New cyber security policy next month; to focus on ID theft, fraud

India’s new cyber security policy — which is likely to redefine various aspects of identity theft and financial fraud, and ways to prevent them — is in the final stages of deliberations and all set to be launched next month, senior government officials said. The new policy has been in the works for more than a year, and will be a “revised and improved” version of the policy of 2013, officials said.

“The 2013 rules were more along the lines of guidelines rather than a policy. It just defines the various challenges that were before us then, rather than definitive dos and don’ts or what is a crime and what is not. The new policy will make all those aspects clear,” a government official said. The National Cyber Security Coordinator’s office, the nodal authority, has received feedback from experts and Ministries, and is now in the process of giving the policy a “final shape” with the Ministry of Electronics and Information Technology.

“One of the problems that has been brought up several times during meetings over the past few months in the rise in identity theft and financial fraud. We have to have strong checks and balances in the area so that innovation is not threatened and at the same time the user is also not taken for a ride,” a senior official, who had attended these meetings, said. On August 15, Prime Minister Narendra Modi had announced that the new policy would be launched soon.

Over the past few months, the Centre has asked telecom companies to undertake an ‘information security audit’ to check for any vulnerabilities in their network systems, apart from banning many Chinese apps citing security concerns.

On September 16, the central government set up an “expert committee” under the National Cyber Security Coordinator to study revelations, as reported by The Indian Express, that a Shenzhen-based technology company with links to the Chinese government, and the Chinese Communist Party, is monitoring more than 10,000 Indian individuals and organisations in its global database of “foreign targets. The Broadcast Engineering Consultants India Limited (BECIL), a public sector undertaking under the Ministry of Information and Broadcasting, has been tasked with selecting agencies to provide training and skill development in cyber security and forensics to employees at the central and state level over the next three years.