India Insights with Geetha Nandikotkur

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

Building a Cyber-Resilient Nation: Essential Steps

An Effective Collaborative Framework Will Help India Achieve Its Goals
Building a Cyber-Resilient Nation: Essential Steps

The government of India's plan to build a cyber-resilient IT infrastructure to improve cybersecurity and mitigate threats from state-sponsored attacks will succeed only if many hurdles are overcome.

See Also: Not Like Your Typical Ransomware: The True Cost of these Attacks

The collaborative effort, led by the Ministry of Electronics and IT, or MeitY, also involves state governments and union territories, as well as subordinate agencies/public sector units, including public and private sector banks, private companies and technical wings of police and security forces.

MeitY plans to impart training in key security domains and require that all organizations use indigenously developed cybersecurity products.

That's a Herculean task, and some security leaders question whether the ministry can succeed, based on the government's track record.

Bridging the Skills Gap

MeitY is working to build a program to educate CISOs and the broader IT community to address cybersecurity challenges and run residential training programs across major cities.

The educational effort will address a wide range of topics, including DDoS, APTs and other threats; authentication protocols; log management; incident response; and cyber forensics and resilience.

But the effort will not pay off unless it offers truly practical, role-based education focused on developing cybersecurity skills for addressing emerging threats.

MeitY has a goal of creating over 1 million cybersecurity jobs by 2025 and building an estimated $35 billion cybersecurity industry. Those are lofty targets, indeed.

Meanwhile, an initiative by the Data Security Council of India and NASSCOM aimed at building a cybersecurity task force and enhancing research capabilities has yet to bear fruit.

Dinesh Bareja, chief operation officer, Open Security Alliance, says it remains unclear whether the government will provide adequate funding for training or turn to the private sector for support.

In an example of a collaborative approach, the Telangana government is partnering with the private sector in an effort to build skills. Jayesh Ranjan, principal secretary-IT, government of Telangana, also notes that the state is collaborating to create an institutional mechanism to proactively track threats through its cybersecurity center of excellence.

Locally Made Products

Another area the government is increasingly depending on to build a cybersecure nation is emphasizing procuring cybersecurity hardware and software from domestic suppliers for use by government agencies and the private sector.

This is a positive gesture because it means the government would be able to closely monitor the manufacturing process and ensure security by design.

MeitY plans to form a committee with diverse membership to tackle the issue. The panel, headed by MeitY's additional secretary, will include the group coordinator for R&D in electronics at MeitY; the DGs of CERT-In and STQC; the CEO of DSCI; the additional chief secretary to the government of Karnataka's Department of Personnel and Administrative Reforms for e-Governance; and a representative of the Ministry of Defense. MeitY's group coordinator for cybersecurity will serve as convener. The committee will work toward defining and reviewing a framework for evaluation of these domestic products and then approving products to be included in the list of those eligible for deployment across agencies.

But there are only about 30 Indian companies building cybersecurity products. That's why most midsize and large organizations in India, as well as the government, have relied heavily on products from companies based in other nations.

Many indigenous manufacturers argue that they should receive government subsidies to help them build cybersecurity products.

Bareja contends that Indian cybersecurity companies face many hurdles.

"We do not find substantial presence of homegrown cybersecurity products, which start and stay weak because of lack of government support and not having 'big-pocket' marketing and sales budgets or an ecosystem of training/collaterals/technology innovation around the product," he says.

Partner Ecosystem

Clearly, India's effort to improve cybersecurity will require collaboration between the public and private sectors. But is there a model for how that can work?

One good example is the Telangana government's initiative.

Ranjan and his team created a model to rope in cybersecurity companies to be members of the Hyderabad Security Cluster, formed to pool resources for building niche solutions that can be on-boarded as a proof of concept in addressing threat challenges.

It's critical for the government of India to devise ways to enable security practitioners to participate in the task of building a cybersecure nation through an effective, collaborative framework.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.