Soon India may have a single authority or agency responsible for the entire spectrum of defensive cyber operations in India, a senior official in a security agency said on condition of anonymity.

The move comes even as India faces a renewed threat of cyber attacks and cyber-terrorism . For instance, the breach in a part of a network of India’s largest civil nuclear facility, the Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu, in Sept. The attack didn't compromise critical systems, but gained access to the plant’s administrative network.

According to the official cited in the first instance, the Govt’s plan is to rearrange and reorganize over a dozen agencies engaged in the protecting India’s cyber infrastructure.

The official added that currently, these agencies have their own control and reporting systems. The idea is to restructure these to ensure better coordination and functioning.

The Ministry of Electronics and Information Technology, the Ministry of Home Affairs, the Ministry of Defence, the National Security Council Secretariat (NSC), and the National Technical Research Organization (NTRO), and several other departments and agencies have their individual cyber units that look at various aspect of cybersecurity.

Then there are specialised units including the Computer Emergency Response Team, India (CERT.IN), National Critical Information Infrastructure, and the National Cyber Coordinator Centre.

More are being added by the day. For instance, the Ministry of Home Affairs recently launched CyCord (Cyber Cooperation Centre) under the Intelligence Bureau (IB). CyCord is a platform of several agencies and Govt. departments. It plays a defensive role in the cyber world, and focused on hacking and online investigations . The ministry already had the National Cybercrime Threat Analytics Unit (TAU), the Platform for Joint Cybercrime Investigation Team, the National Cybercrime Forensic Laboratory and the Cybercrime Ecosystem Management Unit.

National Cyber Security Coordinator, Lieutenant General Rajesh Panth has now been given the job of working out a structure that brings together the capabilities of all these units and agencies. “The primary task of the National Cyber Security Policy 2020 will be to bring in cohesion,” the official cited in the first instance said. He added that “there have been several rounds of discussions at the National Security Council Secretariat (NSCS) on the issue and a broad framework has already been worked out.”

The last National Cyber Security Policy was released in 2013. The new policy – National Cyber Security Policy 2020 - will emphasize cybersecurity awareness and hygiene. It is likely to suggest a cybersecurity course for schools and colleges curriculum.

The reorganisation will need the assent of the Union Cabinet before being implemented.

“The reorganization must also deal with the fact that the Information Technology Act is under the Ministry of Electronics and Information Technology (MEITY). In the current parliamentary system, the ministry responsible for implementing the law generally gets to regulate and execute it,” a 2nd senior official associated with Indian cyber security efforts said, asking not to be identified.

“We are studying models across the world before we arrive at a structure,” a 3rd senior official directly involved in the process of coming up with the plan said on condition of anonymity.

A former telecom secretary, Aruna Sudarajan said, “Globally, the trend is to have overarching agencies for better and command and control. It is time we also have a similar structure. India’s capabilities in the cyber world have expanded and there are a large number of agencies, but sharing real-time information is always not enough. Cyber defence capabilities is a critical strategic requirement. I think this a very positive move".

Across the world, the command control of defence cyber operations has been put under a well defined single command and control. For instance, the Government Communications Headquarters (GCHQ) of the United Kingdom is responsible for all things related to protecting cyberinfrastructure. Similarly, the Cyber Security Agency of Singapore reports to the Prime Minister and is responsible for the complete spectrum of defensive cyber operations. The National Security Agency of the US has the complete command and control.

Source Link

Picture Source :