Privacy & Information Security Law Blog

On July 2, 2013, the Indian government released its ambitious National Cyber Security Policy 2013. The development of the policy was prompted by a variety of factors, including the growth of India’s information technology industry, an increasing number of cyber attacks and the country’s “ambitious plans for rapid social transformation.” The policy sets forth 14 diverse objectives that range from enhancing the protection of India’s critical infrastructure, to assisting the investigation and prosecution of cyber crime, to developing 500,000 skilled cybersecurity professionals over the next five years.

To accomplish these objectives, the policy details numerous action items for the Indian government, including:

• Designating a national agency to coordinate all cybersecurity matters;
• Encouraging all private and public organizations to designate a Chief Information Security Officer responsible for cybersecurity;
• Developing a dynamic legal framework to address cybersecurity challenges in the areas of cloud computing, mobile computing and social media;
• Operating a National Critical Information Infrastructure Protection Center;
• Promoting research and development in cybersecurity;
• Enhancing global cooperation in combatting cybersecurity threats;
• Fostering education and training programs in cybersecurity; and
• Establishing public and private partnerships to determine best practices in cybersecurity.

In announcing the policy, the Indian Minister of Communications and Information Technology Kapil Sibal noted that the operationalization of the policy would be challenging but ultimately necessary in order to “ensure there is no disruption of the kind that will destabilise the economy.”