Governance & Risk Management

It's Official: Rai is New Cyber Chief

Experts Offer Advice for India's New Head of Cybersecurity
It's Official: Rai is New Cyber Chief
Dr Gulshan Rai

Dr. Gulshan Rai, former director general of CERT-IN, has finally taken charge as India's first cybersecurity chief at the prime minister's office.

See Also: How Supply Chain Attacks Work — and How to Secure Against Them

Rai was said to have been named to the post in early March, but he declined at that time to confirm the news. Earlier this week, Information Security Media Group reached out directly to Rai, who now confirms his appointment as the chief of India's cybersecurity at the PMO. He is expected to take up all measures to strengthen and preserve India's cybersecurity while laying emphasis on public-private partnership in making the national cybersecurity policy more practical.

"I'm just going to take over the new responsibility," Rai says. "At this point, I'm not in a position to give details about my new role and responsibilities or define any set agenda."

Rai's Agenda

Industry experts welcome the government's decision to appoint Rai. They acknowledge that, given his experience with cybersecurity, e-governance, dealing with the legal framework and being instrumental in creating a draft of the National Cybersecurity Policy of 2013, Rai can contribute significantly in his role.

"Creation of such a position has been desired by the industry and was one of the key recommendations of the NASSCOM-DSCI Report of 2012 - 'Securing Our Cyber Frontiers'," says Dr. Kamlesh Bajaj, CEO at the Data Security Council of India. "This role will be important to drive the PPP initiatives in cybersecurity and enhance collaboration and coordination between government agencies."

Delhi-based Pavan Duggal, Supreme Court advocate and president of Cyberlaws.Net, maintains that this is the first time that this kind of position in cybersecurity has been filled - and it comes at a moment when cybersecurity is no longer just a governmental subject because large chunks of India's critical information infrastructure are in private hands.

"There is a need to identify loopholes in the existing legal framework and fix them at the earliest in order to protect and preserve country's infrastructure," Duggal says.

Great Expectations

Among the top expectations for Rai: initiating a practical national cybersecurity policy not confined only to paper, but implemented in its full capacity. Rai is also expected to promote entrepreneurship through those who can contribute immensely toward development and innovation in the cyber domain.

Mumbai-based Dinesh O Bareja, principal adviser-IS practice at Pyramid Cyber Security and Forensics Pvt. Ltd., expects a more proactive approach. "Information sharing, incident response and critical infrastructure protection are woefully inadequate - in terms of preparedness, readiness and resilience; in some cases, they are not even present," he says. "Dr. Rai should initiate establishing a center of excellence/policy to prepare properly defined sectoral policies, frameworks and standards localized to India's requirements."

Duggal argues that the government must have an agenda with primacy for cybersecurity: it is critical not just for protection and preservation, but also because it becomes absolutely essential for successful implementation and ongoing evolution of Digital India. While there's a need for a fine balance between protection of cybersecurity and enjoyment of civil liberties, including personal and data privacy, capacity building will be the topmost priority, he adds.

Bajaj believes the government's agenda for cybersecurity should include the following:

  • Recognizing cybersecurity as a strategic domain of national security and implementing a robust national cybersecurity framework;
  • Strengthening protection of critical information infrastructure through public-private partnerships;
  • Promoting research and development, innovation, investments and entrepreneurship;
  • Focusing on building capabilities and skills across sectors and domains;
  • Contributing and taking leadership in global forums to protect India's strategic interests.

Immediate Issues

Critical information infrastructure protection in governmental and private sectors is the topmost issue for Rai to address, several experts say.

However, Duggal says, "The priority is to ensure that governmental and confidential information on governmental computer networks and resources are not accessed by unauthorized bodies."

He expects the new body to push for more open consultative approach on cybersecurity and its technical, policy and regulatory issues and pave the way for effective implementation and running of various PPP projects.

Bareja says the immediate issues for Rai are:

  • Creating capacity and capability among law enforcement agencies;
  • Negotiating with international entities for greater cooperation with commercial and law enforcement agencies;
  • Establishing information exchange among the law enforcement agencies in the country;
  • Implementing cybersecurity governance;
  • Bringing about more efficiency in dealing with international espionage by state leaders and MNCs;
  • Updating the education system, from kindergarten to university level, to include cyber-ethics education.
  • Agra-based Rakshit Tandon, cybersecurity adviser to UP Police, says, "It is important to recommend having state-specific cybersecurity and forensic policies, which will help law enforcement groups to deal with cybercrime effectively."

    What Next at CERT-IN?

    With Rai's movement to the PMO, his former post at CERT-IN is vacant, and it's expected to take about two months to fill. In response to an advertisement put up by DeitY on its official website, calling for candidates, sources say that about 20 applications have been received. The ministry of communications is evaluating them. Until then, sources say the senior-most person at CERT-In, in the rank of additional secretary, will be put in charge.

    Meanwhile, the information security industry is curious to understand the progress made on the five-member cybercrime panel, including leading academicians and professionals, that the home ministry had set up, with Rai as one of the panel members.

    About the Author

    Geetha Nandikotkur

    Geetha Nandikotkur

    Vice President - Conferences, Asia, Middle East and Africa, ISMG

    Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

    Around the Network

    Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.