Overhaul Of Cybersecurity Framework In 2024:
In today’s changing world, people are shifting from manual to digital. Business activities are being digitized so that you can get maximum productivity.
But at the same time, threats related to digital activities are also increasing and it is necessary for any government to think seriously about how maximum productivity can be achieved from digital technology with utmost safety.
Keeping this in mind, the Government of India has developed a guiding policy or framework called National Cyber Security Reference Framework (NCRF) in an effort to provide an implementable measure with clear articulation of roles and responsibilities for cyber security based on existing laws, policies and guidelines.
Saying that there has been significant progress over the years in the development of indigenous cybersecurity products and solutions, the Center is expected to encourage enterprises – especially in critical sectors like banking, telecom and energy – to provide only security products and services.
Therefore, to secure cyber infrastructure, the Government has formulated the above-mentioned guiding policy called the National Cyber Security Reference Framework (NCRF).
The action comes as India faces cyber security-related incidents—most recently a high-profile attack on AIIMS Delhi’s systems in 2022—that pose a major challenge to New Delhi’s national security imperatives.
It is said that the Government was feeling hampered by the lack of a comprehensive framework on cyber security when they were drafting sector-specific laws. This is the solution expected from NCRF.
In recent years a number of cyber criminals, supported by nation-states and organized cyber-criminal groups, have attempted to target the critical information infrastructure (CII) of governments and enterprises. Additionally, the availability of ‘cyber-attacks-as-a-service’ has reduced the entry threshold for new cyber criminals, thus increasing the exposure of individuals and organizations.
You may also like my other articles on cyber awareness:
- Why Should Financial Advisors Educate Clients About Cyber Security? Big Update 2024
- Seminar on Cyber Ethics Held At Rajasthan University: Big Update 2024 India
- Cyber Crime Team launch first Cyber Protect and Prevent Hackathon of UK: Big News 2024
- What Is Credential Stuffing In Cyber Security? Shocking Cyber Criminal Technique 2024
- Thoothukudi cyber crime police recover 875 mobile phones: Big Update Cybercrime India 2024
The framework has been prepared by the National Critical Information Infrastructure Protection Center (NCIIPC) – which reports to the Prime Minister’s Office with the support of the National Cyber Security Coordinator (NCSC).
The NCRF was privately shared with companies and other government departments for consultation in the month of May 2023, but has not been made public yet.
In addition to the main policy document, at least three supporting compendiums detailing global cybersecurity standards, products, and solutions have also been prepared.
The paper also suggests that the NCRF may recommend that enterprises allocate at least 10 percent of their total IT budget to cybersecurity. “Adequate resources should be allocated to cyber security, and these should be separate from IT resources… Based on global best practice, it is recommended that at least 10 percent of the total IT budget be allocated to cyber security.
Such allocations should be mentioned under a separate budget head for monitoring by the top-level management/board of directors,” the NCRF is likely to recommend this.
Last June, former National Cyber Security Coordinator Lieutenant General Rajesh Pant had said that the NCRF would soon be released to the public.
The current guiding framework on cybersecurity for critical infrastructure in India comes from the UPA-era measure, the National Cyber Security Policy of 2013.
“NCRF is an important document that replaces the 2013 policy. From 2013 to 2023, the world has changed as new threats and new cyber organizations have emerged and demand new strategies. The document will be put in the public domain after final scrutiny by the committee to ensure that nothing is confidential,” he said.
However, the NCRF is a guideline, meaning its recommendations will not be binding – however, organizations can use the NCRF to improve their cybersecurity posture, reduce the risk of data breaches or any cybersecurity incidents, and ensure compliance with regulations. It can increase trust with customers and increase operational efficiency.
Questions sent to the NCSC office remained unanswered till the time of publication. The NCRF may also recommend that, along with guidelines for regulating operations in the critical sector, the regulators who oversee and audit them should also define information security requirements.
“Regulators may also need to access sensitive data and vulnerabilities related to operations in the critical sector, and hence they will also need an effective Information Security Management System (ISMS) example,” the policy recommends.
It may also prescribe that national nodal agencies develop platforms and processes for machine-processing of data from different entities to conduct regional and cross-sectoral analysis of audit compliance, audit effectiveness and auditors’ grading.
That’s a brief tech news on cyber awareness I thought to share with you! I hope this will be valuable for you. You can reach me through the emails given below. I will love your valuable comments and feedback.
Yours
Abhijit Ranjan
1 thought on “Overhaul Of Cybersecurity Framework In 2024: Govt may push use of Made in India products to protect cyber infrastructure”