Ground Report

India is very good at contemplating concepts but equally bad at implementing the same. The latest to add to this trend is the decision to constitute a cyber command for armed forces of India. India has also in the past released the cyber security policy but experts doubt about its effectiveness as it failed on many counts including privacy protection. This is so because India needs a techno legal cyber security framework that is presently missing. Meanwhile, sophisticated cyber attacks against India are rising.

India has never been serious about cyber law and cyber security. The essential techno legal capacity to ensure effective cyber security in India is missing till now. Even the common sense approach towards cyber security has been ignored by Indian for long. A situation has arrived where cyber security of India cannot be ignored any more and cyber security of India must be strengthened immediately. Inadequate cyber security in India has become a national security hazard.

The proposal to establish a cyber command for armed forces is a good step in the right direction as Indian cyber security is lagging far behind as compared to other countries. India is still struggling to deal with issues like cyber warfare, cyber espionage and cyber terrorism, etc. The critical infrastructure protection in India and its problems, challenges and solutions (Pdf) are still to be managed by Indian government. In a good step in this direction, the NTRO would protect the Critical ICT Infrastructures of India.

According to techno legal cyber security experts like Praveen Dalal, a dedicated cyber Warfare Policy of India (Pdf) must be formulated as soon as possible. The present effort of Indian Government seems to be a step towards that objective, opines Dalal.

However, the main thing is the “Implementation” of various Policies formulated from time to time. Till now Indian Government has not been able to implement the objectives of the National Cyber Security Policy of India 2013 (NCSP 2013). Further, India Government has also failed to integrate the NCSP 2013 with the National Security Policy of India, informs Dalal.

Another major failure of Indian government in this regard is the failure to enact a legislation mandating strict cyber security disclosure norms in India. Although proposed almost a year ago, the disclosure norms for cyber security breaches in India are still not implemented. This would prevent actual and effective implementation of cyber security norms in India. This would also affect the cyber security legal practice in India.

It is high time for Indian government to move beyond simple policies formulations to their actual implementation. Without implementation everything is just a dream.