India’s cyber security policy must take a leap from ‘suggestive’ to ‘executive’


Cyber security forces across the world are revving up policies to keep up with the evolving challenges in the modern cyber landscape. Virtual threats such as Petya and WannaCry may have victimized a wide number of networks, but they are just the tip of the iceberg in a sphere which looks to aggressively explore its frontiers. It is, therefore, imperative to foster an environment that allows for a comprehensive growth of the cyber landscape by minimizing threat impact and building capacity through an ‘execution’ oriented cyber policy.

India launched its novel cyber security policy in 2013 “with an aim to monitor and protect information and strengthen defences from cyber attacks”. The policy was introduced after the surfacing of grim NSA revelations regarding unauthorized surveillance of the government and citizens of not only the U.S. but also its allies. It was clearly a welcome move as the policy promised a “resilient cyberspace for citizens, business and the government”. As relevant as the policy was in the context of the cyber landscape of 2013, the past four years have witnessed a drastic change in the cyber space. The government now must take into consideration the increased focus on digitization of various elements, as well as the introduction of advanced and complex cyber threats to devise a Cyber Security Policy that is comprehensive in nature and adopts a more executive approach.

Given the emerging threats on display in the contemporary cyber space, India’s cyber security policy must shift from a reaction based model to a more proactive perspective. India must have the necessary framework in place to not only tackle the threat at hand but also actively identify and deflect any imminent threats to ensure absolute security.

It is also imperative to establish effective capacity building programs to ensure an all-round growth of the cyber landscape by implementing relevant staff training, strategizing public-private partnerships (PPP) and resolving for a coherent government-citizen collaboration.

Although such initiative were outlined in the 2013 Cyber Security Policy, a gap in an executive approach played a critical role in falling short on the set objectives. For instance, the National Cyber Security Policy stated its vision “to create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training”. However, current findings showcase that the number of trained personnel remain at 50,000 after four years of operation. While it’s essential to define such objectives, a policy revolving around an ‘implementation’ framework will assist in achieving these objectives effectively.

Considering the evolving cyber geography and the growing complexity of threat factors, India must take a leap from a ‘suggestive’ to ‘executive’ cyber security policy to safeguard its citizens and facilitate a more comprehensive growth.