National Cyber Security Policy 2013

Last updated

National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology (DeitY) [1] It aims at protecting the public and private infrastructure from cyber attacks. [2] The policy also intends to safeguard "information, such as personal information (of web users), financial and banking information and sovereign data". This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. Ministry of Communications and Information Technology (India) defines Cyberspace as a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology. [2] [3] [4]

Contents

Reason for Cyber Security policies

India had no Cyber security policy before 2013. In 2013, The Hindu newspaper, citing documents leaked by NSA whistle-blower Edward Snowden, has alleged that much of the NSA surveillance was focused on India's domestic politics and its strategic and commercial interests. [5] This sparked a furore among people. Under pressure, the government unveiled a National Cyber Security Policy 2013 on 2 July 2013.

Vision

To build a secure and resilient cyberspace for citizens, business, and government and also to protect anyone from intervening in user's privacy.It mentioned a five year target of training five lakh cyber security personnel by 2018.

Mission

To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation.

Objective

Ministry of Communications and Information Technology (India) define objectives as follows:

-To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.

Strategies

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">IT security standards</span> Technology standards and techniques

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.

Proactive cyber defence means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defence can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence. Common methods include cyber deception, attribution, threat hunting and adversarial pursuit. The mission of the pre-emptive and proactive operations is to conduct aggressive interception and disruption activities against an adversary using: psychological operations, managed information dissemination, precision targeting, information warfare operations, computer network exploitation, and other active threat reduction measures. The proactive defense strategy is meant to improve information collection by stimulating reactions of the threat agents and to provide strike options as well as to enhance operational preparation of the real or virtual battlespace. Proactive cyber defence can be a measure for detecting and obtaining information before a cyber attack, or it can also be impending cyber operation and be determining the origin of an operation that involves launching a pre-emptive, preventive, or cyber counter-operation.

<span class="mw-page-title-main">United States Cyber Command</span> Unified combatant command of the United States Armed Forces responsible for cyber operations

United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.

The Communications Authority of Kenya (CA) is the regulatory authority for the ICT industry in Kenya with responsibilities in telecommunications, e-commerce, broadcasting and postal/courier services. The CA is also responsible for managing the country's numbering and frequency spectrum resources, administering the Universal Service Fund (USF) as well as safeguarding the interests of users of ICT services.

<span class="mw-page-title-main">Command, Control and Interoperability Division</span>

The Command, Control and Interoperability Division is a bureau of the United States Department of Homeland Security's Science and Technology Directorate, run by Dr. David Boyd. This division is responsible for creating informative resources(including standards, frameworks, tools, and technologies) that strengthen communications interoperability, improve Internet security, and integrity and accelerate the development of automated capabilities to help identify potential threats to the U.S.

Digital supply chain security refers to efforts to enhance cyber security within the supply chain. It is a subset of supply chain security and is focused on the management of cyber security requirements for information technology systems, software and networks, which are driven by threats such as cyber-terrorism, malware, data theft and the advanced persistent threat (APT). Typical supply chain cyber security activities for minimizing risks include buying only from trusted vendors, disconnecting critical machines from outside networks, and educating users on the threats and protective measures they can take.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a US government initiative announced in April 2011 to improve the privacy, security and convenience of sensitive online transactions through collaborative efforts with the private sector, advocacy groups, government agencies, and other organizations.

The 2011 U.S. Department of Defense Strategy for Operating in Cyberspace is a formal assessment of the challenges and opportunities inherent in increasing reliance on cyberspace for military, intelligence, and business operations. Although the complete document is classified and 40 pages long, this 19 page summary was released in July 2011 and explores the strategic context of cyberspace before describing five “strategic initiatives” to set a strategic approach for DoDʼs cyber mission.

<span class="mw-page-title-main">DHS Cyber Security Division</span>

The Cyber Security Division (CSD) is a division of the Science and Technology Directorate (S&T Directorate) of the United States Department of Homeland Security (DHS). Within the Homeland Security Advanced Research Projects Agency, CSD develops technologies to enhance the security and resilience of the United States' critical information infrastructure from acts of terrorism. S&T supports DHS component operational and critical infrastructure protections, including the finance, energy, and public utility sectors, as well as the first responder community.

<span class="mw-page-title-main">National Cybersecurity and Critical Infrastructure Protection Act of 2013</span>

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

<span class="mw-page-title-main">Gabi Siboni</span>

Gabriel "Gabi" Siboni is a colonel in the Israel Defense Forces Reserve service, and a senior research fellow and the director of the Military and Strategic Affairs and Cyber Security programs at the Institute for National Security Studies. Additionally, he serves as editor of the tri-yearly published, Military and Strategic Affairs academic journal at INSS. Siboni is a senior expert on national security, military strategy and operations, military technology, cyber warfare, and force buildup. Siboni is as a professor at the Francisco de Vitoria University in Madrid.

The Ministry of Communications and Information Technology (QATAR) (MCIT) is a Qatari ministry that was established within the new cabinet formation announced in June 2013 to be an extension of the Supreme Council of Information and Communication Technology that was established under Emiri Decree Law no. 36 of 2004.

The London Process is a series of multistakeholder meetings held biennially since 2011 under the name Global Conference on Cyberspace or GCCS. In each GCCS meeting, governments, the private sector and civil society gather to discuss and promote practical cooperation in cyberspace, to enhance cyber capacity building, and to discuss norms for responsible behavior in cyberspace. The London Process was proposed by British Foreign Secretary William Hague at the 2011 Munich Security Conference.

The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

References

  1. "National Cyber Security Policy-2013". Department Of Electronics & Information Technology, Government Of India. 1 July 2013. Retrieved 21 November 2014.
  2. 1 2 "Amid spying saga, India unveils cyber security policy". The Times of India . INDIA. 3 July 2013. Archived from the original on 7 July 2013. Retrieved 24 September 2013.
  3. "National Cyber Security Policy 2013: An Assessment". Institute for Defence Studies and Analyses. 26 August 2013. Retrieved 24 September 2013.
  4. "For a unified cyber and telecom security policy". The Economic Times. 24 September 2013. Retrieved 24 September 2013.
  5. Editorial (9 July 2013). "Protect, don't snoop". The Hindu. ISSN   0971-751X . Retrieved 2 January 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.