective cyber crime prevention & prosecution actions
- Proactive preventive & reactive mitigation actions to reach out & neutralize the sources of trouble and support for creation of global security eco system, including public-private partnership arrangements, information sharing, bilateral & multi-lateral agreements with overseas CERTs, security agencies and security vendors etc.
- Protection of data while in process, handling, storage & transit and protection of sensitive personal information to create a necessary environment of trust.
The policy also includes a list of responsible actions required to be effected by network service providers, large corporations, and mall/medium and home users in order to strengthen the country’s cyber security posture.