Multiple cyber agencies working under several ministries are likely to be folded under a “single authority or agency responsible” for the entire spectrum of defensive cyber operations in the country.
Recently, Kudankolam Nuclear power plant was victim to vicious cyberattack, so were officials at the critical Indian Space Research Organization (ISRO). In both cases systems were comprised, but critical systems which are air-gapped – where are networks are physically isolated from the internet – were spared. The response to the cyber-attacks, most likely from North Korean hackers- was “quick,” however, it was not without “confusion” senior officials confirmed to IDD. In particular, the “lack of coordination” between the many agencies led to the working at “cross-purposes”, the official said.
The Hindustan Times says currently, agencies have their individual control and reporting systems. The idea is to restructure these to ensure better coordination and functioning, the official added. The Ministry of Electronics and Information Technology, the Ministry of Home Affairs, the Ministry of Defence, the National Security Council Secretariat (NSC), and the National Technical Research Organization (NTRO), and several other departments and agencies have their own cyber units that look at various aspect of cybersecurity.
Then there are specialised units including the Computer Emergency Response Team, India (CERT.IN), National Critical Information Infrastructure, and the National Cyber Coordinator Centre.
More are being added by the day. For instance, MHA recently launched CyCord (Cyber Cooperation Centre) under the Intelligence Bureau (IB). CyCord is a platform of several agencies and government departments. It plays a defensive role in the cyber world, and focused on hacking and online investigations . The ministry already had the National Cybercrime Threat Analytics Unit (TAU), the Platform for Joint Cybercrime Investigation Team, the National Cybercrime Forensic Laboratory and the Cybercrime Ecosystem Management Unit.
National Cyber Security Coordinator, Lieutenant General Rajesh Panth has now been given the job of working out a structure that brings together the capabilities of all these units and agencies. “The primary task of the National Cyber Security Policy 2020 will be to bring in cohesion,” the official cited in the first instance said. He added that “there have been several rounds of discussions at the National Security Council Secretariat (NSCS) on the issue and a broad framework has already been worked out.”
Importantly, India had hoped to train a minimum of five hundred thousand cyber personal for defensive operations in the last five years. It has woefully fallen short of the target, a second senior official told IDD. “With growing net penetration, cyber attacks and crime is increasing, India desperately needs more professionals,” he said and added “the new cyber security policy will have to address this.”
The last National Cyber Security Policy was released in 2013. The new policy – National Cyber Security Policy 2020 – will emphasize cybersecurity awareness and hygiene. The new policy is also likely to suggest a “cybersecurity course” for schools and colleges curriculum.
The reorganisation will need the assent of the Union Cabinet before being implemented.
The re-organization, however, is easier said than done. Typically, in India the ministry that implements law – Information and Technology Act must be made the led agency. But handing over cyber defensive operations to the Ministry of Electronics and Information Technology Act will hardly help matters. “Globally the trend is to have overarching agencies for better and command and control. It is time we also have a similar structure. India’s capabilities in the cyber world have expanded and there are a large number of agencies but sharing real-time information is always not enough. Cyber defence capabilities is a critical strategic requirement. I think this a very positive move,” Aruna Sudarajan, former Secretary Telecom was quoted by Hindustan Times as saying when asked.
Across the world, the command control of defence cyber operations has been put under a well-defined single command and control. For instance, the Government Communications Headquarters (GCHQ) of the United Kingdom is responsible for all things related to protecting cyberinfrastructure. Similarly, the Cyber Security Agency of Singapore reports to the Prime Minister and is responsible for the complete spectrum of defensive cyber operations. The National Security Agency of the US has the complete command and control.