India may soon have a single authority or agency responsible for the entire spectrum of defensive cyber operations in the country. The move comes even as India faces renewed threat of cyber attacks and cyber terrorism . For instance, the breach in a part of a network of India’s largest civil nuclear facility, the Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu, in September. The attack did not compromise critical systems, but gained access to the plant’s administrative network.
The government’s plan is to rearrange and reorganize over a dozen agencies engaged in protecting India’s cyber infrastructure. Currently, these agencies have their individual control and reporting systems. The idea is to restructure these to ensure better coordination and functioning. The Ministry of Electronics and Information Technology, the Ministry of Home Affairs, the Ministry of Defence, the National Security Council Secretariat (NSC), and the National Technical Research Organization (NTRO), and several other departments and agencies have their own cyber units that look at various aspects of cybersecurity.
Then there are specialised units including the Computer Emergency Response Team, India (CERT.IN), National Critical Information Infrastructure, and the National Cyber Coordination Centre. More are being added by the day. For instance, MHA recently launched CyCord (Cyber Cooperation Centre) under the Intelligence Bureau (IB). CyCord is a platform of several agencies and government departments. It plays a defensive role in the cyber world, and focused on hacking and online investigations . The ministry already had the National Cybercrime Threat Analytics Unit (TAU), the Platform for Joint Cybercrime Investigation Team, the National Cybercrime Forensic Laboratory and the Cybercrime Ecosystem Management Unit.
National Cyber Security Coordinator, Lieutenant General Rajesh Pant has now been given the job of working out a structure that brings together the capabilities of all these units and agencies. “The primary task of the National Cyber Security Policy 2020 will be to bring in cohesion,” an official said. He added that “there have been several rounds of discussions at the National Security Council Secretariat (NSCS) on the issue and a broad framework has already been worked out.”
The last National Cyber Security Policy was released in 2013. The new policy – National Cyber Security Policy 2020 – will emphasize cybersecurity awareness and hygiene. It is likely to suggest a cybersecurity course for schools and colleges curriculum. The reorganisation will need the assent of the Union Cabinet before being implemented.