National Cyber Security Policy 2013, Objectives, Need, Features

Q: What are the main objectives of the National Cyber Security Policy 2013?

To create a secure cyber ecosystem, reduce vulnerabilities, prevent cyber threats, and enhance trust in electronic transactions.

Q: What is the Cyber Security Act 2013?

India does not have a specific Cyber Security Act; the National Cyber Security Policy 2013 serves as the framework for cybersecurity measures.

Q: What is the National Cyber Security Policy of India?

It is a policy framework aimed at protecting information infrastructure, fostering cybersecurity awareness, and building resilience against cyber threats.

Q: What is the purpose of the Cyber Security Policy?

To protect cyberspace infrastructure, ensure data security, and build capabilities to respond to cyber incidents effectively.

Q: What are the objectives of National Security Policy?

To outline security goals addressing military, intelligence, internal security, and external threats comprehensively.

Table of Contents☰

National Cyber Security Policy 2013 is a policy framework by the Ministry of Electronics and Information Technology (MeitY). It aims to protect the public and private infrastructure from cyberattacks, develop defences against and responses to cyberattacks, and minimise losses by coordinating the actions of institutional structures, personnel, procedures, and technology.

The National Cyber Security Policy aims to safeguard information, such as personal information (of internet users), financial and banking information, and sovereign data.

National Cyber Security Policy 2013 Overview

National Cyber Security Policy was established in 2013 to monitor, safeguard, and strengthen cyberattack defences. This policy's goal is to ensure that individuals, organisations, and the government have access to a secure and reliable cyberspace. This Policy seeks to protect cyberspace's information infrastructure, reduce vulnerabilities, develop capabilities for preventing and responding to cyber threats, and mitigate damage from cyber incidents through a combination of institutional structures, processes, technology, and collaboration.

National Cyber Security Policy Vision

The National Cyber Security Policy 2013 envisions a secure and resilient cyberspace for individuals, businesses, and the government, aiming to protect critical infrastructure, reduce cyber risks, and build global trust in India’s IT capabilities.

National Cyber Security Policy Mission

To safeguard information and digital infrastructure, develop the ability to prevent and address cyber threats, reduce vulnerabilities, and limit the impact of cyber incidents through a blend of institutional frameworks, personnel, processes, technology, and collaboration.

National Cyber Security Policy Objectives

National Cyber Security Policy aims to create a secure and resilient cyberspace in India by establishing frameworks, legal structures, and collaborative efforts. It focuses on protecting critical infrastructure, promoting cybersecurity practices, and fostering public-private partnerships to safeguard the nation's digital ecosystem.

Creating a Secure Cyber Ecosystem: Establish a secure digital environment, build trust in IT systems, and promote the adoption of IT across all sectors. The Chief Information Security Officer (CISO) oversees cybersecurity efforts.
Creating an Assurance Framework: Develop a framework for assessing security policies, ensuring compliance with international standards, and promoting best practices.
Legal: Strengthen the legal framework to ensure a safe online environment.
Strategic Information Gathering: Create 24/7 national and sectoral mechanisms to monitor threats to Information and Communication Technology (ICT) infrastructure, enabling effective response and crisis management.
Protection of Critical Infrastructure: Enhance the protection of critical information infrastructure through a 24/7 National Critical Information Infrastructure Protection Centre (NCIIPC).
Technology Indigenisation: Develop indigenous security technologies through research, commercialisation, and deployment to secure ICT infrastructure, particularly for national security.
Public-Private Partnership: Build partnerships and collaboration between the public and private sectors to enhance cybersecurity.

National Cyber Security Policy Need

National Cyber Security Policy is needed to protect India’s digital infrastructure, safeguard critical information, enhance resilience against cyber threats, and ensure data privacy and security for individuals, organisations, and the government.

Existing Government Efforts: The government has initiated various programs to address cybersecurity challenges, laying a strong foundation for cyberspace security. However, given cyberspace's dynamic nature, a unified approach is essential.
Growing Digital Economy: India’s digital economy is expanding rapidly with the widespread use of online services, e-commerce, digital payments, and cloud computing. This expansion has made the country more susceptible to cyber threats.
Vulnerabilities in Cyberspace: The increasing complexity of cyberspace has made it vulnerable to a variety of incidents, including intentional cyber-attacks, accidental events, or natural disasters. Cyberattacks targeting critical infrastructure can compromise state resources, economic well-being, and national security.
Data Privacy and Protection: Data generation has surged with technologies like Artificial Intelligence, Internet of Things (IoT), and Big Data. The policy would implement data protection regulations, secure personal information, and safeguard citizens' right to privacy.
Global Cybersecurity Standards: Cyber threats are not confined by borders. A national policy aligned with international cybersecurity standards and practices would facilitate India’s cooperation with other countries in combating global cybercrimes and contribute to establishing norms in cyberspace.

National Cyber Security Policy Features

The National Cyber Security Policy 2013 underscores IT's pivotal role in India's economic growth and global reputation as a premier IT solutions provider. It prioritises safeguarding cyberspace, minimising vulnerabilities, and strengthening cyber threat response capabilities.

Economic and Global Impact: Recognises IT as a driver of India’s economic growth and its transformation into a global leader in high-standard IT solutions.
Cyberspace Protection: Aims to secure information infrastructure, reduce vulnerabilities, and enhance capabilities to prevent and respond to cyber threats.
Crisis Management Coordination: Designates the Indian Computer Emergency Response Team (CERT-In) as the nodal agency for coordinating cyber crisis management efforts.
Incident Mitigation: Combines institutional structures to minimise damage from cyber incidents and build robust response mechanisms.

National Cyber Security Policy Importance

National Cyber Security Policy, 2013 plays a crucial role in safeguarding India's digital infrastructure, protecting sensitive data, and ensuring economic stability by mitigating cyber threats and securing critical systems. It addresses the borderless nature of cyberattacks, enhancing resilience against threats from various state and non-state actors.

Secure Cyber Ecosystem: The policy creates a secure cyber ecosystem by setting up a national nodal agency to coordinate all matters related to cybersecurity.
Critical Infrastructure Protection: The National Cyber Security Policy of 2013 will enhance the protection of critical information infrastructure, such as air defence systems, power plants, nuclear plants, and telecommunication systems.
Economic Stability: The protection of infrastructure will avoid disruptions in services provided, thus leading to economic stabilisation.
No Geography of Cyber-attacks: Cyber policy becomes vital in the wake of possible attacks from state and non-state actors, corporations, and terrorist organisations because the internet world has no geographical barriers and is very anonymous.

National Cyber Security Policy 2013 Challenges

While the National Cyber Security Policy 2013 laid the groundwork for securing cyberspace, certain areas require further consideration for effective implementation. Key concerns include addressing risks from new technologies, social media misuse, lack of cyber platforms, and supply chain vulnerabilities.

Risks from New Technologies: The provisions to take care of security risks emanating from the use of new technologies, such as cloud computing, have not been addressed.
Social Media Risk: Another area left untouched by national cybersecurity policy is tackling the risks emanating from criminals' and anti-national elements' increased use of social networking sites.
Lack of Cyber Platforms: Cybercrime tracking, the development of cyber forensic capabilities, and the establishment of a platform for ongoing information sharing and analysis between the public and private sectors are also necessary.
Supply Chain Risk: Although the policy's enumeration of indigenous cybersecurity solutions is commendable, it should be noted that these measures may not entirely mitigate supply chain risks and would also necessitate the construction of testing infrastructure and facilities that meet international standards for assessment.

National Cyber Security Policy Implementation

The National Cyber Security Policy strengthens cyberspace through strategic public-private partnerships and collaborative initiatives. It focuses on robust technical and operational measures to safeguard critical infrastructure and enhance national security.

Policy Framework: Promotes public-private collaboration to bolster cyberspace security via technical innovation and operational synergy.
Joint Working Group (JWG) Focus Areas
- Develops Information Sharing and Analysis Centres (ISACs) for sectors like banking, telecom, and power.
- Establishes Centres of Excellence (CoEs) for research, standards, and audits.
- Enhances law enforcement training and cyber forensics capabilities.
- Creates public-private testing labs for telecom and IT equipment.
Critical Infrastructure Security: National Critical Information Infrastructure Protection Centre (NCIIPC) fortifies the resilience of critical information systems.
CISO Responsibilities: Guides Chief Information Security Officers (CISOs) in securing applications and infrastructure, urging organisations to adopt tailored cybersecurity policies.
Incident Response Collaboration: Public-private partnerships streamline coordination for effective cybersecurity incident management.
Capacity Building and Awareness: Information Security Education and Awareness (ISEA) Project trains officials and raises public awareness to strengthen information security expertise.
Cyber Crisis Management: Cyber Crisis Management Plan (CCMP) counters cyber threats and terrorism, supported by 60 workshops across ministries, states, and organisations.

National Cyber Security Policy 2013 UPSC PYQs

Question 1: What are the different elements of cybersecurity? Keeping in view the challenges in cybersecurity, examine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy. (UPSC Mains 2022)

Question 2: Discuss the potential threats of Cyber attack and the security framework to prevent it. (UPSC Mains 2017)

Question 3: Considering the threats cyberspace poses for the country, India needs a “Digital Armed Force” to prevent crimes. Critically evaluate the National Cyber Security Policy, 2013, outlining the challenges perceived in its effective implementation. (UPSC Mains 2015)

Question 4: In India, it is legally mandatory for which of the following to report on cybersecurity incidents? (UPSC Prelims 2017)