Pravin Sinha, senior consultant, cyber and
data security,NeGD, DeitY, GoI
| June 20 2012
View
Video
India is a federal structure and there is a clear distinction
between the role of central and state governments. The central
government is trying to bring all government services closer to the
people but it becomes helpless when something falls in the realm of the
state government. It can only advise the state government. The states
have their own rules and procedures. This results in creation of
different processes and platforms at a high level. But the citizen wants
a single window from where he can avail all services.
One of the key issues which will come in the way of delivery of single window or integrated services is that of data interoperability. The issue of exchange of data between various agencies leads to the issue of data security. To resolve the issue of interoperability, the central government is trying to formulate various standards and has come up with a national service delivery gateway (NSDG).
As far as cybersecurity is concerned, Indian Computer Emergency Response Team (CERT-In) is the nodal agency. It has categorised various security breaches based on sensitivity of data. For example, the data with ministry of defence is considered very sensitive. In case this sensitive data is attacked, top government bodies like Intelligence Bureau (IB), Research & Analysis Wing (RAW) and National Technical Research Organisation (NTRO) get involved. Depending upon the type of attack, there is a matrix which specifies how to respond in various cases. It is a high-level decision-making process. Every department has got a cyber cell which responds in cases of attacks which are not that sensitive.
But the nature of all these responses is reactive, and not proactive. Various agencies may upgrade themselves from a similar attack in future but these agencies are not equipped to prevent them from another sophisticated attack. To be proactive, agencies need to put a process in place.
We have to bring in policies and laws that will ensure accountability of individuals in case of a breach. Security has to be provided from end to end. It should also be reflected in the investment that goes into an e-governance project. What I mean is that while designing any e-governance project, funds for e-security should be separately identified.
India has to focus on privacy too. If privacy laws can be formulated, it will make India an attractive destination for data export. We need privacy laws to secure data and instill faith in the government.
One of the key issues which will come in the way of delivery of single window or integrated services is that of data interoperability. The issue of exchange of data between various agencies leads to the issue of data security. To resolve the issue of interoperability, the central government is trying to formulate various standards and has come up with a national service delivery gateway (NSDG).
As far as cybersecurity is concerned, Indian Computer Emergency Response Team (CERT-In) is the nodal agency. It has categorised various security breaches based on sensitivity of data. For example, the data with ministry of defence is considered very sensitive. In case this sensitive data is attacked, top government bodies like Intelligence Bureau (IB), Research & Analysis Wing (RAW) and National Technical Research Organisation (NTRO) get involved. Depending upon the type of attack, there is a matrix which specifies how to respond in various cases. It is a high-level decision-making process. Every department has got a cyber cell which responds in cases of attacks which are not that sensitive.
But the nature of all these responses is reactive, and not proactive. Various agencies may upgrade themselves from a similar attack in future but these agencies are not equipped to prevent them from another sophisticated attack. To be proactive, agencies need to put a process in place.
We have to bring in policies and laws that will ensure accountability of individuals in case of a breach. Security has to be provided from end to end. It should also be reflected in the investment that goes into an e-governance project. What I mean is that while designing any e-governance project, funds for e-security should be separately identified.
India has to focus on privacy too. If privacy laws can be formulated, it will make India an attractive destination for data export. We need privacy laws to secure data and instill faith in the government.
