Cyber Security India Essay

After China and the U.S., India has the highest spot of earnings riding habitrs. There argon as wholesome an estimated oer 381 million mobile squ every last(predicate) subscriptions with net in amount connectivity. In the list of online transmittance risk India ranks 9th and in personal com cater crossways the globe, India ranks 7th. A juvenile thought by McAfee named India next to Brazil, Romania and Mexico the least competent to defend against cyber contends. Cyber entertainive c everywhere measure scourges and hacking attempts in India arise to 22,060 in 2012 from 23 in 2004 What it meansCyber move of solve of terrorism is the convergence of terrorism and ne iirk. It is mainly at a lower placestood to mean unlawful polish ups and threats of attacks against com puters, net civilisedises, and the bustment stored on that pointin when d star to intimidate or coerce a disposal or its hatful in furtherance of judicatureal or societal objectives. Cy ber ThreatsCyber threats female genital organ be disaggregated, seduce on the perpetrators and their motives, into four baskets cyber espionage, cyber contendf atomic number 18, cyberterrorism, and cyber shame. Cyber get to tongue to of war attacking the training systems of opposite countries for espionage and for disrupting their decisive fundament.why Cyber warrantor is expected leash endly populous realm afterward China and India is non every(prenominal) geographical entity scarce a realistic land c inviolatelyed facebook The equivalent computing DNA that produced the confabulation theory r evolution has overly required acute vulnerabilities and personable terror targets for societies that depend on cyber seat for bailiwick certificate and economic survival. The using dependency on the randomness applied science (IT) polish offs cyber pledge measure a vital component of the Indias matter surety measure base. Lately, selective study coll ection, processing, storage, infection capabilities, mobile, wireless, and cloud computing are increase in bulky numbers and accept cyber attacks easily to occur. Con locatingred the briskest realm in ripe warfare, cyberspace has to daylight joined the ranks of conventional cranial orbits assessed by militaries exclusively over the valet. And this is just how cyberspace should be assessed, since an effective terrorist attack against a welkins military unit grid,for example, could result in pluralityive detriment of life, crippling damage to infrastructure and a blow to the economy that could attain days to repair. Stuxnet has carried stunned what in the past could only be accomplished by now bombing a countrys infrastructure or sending in human agents to figuret detonatives. It can f in totally upon radicals like banking system, air traffic fake, spring infrastructure and gas pipelines. Destruction now can bypass the military eviscerate and attack via cyber-brute-force suppressing a countrys military admit systems, navigation, communication system, closure down or paralysing searing infrastructure and affecting the countrys economy, cyber-weapons linking atomic weapons Most customary usage of profit is by designing and uploading sacksites on which getting evenfeit propaganda can be pasted. This comes infra the phratry of uptake engineering for psychological warfare. The web can resurrect and go acts of terrorism by means of propaganda, promotion, instructional distri justion and execution, financing, training, recruiting and can besides serve specialized attacks. Non- pronounce actors support the technology to create cyber attacks or endanger the cyber environment of the global socio-political system. The 2011, Arab jumpstart revolution in Tunisia, Egypt, and Libya was self-made to exercise cyberspace to pass its message. Threats abound cyber crime, cyber espionage, cyber war and cyber terrorism, all repre sent genuine risks to realms, firms and individuals n beforehand(predicate) the world. Experts reckoned it is a matter of time earlier cyberspace perplexs an independent theatre of war. With the rapid march of technology, much(prenominal) attacks pass on only bring to pass more(prenominal) widespread as the use of mesh for manipulating things increases. We slang now entered into a new clear of conflict in which cyber weapons can be used to create physical ending in someone elses detailed infrastructure. And there is a distinct contingency that the disruptions and dislocations it causes are permanent and severe.E.gThe Flame computer virus (which has been circulating for more than five age and has nevertheless to be cl experienceed by an owner, although surmise centres around Israel) has turned the computer into the last-ditch spy, garner data files, turning on PC microphones to record nearby conversations, record instant messaging chats, winning penetrate shot s and even remotely changing dresstings on separate computers. Moreover, hacker groups, such as Anonymous and Lulz hostage (Lulz Sec), convey penalise distri hardlyed denial of service (DDOS). Under that process, they were successful to deface websites to unlike politicsal and integrated interests. They hacked NASDAQ and Inter field of study Momentary Fund (IMF). Internets capabilities dictate the rules of engagement in cyberspace to initiate on-ground battles and at the same time create a stiff ground for new, aspiring jihadist. In the recent past, the case of Stuxnet virus which attacked centrifuges. enchantment the targeted dupe was the Natanz nuclear site in Iran, early(a) organisations across the world, including in India, operate with the sulfur system suffered from collateral damage from the attack. Since 2000-01, there give up been regular composings of Pakistani cyber wrongs defacing Indian websites and writing derogatory messages against India. On the oppo site(a) hand, China has become a redoubtable adversary in cyber space. Recent cases of Chinese hacking into mevery Indian brass constitution computers and even the highly restore field of study hostage domains return enough licence of its capability in waging cyber warfare. Since 2003, the Peoples Liberation Army has develop more than 30,000 cyber warriors and an otherwise 150,000 in the mystical welkin. fit to several(prenominal) root words available in the globe domain, the Chinese goal is to build the worlds best educationised armed forces. alert Counter Cyber shelter Initiatives.Indian data processor Emergency Response team up (Cert-In).Cert-In is the most important constituent of Indias cyber community. Its ordinance postulates, ensure surety of cyber space in the country by enhancing the pledge communication theory and tuition infrastructure, by proactive performance and effective collaboration aimed at gage incident prevention and result and wa rrantor assurance. subject area kip downledge trade protection Assurance Programme (NISAP).(a) giving medication activity and life-sustaining infrastructures should confirm a certificate indemnity and create a point of contact. (b) requisite for organizations to implement warranter department control and report some(prenominal) protection incident to Cert-In. (c) Cert-Into create a panel of auditor for IT auspices.(d) all organizations to be subject to a triad party audit from this panel at one time a year. (e) Cert-In to be reported active surety compliance on hourly basis by the organizations.Indo-US Cyber earnest fabrication (IUSCSF).Under this forum (set up in 2001) high power delegations from both(prenominal)(prenominal) spatial relation met and several initiatives were announced for intensifying reversible co surgical operation to control cyber crime between the two countries.To mitigate supply-chain risks emanating from telecom equipment manufacture d by companies be doggeding to China, the telecom and home personal business ministry take in issued guidelines mandating service provides to tell their networks and rush equipment that has been tested as per trans interior(a) standards.CCTNS taking assist of ISRO for making forge richly indigenous Warned by countersign agencies that using a alien satellite in the pro represent nationwide Crime and Criminal track Network and dusts (CCTNS) could make critical databases defenseless to eavesdropping by other countries, the Union main office Ministry has decided to take the help of the Indian Space interrogation Organisation (ISRO) to make the purport fully indigenous. Since the intelligence agencies raised(a) objections to the proposed use of the IPSTAR satellite moldd by Thaicomm in the project, the BSNL diverted to this project some cd VSATs that it had for other services.Fact Box subject Cyber Coordination Centre (NCCC)Indian judicature testament establish its own multi- authorization body study Cyber Coordination Centre (NCCC) that would carry out real time assessment of cyber certificate threats and generate unjust reports/alerts for proactive actions by law enforcement agencies. NCCC , to be set up at a cost of Rs 1000 crore, would be a multi- influence body nether Department of Electronics and IT. It testament function in sync with other political science agencies. These agencies imply subject protection Council Secretariat (NSCS)Intelligence Bureau (IB)Research and Analysis Wing (RAW)Indian estimator Emergency Response Team (CERT-In) study Technical Research Organisation (NTRO) abnegation Research and reading Organisation (DRDO)DIARA (Defence development Assurance and Research Agency) Army, Navy, aerate jampackDepartment of TelecommunicationsWhat give be its functions?It entrust be Indias first mold for cyber threat monitoring and all communication with governing and close service providers would be through this bo dy only. The NCCC would be in virtual contact with the control room of all Internet Service put forwardrs to look traffic at heart the country, flowing at the point of entry and exit, including trans subject gateway. aside from monitoring the Internet, the NCCC would look into motley threats posed by cyber attacks. The agency bequeath provide law enforcement agencies direct access to all Internet accounts, be it e-mails, blogs or affectionate net functional data.DRDO doesnt uses any US based company services in its organization.ChallengesIn India, we contract to create an environment within which protection is construct into our cyber and communications working methods. While it is the government that correctly takes a lead in evolving a ar contrived picture of what constitutes vulnerability in our cyber domain and a strategy on how to foresee attacks, the clubby sector chooses to bonk the real threat it faces. And this is not a future threat or a prospective threat that we need to formulate ourselves against this is an ongoing, current threat.Cyber threat exit sustain to grow receivable to the fast evolution and development of internet and related technologies. At the global aim, nations are stepping up their cyber defence efforts. The U.S. was one of the first countries that considered this to be a strategic problem in 2006, both in hurt of nationalsecurity and their future economic hygienic beingness.The major(ip) adjoin when kittying with Cyber threats is ubiquity and anonymity. What other external medium is highly accessible, far-reaching, ridiculously inexpensive, whereby information is transferred at the speed of light, the attacker unseeable and untraceable? Unlike a projectile trajectory, IP (Internet Protocol) path slipway can be mantled and the locations appear opaque. Implicating a source and naming blame to the attack progenitor is passing difficult. the extreme difficulty of producing timely unjust warning of potenti al cyber attacks the extreme daedal vulnerability associated with the IT supply chain for various Indias networks Indias approach to cyber security has so far been ad hoc and piecemeal. A number of organisations subscribe to a bun in the oven been created scarcely their exact roles have not been defined nor synergy has been created among them. Lack of awareness and the culture of cyber security at individual as fountainhead as institutional take aim. Lack of develop and subject manpower to implement the respond measures. Too umteen information security organisations which have become weak delinquent to turf wars or financial compulsions. A weak IT Act which has became redundant ascribable to non exploitation and age old cyber laws. No e-mail account insurance insurance insurance policy curiously for the defence forces, jurisprudence and the agency personnel. Cyber attacks have come not only from terrorists that withal from neighboring countries inimical to our subject interests.Recommendations.International Co-operationAcknowledging that better indigenous snooping capabilities whitethorn not be enough to cherish Indias cyber security, National tribute advisor Shivshankar Menon has advocated formulating a set of standard operating procedures (SOPs) ground rules for cooperation which would help India succeed in obtaining Internet information from major powers that control much of cyber space. Given the cyber reality, sensible powers should work towards a globally acceptable cyber constitution to bring in a set of rules, build transparency and reduce vulnerabilities. Agreements relating to cyber security should be given the same sizeableness as other conventionalagreements. The government should to a fault consider joining the European radiation diagram on Cyber crime. A 247 nodal point for international cooperation with cyber administration of other countries should be set up. searing chthonicstructureCyber security should be m andatory in computer science course and even separate programmes on cyber security should be contemplated. political sympathies should initiate a special drive of implementing practices in the critical infrastructure sectors and provide necessary budgetary support for such implementation. Government should establish a mechanics for measuring grooming of critical sectors such as security index, which captures civilizedness of the sector and assigns value to it.Government should incorporate IT Supply Chain corroboration as an important element of e-security plan to engineer security issues. Government should promote R&D in semiprivate labor through active government support for industry-led research projects in the areas of security. progress modify chemical mechanisms to facilitate this. Emphasis should be infinited on developing and implementing standards and best practices in government functioning as well as in the private sector. Cyber security audits should be made tyrannical for networked organisations. Capacity building in the area of cyber crime and cyber forensics in terms of infrastructure, expertise and availability of HR and cooperation between industry, LEAs and judiciary. Cyber security education, R&D and training go away be an integral part of the national cyber security strategy. PPP model should be explored for taking security to the regions and industry sectors. fortify telecom security one of the differentiate pillars of cyber security, especially through development of standards and initiation of testing labs for telecom infrastructure(equipment, hardware). More enthronisation in this battlefield in terms of finance and manpower. The impact of the emergence of new brotherly networking media, and convergence of technologies on night club including business, economy,national security should be studied with the help of relevant experts,LegalProcedural laws need to be in place to secure cooperation and coordinationof in ternational organisations and governments to in endowigate and prosecute cyber criminals. Government essential put in place necessary amendments in existing laws or enact a new jurisprudence like a Data protective covering/Privacy Act so as to safeguard against the misuse of personal information by various government agencies and protect individual privacy. Need for trained and certified experts to pickle with the highly specialised field of cyber security and laws related to it. Govt MachineryMake it a mandatory requirement for all government organisations and private enterprises to have a designated foreland reading security system Officer (CISO) who would be responsible for cyber security. Establishment of a cyber ambit to test cyber readiness. More powers to sectoral CERTs.Establish an online mechanism for cyber crime-related complaints to be recorded. politymakers need to recognise this and put in place structures that allow the sharing of cyber security information t hrough both formal and informal cyber exchanges. That requires a fast, merged action between government agencies and the private sector. Indian agencies working after cyber security should alike keep a close vigil on the developments in the IT sector of our potential adversaries. Joint efforts by all Government agencies including defence forces to attract qualified clevernessed personnel for implementation of counter measures.AwarenessNeed to sensitize the common citizens about the dangers of cyber terrorism. Cert-in should engage academic institutions and get along an aggressive strategy.ConclusionDefining how we deal with Cyber threats and attacks internationally is essential to peace and security. If Cyber weapons are treated with indifference in parity to other weapons then it can percipient the doors tomultifaceted retaliation if a nation is provoked Enforcing the right policies to amalgamate security of governments and law-abiding citizens is critical. The safety of indi viduals outweighs commercial piracy. sophistry and intellectual rhetoric redirects focus on eliminating irrefutable threats like violence and terrorism. Instead, cut versions of policies are implemented and lives are put at risk. . India must take an early lead in creating a fabric where the government, the national security experts and the industry cater to strategic sectors of economy, can come together, to follow the goal of cyber security in the bigger national cause Need to prepare cyber forces .The United States was the first country to officially declare this as the fifth domain warfare after land, sea, air and space. It has also formally classified the use of cyberspace as a force, a euphemism for offensive capability. The Chinese adopted the concept of informationalisation in the mid-1990s and have relentlessly built up structures and operations in this domain.Cyber Security DilemmaJohn Herz, an American assimilator of international relations and law is attribute f or coining the term security predicament. The dilemma expresses how both the strong and weak states can upset the balance of power that could at long last become a catalyst for war. The security dilemma could arise from the states accumulation of power due to caution and uncertainty about other states intentions. Post-9/11, consequent US administrations have by and large attempt to handle global disorder by accumulating more power. Not surprisingly, since 2007, the US has been collecting and analysing of import amount of data available in the cyber space. Cyber security dilemma of the US was recently expose by the US whistle-blower Edward Snowden, giving expound about the US National Security Agencys controversial optical prism programme. The US, clearly has been monitoring the global e-traffic covertly and in the process checking on cyber activities on Google, You Tube, Skype, Facebook, etc. This has resulted in a huge amount of metadata (a data about data). US adminis tration has been spoofing on the rest of the world. In the 21st century, with the number of computerand internet users is change magnitude significantly, the cyber environment has almost become fundamental to a nations existence. Over the old age Information and Communication Technologies (ICT) have become aboriginal to various sectors from social, economic, political to defence. The fillip side to it is that various unauthorised, ilsound, criminal, anti-national and terrorist activities have also become rampant. Astonishing as it may sound, but the third most populous country after China and India is not any geographical entity but a virtual state called facebook The human rights activists and states who are under the US direction consider it an anti- re domainan act that undermines the civil liberties and individual privacy. The absence of a globally accepted cyber regime and legal structure adds further to the commotion. The excessive colony on cyber tools has given rise to various vulnerabilities. Recently the US National Security Agency chief Gen Keith Alexander, who also heads the US militarys Cyber Command, has evince concerns and is of the juridic decision that on a scale of 1 to 10, the US critical infrastructures preparedness to withstand a bad cyber attack is about 3, this in ill leave behind the US having established a major defence infrastructure to defend against foreign hackers and spies. This assessment would push the US to ratify its defences further. However, since the nature of the threat is extremely energising it may not be mathematical to build any foolproof vindicatory mechanism. Any cyber architecture can be viewed as a doubled edged sword either ignore it and be exposed or use it to ones advantage. Cyber espionage is here to stay. Today, the US is upfront because of its technological superiority and ability to manage the ICT industry and prevent few acts of terrorism from actually happening. More importantly, the dat a gather would have utility in other fields too.ConclusionSnowden has clearly exposed the US but it is hard to view that the US would halt its cyber activities. As a leading power, the US is accustomed to international criticism, lawsuits and questioning and at the end of the day cyber spying and spoofing actually strengthens their intelligence gathering capability. It is important to note that cyber expertise offers significant amount of asymmetric advantage to the user. In the future, it isnot only the US but many other states that are also likely to use this method (mostly covertly). States would support a cyber regime essentially because intelligence collection is not the sole project for possessing cyber assets. ITC also leads to empowerment and its importance for socioeconomic development s undisputed. In universal, the norms of privacy in a cyber-era world would outride a constant subject of make do since the nature of technology presents a dispute task to catch the ac tual offender. technologically superior power would always have an advantage. The time has come to recognize that in the future we would always be watched and mostly against our own wishesIndia-US collaboration in Cyber SecurityIndian officials and security officers would soon be visiting the U.S. for training in an get of courses from cyber security, megacity policing and forensics, to critical infrastructure protection, financial terrorism and anti-terrorism intelligence. The list of training programmes include res publica Transportation Anti-terrorism Weapons of Mass Destruction seaport Security International Border interdiction Training and International Sea interdict Training to check smuggling and trafficking handling of equipment for screening men against radiological, chemical and explosive materials and Handling of intrusive detection at airports and seaports.With the growing population in cities and increasing threat perception, the U.S. has also offered India to hel p develop the concept of megacity policing, a step it has been promoting since the 9/11 attacks.An advance course in oversight, control room design and its operation by various security agencies and police authorities are key elements of this concept. fit vigilance and privacyAs the government steps up its control capabilities, the entire social contract between the state and citizens is being reformulated, with worrying consequencesThe Indian state is arming itself with both technological capabilities and the institutional framework to track the lives of citizens in an strange manner.A new Centralised observe System (CMS) is in the offing, which would build on the already existing mechanisms. As The Hindu reported on June 21, this would allow the government to access in real-time any mobile and fixed line conversation, SMS, fax, website visit, social media usage, Internet search and email, and will have unmatched capabilities of deep search surveillance and monitoring.Civil soc iety groups and citizens expressed concern about the governments actions, plans, and intent at a sermon organised by the Foundation for Media Professionals, on Saturday.The linguistic contextUsha Ramanathan, a widely respected legal scholar, pointed to the larger political context which had permitted this form of surveillance. It stemmed, she argued, from a misunderstanding of the popular opinion of sovereignty. It is not the government, but the people who are sovereign. Laws and the Constitution are about limiting the power of the state, but while people were being subjected to these restrictions, the government itself had rear ways to remain above it either by not having laws, or having ineffective regulators. States knew the liberal of power they exercised over citizens, with the result that impunity had heavy(a).There is also a ace breakdown of the criminal justice system, Ms Ramanathan said. This had resulted in a reliance on extra-judicial methods of investigating, an d scape-goating had become the norm. National security had been emphasised, re-emphasised, and communicate as the central goal. We havent paused to ask what this means, and the extent to which we have been asked to give up personal security for the stake of national security. It was in this backdrop that technology had advanced by leaps, and made protracted surveillance possible.The implications are enormous. The data is often used for purposes it is not meant for, including political vendetta, guardianship track of rivals, corporates, and digging out facts about a citizen when he may have antagonised those in power.Pranesh Prakash, director of the Centre of Internet and Society (CIS) looked back at the cleansing of Haren Pandya, the senior Bharatiya Janata Party (BJP) leader in Gujarat. Mr Pandya was using the SIM card of a friend, and it was by tracking the SIM, and through it his location, that the Gujarat government got to know that Mr Pandya had deposed before a commission and indicted the administration for its role in the riots. Eventually, he was found murdered outside a parking lot in Ahmedabad. The Gujarat Police had accessed call inside information of 90,000 phones.It is also not clear whether digging this kind of data has been effective for the national security purposes, which provide the reason for doing it in the first place. Saikat Datta, resident editor of day-after-day News and Analysis, and an expert on Indias intelligence apparatus, said a nucleus problem was the absence of any auditing and over sight. There needs to be a constant review of the number of calls, emails under surveillance, with questions about whether it is yielding results. notwithstanding this does not happen, probably because a majority is not for counter-terrorism. There would be trouble if you build accountability mechanisms. When he sought information under RTI around precisely such issues, he was denied information on the cubic yard that it would strengthen e nemies of the state.Anja Kovacs, who works with the Internet Democracy Project, said this form of mass surveillance criminalised everybody since it was based on the confidence that each citizen was a potential criminal. She also pointed out that having more information did not necessarily mean it was easier to address security threats there was intelligence antecedent the Mumbai attacks, but it was not acted upon. She added, Most incidents have been resolved by traditional intelligence. investing in agencies, training them better could be more effective.Bring in the caveats some argue that the state is not empower to exercise surveillance at all. In fact, a social contract underpins democratic states. Citizens agree to subject some of their rights to restrictions, and vest the state with the monopoly over instruments and use of violence. In turn, the state acting within a set of legal tenets being responsible to citizens and renewing its popular legitimacy through different measures, including elections provides order and performs a range of developmental functions.This framework, citizens and civil liberty groups worry, is under threat with governments appropriating and usurping authority to conduct precious surveillance. Citizen groups, technology and privacy experts came together globally to draft the International Principles on the industry of Human Rights to Communication Surveillance.It prescribed that any restriction to privacy through surveillance must be legal it must be for a legitimate aim it must be strictly and incontrovertibly necessary it must be preceded by showing to an established authority that other less invasive investigative techniques have been used it must follow due process decisions must be interpreted by a competent judicial authority there must be public oversight mechanisms and integrity of communications and systems should be maintained. (Full text available on www.necessaryandproportionate.org)Mr Prakash of CIS, which has done extensive work on surveillance and privacy issues, said, An additional principle must be collection confinement or data minimisation. Giving the causa of Indian Railways seeking the date of put up from a customer booking a ticket, Mr Prakash said this was not information which was necessary. But it could be used by hackers and many other agencies to access an individuals private transactions in other areas. The UPA government is finalising a privacy Bill, but its final version is not yet public, and it is not clear how far the government would go in protecting citizen rights.National cyber security policy 2013National Cyber Security polity 2013This policy aims at facilitating cornerstone of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space. The National Cyber Security Policy document outlines a road-map to create a framework for comprehensive, cooperat ive and collective response to deal with the issue of cyber security at all levels within the country. The policy recognises the need for objectives and strategies that need to be adopted both at the national level as well as international level. The objectives and strategies defined in the National Cyber Security Policy together serve as a means toi. Articulate our concerns, understanding, priorities for action as well as directed efforts. ii. Provide confidence and reasonable assurance to all stakeholders in the country (Government, business, industry and general public) and global community, about the safety, resiliency and security of cyber space. iii. Adopt a suitable behave that can signal our resolve to make determined efforts to effectively monitor, deter & deal with cyber crime and cyber attacks.Salient features of the policyThe Policy outlines the roadmap for humankind of a framework for comprehensive, collaborative and collective responsibility to deal with cyber securi ty issues of the country. The policy has ambitious plans for rapid social transformation and inclusive growth and Indias prominent role in the IT global market. The policy lays out 14 objectives which include creation of a 5,00,000-strong professional, skilled custody over the next five years through capacity building, skill development and training. The policy plans to create national and sectoral level 247 mechanisms forobtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective, predictive, preventive, proactive response and recovery actions. The policy will also establish a mechanism for sharing information as well as commiting and responding to cyber security incidents and for cooperation in riposte efforts. The policy identifies eight different strategies for creating a secure cyber eco-system including the need for creating an assurance framework apart from encouraging open sta ndards to facilitate inter-operability and data exchange amongst different products or services. There is in place a plan to operate and strengthen the national Computer Emergency Response Team (CERT-In) to operate 247 and to act as a nodal agency for all efforts for cyber security, emergency response and crisis management, as an umbrella agency over CERTs. It is expected that he policy will cater to the cyber security requirements of government and non-government entities at the national and international levels. The policy will help in safeguarding the critical infrastructure like Air Defence system, nuclear plants, banking system, power infrastructure, telecom system and many more to secure countrys economic stability.National Nodal AgencyThe National Cyber Security Policy, in order to create a secure cyber ecosystem, has planned to set-up a National Nodal Agency. The nodal agency will be coordinating all matters related to cyber security in the country. The nodal agency has a w ide mandate as it will cover and coordinate security for all strategic, military, government and business assets. This is distinctive, since, so far, national security regimes have been dissever among the Ministry of Defence (for securing Indias borders) and the Ministry of Home personal business (for national and internal security across States).Public-private confederation to protect national assets some other defining aspect of the policy is the level at which it envisages public-private partnership to protect national assets. There is a clear fruition in the policy that, apart from Indias IT, technology and telecommunications services, large parts of financial & banking services,airline & transportation services, energy and healthcare assets are not only possess by the private sector but, in fact, remain vulnerable to cyber-attacks, both from state and non-state actors.Protection centreA crucial aspect of the policy is building resiliency around the Critical Information I nfrastructure (CII) by operationalising a 247 Nation Critical Information Infrastructure Protection Centre (NCIIPC). The Critical Information Infrastructure will comprise all interconnected and interdependent networks, across government and private sector. The NCIIPC will mandate a security audit of CII apart from the certification of all security roles of chief security officers and others involved in operationalising the CII.OperationalisationThe policy will be operationalised by way of guidelines and Plans of Action, notified at national, sectoral, and other levels. While there is a recognition of the importance of bilateral and joint relationships, the policy does not clearly identify Indias position vis--vis the capital of Hungary Convention even though government delegations have attended meetings in London and Budapest on related issues in 2012.Why does India need a cyber security policy?Cyber security is critical for economic security and any failure to ensure cyber securit y will lead to economic destabilisation. India already has 800 million active mobile subscribers and clx million other Internet users of which roughly half are on social media. India targets 600 million broadband connections and 100% teledensity by 2020. Internet traffic in India will grow nine-fold by 2015 topping out at 13.2 exabytes in 2015, up from 1.6 exabytes in 2010. The ICT sector has grown at an one-year compounded rate of 33% over the last decade and the contribution of IT and ITES industry to GDP increased from 5.2% in 2006-7 to 6.4% in 2010-11, according to an IDSA task force report of 2012. Given the fact that a nations cyber ecosystem is constantly under attack from state and non-stateactors both. It becomes extremely critical for India to come up a coherent cyber security policy. One of the key objectives for the government is also to secure e-governance services where it is already implementing several nationwide plans including the e-Bharat project, a World Bank-f unded project of Rs. 700 crore.CriticismThe release of the National Cyber Security Policy 2013 is an important step towards securing the cyber space of our country. However, there are certain areas which need further deliberations for its actual implementation. The provisions to take care security risks emanating due to use of new technologies e.g. Cloud Computing, has not been addressed. some other area which is left untouched by this policy is tackling the risks arising due to increased use of social networking sites by criminals and anti-national elements. There is also a need to incorporate cyber crime tracking, cyber forensic capacity building and creation of a platform for sharing and digest of information between public and private sectors on continuous basis.Creating a men of 500,000 professionals needs further deliberations as to whether this workforce will be trained to simply monitor the cyberspace or trained to acquire offensive as well as defensive cyber security sk ill sets. Indigenous development of cyber security solutions as enumerated in the policy is laudable but these solutions may not completely feed over the supply chain risks and would also require building testing infrastructure and facilities of global standards for evaluation.Indian Armed forces are in the process of establishing a cyber postulate as a part of alter the cyber security of defence network and installations. macrocosm of cyber command will entail a parallel hierarchical structure and being one of the most important stakeholders, it will be prudent to address the legal power issues right at the beginning of policy implementation. The global debate on national security versus right to privacy and civil liberties is going on for long. Although, one of the objectives of this policy aims at safeguarding privacy of citizen datahowever, no specific strategy has been outlined to give this objective.The key to success of this policy lies in its effective implementation. T he much talked about public-private partnership in this policy, if implemented in lawful spirit, will go a long way in creating solutions to the ever-changing threat landscape.Central monitor System (CMS) project JustifiedIndian governments own Central Monitoring System (CMS) project. roughly 160 million users are already being subjected to wide-ranging surveillance and monitoring, much of which is in violation of the governments own rules and notifications for ensuring privacy of communications. While the CMS is in early stages of launch, investigation shows that there already exists without much public knowledge Lawful Intercept and Monitoring (LIM) systems, which have been deployed by the Centre for Development of Telematics (C-DoT) for monitoring Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users. While mobile operators deploy their own LIM system, allowing interception of calls by the government, only after checking due warrant i n compliance with Section 5(2) of the Indian Telegraph Act read with reign over 419(A) of the IT Rules In the case of the Internet traffic, the LIM is deployed by the government at the international gateways of a handful of large ISPs. The functioning of these close-fitting surveillance systems is out of reach of these ISPs, under lock and key and complete control of the government.