Authorities are putting the finishing touches to the Cyber Security Policy, 2020, which will have a provision for a centralised repository for detecting, reporting and analysing malware in India, and for devising countermeasures, according to officials aware of the matter.
The policy seeks to create “safe, secure, trusted, resilient and vibrant” cyberspace for India’s “economic progress,” said one of the officials concerned.
“Reliance on the internet has increased and [also] threats have emerged,” the official said. He added that the new policy will focus on issues such as mandatory courses in schools and colleges on “cyber hygiene”, which relate to online security, and indigenization, especially of anti-virus programmes. “Anti-virus programmes pick up data from systems, which are subsequently deposited in servers abroad,” said another official.
Malware, or malicious software, can be used for stealing, encrypting or deleting sensitive data as well as for hijacking computing functions. The Nuclear Power Corporation of India Ltd.., which runs nuclear reactors across the country, in October said it had identified malware in one of its computers in September but its systems were unaffected. Facebook-owned messaging platform WhatsApp in October sued Israeli surveillance firm NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users including in India through a malware. The targets of the hacking included dissidents and journalists.
The officials cited above said the new policy will be circulated among ministries before it is placed before the Union cabinet for its clearance. The new policy is likely to come up before the Cabinet in a couple of weeks. A cyber security policy adopted earlier in 2013 was aimed at creating safe and secure cyberspace. The officials said the new policy will concentrate on interagency and interministerial coordination to improve the cybersecurity infrastructure. The Union home ministry will be the nodal agency in dealing with cybercrime and issues such as cyber forensics, innovation, and research. The electronics and information technology ministry will continue to be responsible for the responses to threats and mitigation. Unlike the previous policy, the new one will lay special stress on cybersecurity awareness among young adults, the officials said.