After years of indifference and negate, the cyber security policy of India has been finally released by Indian government. However, techno legal experts and institutions have been claiming that the proposed policy is not only too late but it needs further workout.
There are numerous techno legal cyber security issues that are still missing from the proposed policy. Further, formulation of policy is one thing and its actual implementation in real life situation is an altogether different situation.
In India there are very few cyber security institutions that have the capability to effectuate the ambitious cyber security policy of India. For instance, Perry4Law and PTLB are managing the exclusive techno legal cyber security research and development centre of India. Such centres must be integral part of India’s cyber security initiatives as they have the capabilities to successfully implement the same.
India needs both offensive and defensive cyber security capabilities. The mindset of equating cyber security with standard anti virus and firewall has to be abdicated as soon as possible. The cyber security infrastructure of India must be established in true sense keeping in mind the sophisticated cyber attacks that are originating from nations well equipped to launch cyber warfare.
Similarly, the critical infrastructure protection in India must also be ensured. Issues like cyber warfare, cyber terrorism, cyber espionageetc may also be taken care of. India has been investigating some high profile cyber attacks and cyber crimes. These include investigation of Duqu malware, international ATM heist case, CBI website defacement case, CUPPS infection case, etc. In the absence of adequate cyber crimes investigation capabilities in India these cases are still unresolved.
Whatever cyber security deficiency may be found in Indian system, the cyber security policy is a good step in right direction. If only Indian government knows how to hire and retain talented techno legal experts and institutions, the cyber security policy may be actually implemented as well.