India govt unveils five-year plan to revamp cybersecurity

The Indian government has set in motion a five-year project to revamp cybersecurity apparatus of critical sectors in the country to meet the growing challenge of cyberattacks.

The National Critical Information Infrastructure Protection Center (NCIIPC), the agency to coordinate cybersecurity operations for critical infrastructure across the country, has been given this responsibility, The Times of India reported on Tuesday.

The five-year plan will be prepared by the agency to revamp and integrate the cybersecurity apparatus of all critical infrastructrure such as power, transportation, water, telecommunications and defence, the agency said at a presentation.

NCIIPC also plans to set up a sectoral Computer Emergency Response Team (CERTs) that would be connected to it, and will install censors on all critical systems to provide real-time information to its command and control (C&C) center about any cyberattack to formulate a quick response.

Under a newly defined mandate, NCIIPC will look after critical sectors with high dependency on computer and information technology (IT), while other sectors will be under India's CERT, CERT-IN.

"There are also plans to open a Cyber Security Operation Centre, a [round-the-clock] control room for real-time information and response, and a National Institute of Critical Information and Infrastructure Protection for training of chief information security officers (CISOs). We will also issue daily cyberalerts," Muktesh Chander, NCIIPC center director said, during the presentation.

According to sources who spoke to the Indian news site, this is part of the government's step to create awareness and ensure a robust security system in all critical government agencies. The task had also been divided into five phases, and once agencies set up their security infrastructure, it will be connected to the NCIIPC.

Shivshankar Menon, national security advisor, who also addressed the gathering, stressed on the participation of the private sector

"The NCIIPC is setting up a joint working group with representatives of industry assocations to bring out guidelines for protection of critical information infrastructure in India," he said.

India's critical infrastructure agencies are no stranger to cyberattacks. Just last week, a hacker group leaked Indian telco BSNL's passwords and database, calling for the withdrawal of a controversial legislation which allegedly suppresses freedom of speech and expression. In April, Chinese hackers allegedly planted a bug via flash drives on India's navy computers, which relayed sensitive data to China IP addresses.