GOVERNMENT OF INDIA
Ministry of Communications and Information Technology
(DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY) 

RAJYA SABHA
UNSTARRED QUESTION NO. 1140
ANSWERED ON AUGUST 16, 2013 

QUESTION
Policy to Address Cyber Security 

1140. SHRI RAJEEV CHANDRASEKHAR: 

Will the Minister of COMMUNICATIONS & INFORMATION TECHNOLOGY be pleased to State: 

(a)   whether Government has recently announced a policy to address the increasing cyber security threats in the country; 

(b)   if so, the details thereof including the proposed structure of the agencies that would be set up as a part of this policy; and 

(c)    how these bodies would coordinate with the existing multiple agencies that are required to counter this threat including local law enforcement agencies?

ANSWER
MINISTER OF STATE FOR COMMUNICATIONS AND INFORMATION TECHNOLOGY
(SHRI MILIND DEORA) 

(a) and (b): Yes, Sir In order to address the issues of cyber security in a holistic manner, the Government has released the “National Cyber Security Policy-2013" on 02.07.2013, for public use and implementation by all relevant stakeholders.

 This policy has been prepared after consultation with all relevant stakeholders, user entities and public. The objective of the policy is to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country. It aims to facilitate creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for protection or cyber space. 

The policy is expected to serve as a long-term template for continuous evolution, guided actions and measurement of effectiveness of such actions. The objective and strategies outlined in the policy together serve as a means to: 

• Articulate the concerns. Understanding, priorities for action as well as directed efforts
• Provide confidence and reasonable assurance to all stakeholders in the country (Government, business, industry and general public) and global community, about the safety, resiliency & security of cyber space
• Adopt a suitable posturing that can signal country's resolve to make determined efforts to effectively monitor, deter & deal with cyber crime and cyber attacks 

The policy provides for the following: 

• To create National level systems, processes, structures and mechanisms to generate necessary situational scenario of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective action by individual entities.
• To operationalise 24x7 sectoral Computer Emergency Response teams (CERTs) for all coordination and communication actions within the respective sectors for effective incidence response & resolution and Cyber crisis management.
• To operate a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC) to function as the nodal agency for Critical Information Infrastructure Protection in the Country. 

(c): For the purposes of effective coordination the policy provides to designate a National nodal agency to coordinate all matters related to cyber security in the country with clearly defined roles & responsibilities. In this direction, Government has approved a Framework for Enhancing Cyber Security, which envisages a multi-layered approach for ensuring defence-in-depth with clear demarcation of responsibilities among the stakeholder organizations in the country. National Security Council Secretariat (NSCS) has been mandated to coordinate the cyber security related activities among the stakeholder organizations in the country.