It is like a guideline that addresses the entire ecosystem. So it will address cybercrimes, capacity building, audits, research and developments, and all aspects will be addressed, said Lt. General Rajesh Pant, country’s National Cybersecurity coordinator
NEW DELHI: India’s upcoming National Cybersecurity Strategy will have an element of sovereignty, and it will set deliverables for enterprises to address gaps in India’s ecosystem.
“We’re talking of a national cyber space. We’re associating an element of sovereignty in it, and we’re saying how do we create a safe, secure, resilient, trusted and vibrant cyber space for our national prosperity," said Lt. General Rajesh Pant, country’s National Cybersecurity coordinator, while speaking at Pursuit 2021, an industry event organized by the Internet and Mobile Association of India (IAMAI).
“It is like a guideline which addresses the entire ecosystem. So it will address cyber crimes, capacity building, audits, research and developments, and all aspects will be addressed. A number of deliverables will be there," Pant added. He also said that the strategy will follow the principles of Common But Differentiated Responsibility (CBDR), which puts the onus of cybersecurity on all involved parties, including corporates, users, academia and governments. The policy, which is awaiting approval at the cabinet, will make changes to the 2013 version and will be “futuristic", while addressing the “entire ecosystem" involved.
“The way 2021 has started, I would call it the year of ransomware," said Pant. He said that already $1 trillion has been paid as ransom and the scale of attacks have been increasing. “The financial sector will have to be on its toes and ensure that all the efforts required for cyber resilience are put into place," he added. He advocated for zero trust architectures to be adopted, which is a network security model that assumes that everyone near a network can be harmful to it.
Pant said that he hopes that the Personal Data Protection (PDP) bill will be introduced in the upcoming monsoon session of the Parliament. Like the European General Data Protection Regulations (GDPR), the PDP also provides for fining enterprises if cyber attacks aren’t reported in time.
“Cybersecurity is everyone’s responsibility. Most of the critical sectors today, like telecom, fall in the private sector. Major players like Reliance, Vodafone and Airtel are in the private sector. Similarly, there are private companies in the power sector," he said. “So, in case there are these state-backed advanced persistent threat (APT) attacks, the private sector has to be equally prepared for it. And in the private sector, the attack actually starts with the individual," he said.