INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)

NCSP

NATIONAL CYBER SECURITY POLICY - 2013

SANTOSH KAHDASRE

NCSP

SANTOSH KHADSARE 2

PREAMBLE

“..This policy, therefore, aims to create a cyber security

framework, which leads to specific actions and

programmes to enhance the security posture of country's

cyberspace…”

NCSP

SANTOSH KHADSARE 3

Complex environment of integrations between people, software and services

Common pool used by citizens, businesses , critical information infrastructure ,military and groups

Vulnerable to a wide range of incidents, whether intentional or accidental, manmade or natural, and the info can be exploited by both nation states and non state actors

CYBERSPACE IS…..

NCSP

SANTOSH KHADSARE 4

Caters to the whole spectrum of ICT users and providers and is an evolving process

IT SERVES AS AN UMBRELLA FRAMEWORK FOR DEFINING AND GUIDING THE ACTIONS RELATED TO SECURITY OF CYBER SPACE

It also enables the individual sectors and org in designing appropriate cyber security polices to suit their needs

CYBER SECURITY POLICY

NCSP

SANTOSH KHADSARE 5

TO BUILD A SECURE AND RESILIENT CYBERSPACE FOR CITIZENS, BUSINESSES AND GOVERNMENT

VISION

NCSP

SANTOSH KHADSARE 6

MISSION

Protect info and info infrastructure

Build capabilities to prevent and respond to cyber threats

Reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, tech and cooperation

NCSP

SANTOSH KHADSARE 7

OBJECTIVES

Create a secure cyber ecosystem

Create an assurance framework

Strengthen the regulatory framework

Enhance and create national and sectorial level 24x7 mechanisms for info gathering

Enhance protection and resilience of CII by operating 24x7 NCIIPC

Develop indigenous security technologies

NCSP

SANTOSH KHADSARE 8

OBJECTIVESEst infrastructure for testing & validation of security of such products

Create workforce of 500,000 professionals in next five years

Fiscal benefits to businesses for adoption of std security practices and processes

Enable effective prevention , investigation and prosecution of cyber crime

Create culture of cyber security

Develop public pvt partnerships and enhance global cooperation

NCSP

SANTOSH KHADSARE 9

Designate a national nodal agency to coordinate matters(cyber security) with clearly defined roles and responsibilities

designate CISO in every org who will be responsible for cyber security efforts and initiatives

Org to devp info security policies and implement them as per international best practices

Org to earmark a specific budget for cyber security

STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM

NCSP

SANTOSH KHADSARE 10

Provide fiscal schemes and initiatives to encourage entities to install and upgrade info infrastructure fro cyber security

Prevent occurrence and recurrence of cyber incidents (proactive actions)

Est mechanism for sharing info

Procurement of trustworthy indigenously manufactured ICT products

STRATEGIES : CREATING A SECURE CYBER ECO SYSTEM

NCSP

SANTOSH KHADSARE 11

Promote adoption of global best practices in info security and compliance.

Create infrastructure for conformity assessment and certification of compliance to cyber security best practices, std and guidelines (e.g ISO 27001 ISMS certification).

Enable implementation of global security best practices for risk management.

Identify and classify info infrastructure facilities and assets.

STRATEGIES : CREATING A ASSURANCE FRAMEWORK

NCSP

SANTOSH KHADSARE 12

Encourage secure appln/software devp processes.

Create conformity assessment framework for periodic verification of compliance to best practices, std and guidelines on cyber security.

Encourage all entities tom periodically test and evaluate the adequacy and effectiveness of tech and op security measures implemented in IT sys and networks .

STRATEGIES : CREATING A ASSURANCE FRAMEWORK

NCSP

SANTOSH KHADSARE 13

Encourage use of open standards to facilitate interoperability and data exchange among different products and services.

Promote a consortium of Govt and private sector to enhance availability of tested and certified IT products on open standards.

STRATEGIES : ENCOURAGING OPEN STANDARDS

NCSP

SANTOSH KHADSARE 14

Devp dynamic and legal framework and its periodic review to address Cyber security challenges.

To mandate periodic audit and evaluation.

To enable, educate and facilitate awareness of the regulatory framework.

STRATEGIES : STRENGTHENING THE REGULATORY FRAMEWORK

NCSP

SANTOSH KHADSARE 15

To create National lvl sys , processes, structures and mechanisms to generate situational scenario of existing and potential threats and enable timely info sharing for proactive, preventive and protective actions.

To operate 24x7 CERT-in to function as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis mgt (Umbrella org).

STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE

NCSP

SANTOSH KHADSARE 16

Operationalise 24x7 sectorial CERTs.

Implement Crisis Mgt plan for dealing with incidents impacting critical national processes or endangering public safety and security of the nation.

To conduct and facilitate regular cyber security drills and exercises at National, sectorial and entity levels.

STRATEGIES : CREATING MECHANISMS FOR EARLY WARNING , VULNERABILITY MGT & RESPONSE

NCSP

SANTOSH KHADSARE 17

To mandate implementation of global security best practices, business continuity mgt and cyber crisis mgt plan for all e-Governance initiatives .

To encourage wider usage of PKI within Govt. for trusted communication and transactions.

To engage info security professionals / org to assist .

STRATEGIES : SECURING E-GOVERNANCE SERVICES

NCSP

SANTOSH KHADSARE 18

To devp plan for protection of CII.

To operate 24x7 National Critical Information Infrastructure Protection Centre(NCIIPC) to function as Nodal agency for CII protection.

To facilitate identification, prioritisation, assessment, remediation and protection of CII and key recourses.

To encourage and mandate as appropriate, the use of validated and certified IT products.

STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE

NCSP

SANTOSH KHADSARE 19

To mandate security audit of CII on periodic basis.

To mandate certification of all security roles right from CISO /CSO to those involved in operation of CII.

To mandate secure appl /software devp process.

STRATEGIES : PROTECTION AND RESILIENCE OF CRITICAL INFO INFRASTRUCTURE

NCSP

SANTOSH KHADSARE 20

To undertake R&D programs aimed at short term, medium term and long term goals.

To encourage R&D to produce cost effective, tailor-made and indigenous security solutions .

To facilitate transition, diffusion. And commercialisation of outputs of R&D into commercial products and services for use in public and private sectors.

STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY

NCSP

SANTOSH KHADSARE 21

To set up Centre of Excellence in areas of strategic importance for the point of security of cyber space .

To collaborate in joint R&D projects with industry and academia in frontline technologies and solution oriented research.

STRATEGIES : PROMOTION OF R&D IN CYBER SECURITY

NCSP

SANTOSH KHADSARE 22

To create and maintain testing infrastructure and facilities of IT security product evaluation and compliance verification.

To build trust relationships with product / system vendors and service providers for improving end-to-end supply chain security visibility.

To create awareness of the threats, vulnerabilities and consequences of breach of security related to IT procurement.

STRATEGIES : REDUCIN SUPPLY CHAIN RISKS

NCSP

SANTOSH KHADSARE 23

To foster education and trg programs both in formal and informal sectors to support the nation’s cyber security needs and build capacity.

To est cyber security trg infrastructure across the country by way of public private partnership arrangements.

To est cyber security concept labs for awareness and skill devp in key areas.

To est institutional mechanisms for capacity building for Law Enforcement Agencies.

STRATEGIES : HRD

NCSP

SANTOSH KHADSARE 24

To promote and launch a comprehensive national awareness program on security of cyber space.

To sustain security literacy awareness and publicity campaign through electronic media.

To conduct, support and enable cyber security workshops / seminars and certifications.

STRATEGIES : CREATING CYBER SECURITY AWARENESS

NCSP

SANTOSH KHADSARE 25

To facilitate collaboration and cooperation among stakeholder entities.

To create models of collaborations and engagement with all relevant stakeholders.

To create a think tank for cyber security inputs, discussion and deliberations.

STRATEGIES : DEVP EFFECTIVE PUBLIC PVT PARTNERSHIPS

NCSP

SANTOSH KHADSARE 26

INFO SHARING AND COOPERATION (among security agencies, CERTs, defence agencies, Law enforcement agencies and judicail systems).

PRIORTIZED APPROACH FOR IMPLEMENTATION.

OTHER STRATEGIES

NCSP

SANTOSH KHADSARE 27

THANK YOU