Friday 30 November 2012

Indian Crisis Management Plan For Cyber Attacks And Cyber Terrorism

The threats of cyber attacks, cyber espionage and cyber terrorism are looming large at India. India needs to understand the seriousness of cyber attacks upon its critical infrastructures and cyberspace. To start with, India must formulate a crisis management plan to tackle cyber attacks, cyber terrorism and cyber espionage attempts.

Crisis management plan (CMP) is a measure of readiness to meet uncertainties and future risks and accidents. If we have a good crisis management plan at place, we can minimise the damage and harm to maximum possible extent.

CMP pertaining to information and communication technology (ICT) is an essential part of national ICT policy of India. The other parts of national ICT policy of India are cyber security policy of India, critical infrastructure protection policy of India, critical national infrastructure protection policy of India from cyber attacks, national security policy of India, etc.

Similarly, we must also formulate a cyber security policy for India. With more and more networks and computers are now connected with public utilities and essential public services, cyber security assumes great significance these days. India is also looking forward for mandatory electronic delivery of services. This would increase the risks of cyber attacks upon crucial public delivery systems of India.

The government of India has issues certain guidelines to safeguard Indian cyberspace. According to these guidelines no sensitive information is to be stored on the systems that are connected to Internet. The Government has also claimed to have formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.

The organisations operating critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001. Ministries and Departments have been further advised to carry out their IT systems audit regularly to ensure robustness of their systems. Ministry of External Affairs has also issued a comprehensive set of IT security instructions for all users of MEA and periodically updates them on vulnerabilities.

Although the steps taken by Indian government are praiseworthy, they are not sufficient to ward off the sophisticated cyber attacks. The practical implementation of the crisis management plan of India is still missing. With a beginning already taken place, it needs a political will to give it a final shape and help it to reach its final destination.