Indian Cybersecurity Policy: COVID Impacts & Fault Lines within the Cyberspace
The Indian cybersecurity policy was established back in 2013, when the public and private infrastructure became victims of cyberattacks in India. The aim has been to create a secure cyber ecosystem in the country, enhance and strengthen the IT system and transactions in cyberspace and adoption in all sectors. But the question is how successful it has been in securing the Indian cyberspace amid the recent COVID-19 pandemic.
The security experts said lockdown-imposed amid the pandemic brought a 500 percent rise in the number of cyberattacks and security breaches. The phishing attacks have consequently risen. Clearly, India today needs an appropriate cybersecurity policy more than ever!
So, let’s go back to understanding the Indian cybersecurity policy of 2013 and why it was implemented in the first place.
The National Security Agency (NSA) leaks that stated that the US government agencies were spying on the Indian users heightened the need for robust cybersecurity policies. The cyberspace, defined as an environment consisting of interactions between people, software and technologies worldwide, gradually became the most vulnerable sector. It even raised constant security threats.
Hence, the Indian cybersecurity policy was introduced to protect information and information structures, prevent and respond to cyber threats and build a secure and resilient cyberspace for citizens, businesses and the government.
But, the policy created to secure the cyber ecosystem had shortcomings, too. The established mechanism to respond to threats exposed the fault lines within the cybersecurity ecosystem. At some point, lack of awareness on the subject became the cause behind the growing cyberattacks.
Moreover, lack of communication between the governments and private entities was another major shortcoming. It led to data breaches. All these weaknesses in the cybersecurity policy were widely noticed amid the COVID pandemic.
The Indian Data Security Council also reported a rise in fraudulent attacks amid the increase in the number of financial transactions. A similar rise of fraudulent behaviour was seen in the healthcare and education sector, too. BigBasket data breach, Pharma companies’ Dr Reddy’s Laboratories and Lupin, delivery startup Dunzo, remained some of the Indian companies that were hit by cyberattacks this year.
In response, the CERT-In successfully conducted ‘Black Swan – Cyber Security Breach Tabletop Exercise’, to deal with cyber crisis and incidents. Further, Indian cyber firms, Symantec India, AVG India, Netrika Consulting & Investigation, Alten Calsoft Labs, CyberOps Infosec have also ramped up efforts in providing cybersecurity to operational multi-national companies.
In addition, India has also come up with a new cybersecurity policy this year, for safe and secure cyberspace. Hopefully, the new policy would include greater engagement between the information security and government. It would also result in cyber security innovation.