Central body accountable for nation's cyber security missing: NCSC Pant
That is the first thing that we have to tackle and that is one of the major deliverables of the strategy, Pant said at a virtual cyber security dialogue organised by Microsoft.
There are cyber security organisations in the country but no central body responsible for safety in the online space, a top cyber security official said on Tuesday. National Cyber Security Coordinator (NCSC) Rajesh Pant also said the proposed national cyber security strategy will address this gap in the security framework.
He said India has excellent organisations and there has been ''fantastic'' transformation in the cyber security space in the country in the last one year. ''By and large, a framework is in place but there is no central apex organisation today in terms of allocation of business rules. There is no ministry or organisation to which you can say you are responsible for the cyber security of the nation. ''That is the first thing that we have to tackle and that is one of the major deliverables of the strategy,'' Pant said at a virtual cyber security dialogue organised by Microsoft. He noted that the government has been working on a cyber security framework that was developed in 2013. ''Now what is required is cyber security strategy. It is before the Cabinet for the final stamp. We need a governance structure. Today if you see the way we are working under different ministries, we have got excellent organisations,'' Pant said. Prime Minister Narendra Modi on August 15, 2020 had announced that a new cyber security strategy will be presented to the nation as dependence on cyberspace will increase multi-fold in the coming years. ''That is the first thing that we are waiting for. Strategy is an action oriented plan. It gives the objective. It gives who will deliver that objective. It gives funding for the objective and it gives a timeline for achievement of that objective and it covers the next 5 years,'' Pant said. According to official estimates, India suffered a loss of around Rs 1.24 lakh crore in 2020 due to cyber attacks. Pant said cyber attacks increased by 500 per cent during the pandemic due to adoption of digitisation and India has been one of the most attacked nations. ''We found more than 30 per cent (attacks) were from the US,'' he added. He said cyber criminals route their attack through three-four different destinations and the last point has been found to be in the US for several attacks. ''Last hop is a country which has very good relations, firstly which is a democracy and has strong privacy laws. If you get the last IP and if it is Azure or Google cloud server in the US, it is not easy to get information from them because there are a lot of clients and they have privacy rights. ''Countries like the USA, Netherlands, Germany which have strong privacy laws were utilised as last hop for the attacks,'' Pant said. He pointed out that there was no major impact on big sectors but financial crime did increase and there was a 150 per cent rise in ransomware attacks. Pant also said international rules are not very helpful in tackling cyber crimes but a group of 32 countries, including India, have come together to handle the ransomware menace. The group is focussing on improving network security and resilience, measures to deal with illicit finance, disrupt networks of criminals and handle cyber diplomacy. He also said India has developed its own malware repository similar to Google's Singapore based entity VirusTotal on which malwares issues get reported. ''VirusTotal is now getting all the data of the malware which is available in India and organisations also which may not be the best thing for national security. We have created our own national malware repository. It is in the final phase of beta testing and we have already got 75 million samples in that repository,'' Pant said. Microsoft India General Counsel Keshav Dhakad said the company has a 'global attack surface' to map that data and it gets 8.3 trillion threat signals a day which helps it in assessing the way new threats are evolving. These are leveraged for doing analytics, patching, and sharing intelligence with partners and governments. ''India is part of the government security program and we have been working with the government for many years and the Digital Crimes Unit is about using that intelligence to identify where the signal came from which nation, which city it came from and to be able to take legal action against them. ''We've worked with the CBI, FBI, Department of Justice, Europol, Interpol in taking down many criminal networks,'' he said.
(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)