Home / Mains Articles / Overhaul of cybersecur...
Overhaul of cybersecurity framework
Jan. 30, 2024

Why in news?

  • As per the media reports, the government has drawn up a guiding policy called the National Cybersecurity Reference Framework (NCRF) to help manage cybersecurity better.
  • The framework is based on existing legislations, policies and guidelines. It outlines implementable measure with clear articulation of roles and responsibilities for cybersecurity.

What’s in today’s article?

  • National Critical Information Infrastructure Protection Centre (NCIIPC)
  • National Cybersecurity Coordinator (NCSC)
  • News Summary

National Critical Information Infrastructure Protection Centre (NCIIPC)

  • NCIIPC is a government organization that protects critical information infrastructure (CII) for the public. It was established in 2014 and is based in New Delhi.
  • The NCIIPC's mission is to protect critical information infrastructure from unauthorized access, modification, use, disclosure, disruption, incapacitation, or destruction.
  • It also provides advice to reduce the vulnerabilities of critical information infrastructure from cyber terrorism, cyber warfare, and other threats.
  • The NCIIPC defines CII as computer resources whose incapacitation or destruction would have a debilitating impact on national security, economy, public health, or safety.

National Cybersecurity Coordinator (NCSC)

  • The NCSC provides guidance and support to state governments and private industry to help formulate policies.
  • They also provide guidance on internet governance, network management, and response strategies for cyberattacks.
  • It works under National Security Council Secretariat (NSCS) and coordinates with different agencies at the national level for cyber security matters.

News Summary: Overhaul of cybersecurity framework

  • The government has drawn up the National Cybersecurity Reference Framework (NCRF), with clear articulation of roles and responsibilities for cybersecurity.

National Cybersecurity Reference Framework (NCRF)

  • Background
    • The NCRF was shared privately with companies and other government departments for consultation in May 2023, but is yet to be made public.
    • Apart from the main policy document, at least three supporting compendiums detailing global cybersecurity standards, products and solutions have also been formulated.
    • In June 2023, former National Cyber-Security Coordinator Lt. General Rajesh Pant had said that the NCRF will be released for the public soon.
  • About
    • NCRF is a framework that sets the standard for cybersecurity in India.
    • The NCRF can serve as a template for critical sector entities to develop their own governance and management systems for strong cyber-security systems.
      • The government has identified telecom, power, transportation, finance, strategic entities, government entities and health as critical sectors.
  • Institutions involved in framing the framework
    • The framework has been drawn up by the National Critical Information Infrastructure Protection Centre (NCIIPC) with support from the National Cybersecurity Coordinator (NCSC).
  • Key highlights
    • Non-binding in nature
      • The NCRF is a guideline, meaning that its recommendations will not be binding.
    • Separate budget allocation
      • It recommends that enterprises allocate at least 10 per cent of their total IT budget towards cybersecurity.
      • Such allocation is to be mentioned under a separate budget head for monitoring by the top-level management / board of directors.
    • Evolution of ways to use machines to analyse data from different sources
      • The framework might suggest that national nodal agencies evolve platforms and processes for machine-processing of data from different entities.
      • This would help check if audits are done properly and rate auditors based on their performance.
    • Greater powers to the regulators
      • The NCRF might suggest that regulators overseeing critical sectors can:
        • set rules for information security;
        • define information security requirements to ensure proper audit.
    • Effective Information Security Management System (ISMS)
      • The regulators may also need to access sensitive data and deficiencies related to the operations in the critical sector.
      • Hence, they also would need to have an effective Information Security Management System (ISMS) instance.
    • Common but Differentiated Responsibility (CBDR)
      • The policy is based on a CBDR approach, recognising that different organisations have varying levels of cybersecurity needs and responsibilities.

Need for National Cybersecurity Reference Framework (NCRF)

  • Growing cyberattacks and lack of an overarching framework on cybersecurity
    • India faces a barrage of cybersecurity-related incidents which pose a major challenge to New Delhi’s national security imperatives.
      • E.g., A high-profile attack on the systems of AIIMS Delhi in 2022.
    • Many ministries feel hamstrung by the lack of an overarching framework on cybersecurity when they are formulating sector-specific legislations.
  • Emergence of threat actors backed by nation-states and organised cyber-criminal groups
    • In recent years many threat actors backed by nation-states and organised cyber-criminal groups have attempted to target Critical Information Infrastructure (CII) of the government and enterprises.
    • In addition, availability of cyber-attacks-as-service has reduced the entry threshold for new cyber criminals, thus increasing the exposure to individuals and organisations.
  • National Cybersecurity Policy of 2013 is still guiding the cybersecurity of the nation
    • The current guiding framework on cybersecurity for critical infrastructure in India comes from the National Cybersecurity Policy of 2013.
    • From 2013 till 2023, the world has changed as new threats and new cyber organisations have emerged calling for new strategies.
Overhaul of cybersecurity framework.pdf ( Size: 2.1 MB )

Latest Article

See All
Why is RBI Keeping an eye on Gold Loans?
May 19, 2024, 2:15 p.m. Economics
HPV vaccine prevents cervical cancer cases in deprived groups
May 19, 2024, 12:04 p.m. Social Issues
NIA’s allegations against NSCN
May 19, 2024, 11:31 a.m. Defence & Security
Takeaways from Mumbai Hoarding Tragedy
May 19, 2024, 11:14 a.m. Polity & Governance
Hurdles on the Path to Green Growth and How to Remove Them
May 18, 2024, 6:47 p.m. Editorial Analysis
Russia - China Summit
May 18, 2024, 1:22 p.m. International Relations
RBI Flags Supervisory Concerns Over ARCs
May 18, 2024, 1:09 p.m. Economics
Rules for Political Parties to Use State Funded Media During Polls
May 18, 2024, 1:02 p.m. Polity & Governance
Indian manufacturing sector
May 18, 2024, 12:46 p.m. Economics
SC Verdict on Newsclick Shows Adherence to Due Process is Much More Than a Procedural Requirement
May 17, 2024, 6:34 p.m. Editorial Analysis

Mailing Address Not Entered

Dear Student,
You have still not entered your mailing address. Please enter the address where all the study materials will be sent to you. (If applicable).

Click here to enter to Proceed