(a) to (d): A Statement is laid on the Table of the House.
STATEMENT REFERRED TO IN REPLY TO LOK SABHA STARRED QUESTION NO.*153 FOR 04.05.2016 REGARDING CYBER SECURITY
(a): In tune with the dynamic nature & growth of Information Technology (IT) and emerging threat landscape, continuous efforts are required towards enhancing cyber security, capacity building and human resource development. Towards addressing capacity building in the Cyber Security Sector as national strategy, Government has formulated a framework for Cyber Security architecture for upgrading the security of Indian Cyber Space. The architecture addresses the aspects relating to capacity building and manpower augmentation by stakeholders and engagement of private sector in Public Private Partnership mode.
Towards enhancing the qualified cyber security manpower, the following steps have been taken:
(i) Department of Electronics and Information Technology (DeitY) is implementing the Information Security Education and Awareness (ISEA) Project which aims to generate 1.14 lakhs qualified professionals at various levels in period of 5 years. A total of 51 institutions in various categories across the country are participating in the project. Besides, National Institute of Electronics and Information Technology (NIELIT) is conducting certification courses for creation of cyber security professionals.
(ii) Indian Computer Emergency Response Team (CERT-In) conducts regular training programme to make the network and system administrators aware about securing the IT infrastructure and mitigating cyber attacks. CERT-In is regularly conducting Cyber Crisis Management Plan (CCMP) workshops for Central Government Ministries/Departments, States & UTs and critical sector organisations to sensitise them about the cyber security threat landscape, enabling them to prepare and implement the Cyber Crisis Management Plan as well as participate in the mock drill exercises.
(iii) Cyber forensics training lab has been set up at Training Academy of Central Bureau of Investigation (CBI), Ghaziabad to impart basic and advanced training in cyber forensics and investigation of cybercrimes to police officers. In addition, Government has set up cyber forensic training and investigation labs in the States of Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu & Kashmir for training of Law Enforcement and Judiciary in these States.
(iv) National Security Council Secretariat (NSCS) and the Ministry of Human Resource Development (MHRD) are exploring mechanisms to include Cyber Security Capsules as part of skill development at entry level in various Industrial Training Institutes (ITI’s) in the country.
(b): Government is collaborating with various Research Institutes, Academia and Industry for strengthening cyber security. Specific initiatives under taken are as follows:
i. Government has undertaken Research and Development programme for development of skills and expertise in areas of cyber security by facilitating basic research, technology demonstration and R&D test bed projects. Under these projects, efforts have been made to nurture institutions and capacity enhancement. Currently, 37 projects at 27 institutes have been initiated.
ii. The academic activities under ISEA Project are carried out by 51 institutions across the country.
iii. National Security Council Secretariat (NSCS) has initiated plans for short term courses at IIT, Delhi and other Academic Institutions to train Government officers in various aspects of Cyber Security.
iv. CERT-In is collaborating with Industry for information exchange on cyber threats, incident resolution and awareness outreach.
(c): i. Indian Computer Emergency Response Team (CERT-In) carries out cyber security mock drills at national level regularly to enable participating organisations in Government and key sectors to assess their cyber security posture. Till date, 10 such cyber security mock drills have been carried out by CERT-In involving 107 organisations from Government, Public and Private sector. These mock drills have helped the participant organisations in taking proactive and reactive steps to improve the cyber security posture of their systems along with improved coordination with different stakeholders.
ii. At international level, CERT-In and United States Computer Emergency Readiness Team (US-CERT) have conducted India-US Joint Cyber Security Exercises with the last one conducted in September 2014. An enhanced mutual understanding of coordination processes was achieved as an outcome of joint exercise.
CERT-In is also a member of Asia Pacific Computer Emergency Response Team (APCERT) forum and participates in the international drills conducted by APCERT every year for the national CERTs in Asia. Further CERT-In is a regular participant in the Association of Southeast Asian Nations (ASEAN) CERTS Incident Handling Drills (ACID) conducted every year.
These exercises help in collaboration among the participating CERTs and validate the enhanced communication protocols, technical capabilities and quality of incident response activities.
(d): To create a culture of cyber security and responsible user behaviour, cyber security awareness creation has been identified as one of the strategies to create secure cyber eco system. The following steps are taken by the Government to promote cyber security awareness:
i. Under the Information Security Education and Awareness (ISEA) Project, 242 awareness workshops have been conducted so far for various user groups (students, government officers and citizens) covering 20,039 participants. In addition, guidelines for promoting secure use of e-mail, social networking sites, mobile devices, ATM cards and online shopping were published in leading Hindi & English newspapers. Further, 20,000 copies of Diaries covering 365 tips on cyber security, 20,000 Calendar & Table tops and 3,250 posters for schools/colleges were distributed to spread awareness on cyber security.
ii. Government is conducting programs to generate information security awareness. Specific books, videos and online materials are developed for children, parents and general users about information security in multiple languages which are disseminated through web sites like www.infosecawareness.in”, “secureelectronics.in”, “www.cert-in.org.in” and Social Media.
iii. Mass cyber security awareness project has been implemented in North-Eastern states of Manipur, Nagaland, Tripura, Mizoram and Sikkim targeting creating awareness among youth and public including School / College students.
iv. As part of awareness creation, DeitY has engaged Data Security Council of India (DSCI), NASSCOM for creating Cyber Crime Awareness for Law Enforcement agencies and 13 workshops were organised in different cities wherein more than 1500 police officers participated. National Law School, Bangalore and National Academy of Legal Studies and Research (NALSAR), University of Law, Hyderabad are also engaged in conducting awareness and training programmes on Cyber Laws and cybercrime investigation for judicial officers.
********
Download PDF Files
