The National Association of Software and Services Companies and Data Security Council of India have launched a new Cyber Security Task Force (CSTF) to build India as a global hub for cybersecurity solutions. Additionally, this new entity aims to help develop a skilled workforce of cybersecurity professionals.
Led by NIIT Ltd chairman Rajendra Pawar as its chair, the task force’s members include industry leaders across IT, telecommunications, the government and academia. Companies including Tata Consultancy Services Ltd and Wipro Ltd are also part of the task force.
The CSTF will have four working groups for developing the cybersecurity market and technology, building the workforce and creating a policy framework. It also will incorporate teams from DSCI and government agencies including the Centre for Development of Advanced Computing and the Indian Computer Emergency Response Team.
Security leaders welcome this news. However, they express concerns about the task force’s ability to execute its plans for tackling cybersecurity challenges, as well as the time frame to meet its goals.
“A unique initiative, it focuses on making India secure by boosting cybersecurity solutions developed in India,” says Mumbai-based L S Subramanian, cybersecurity expert, security consultant and founder, NISE, a security firm. “But what next? We must see local cybersecurity solutions being supported with soft funding and support from the government.”
Need & Charter
In announcing the CSTF, Mohan Reddy, Chairman of NASSCOM, declares cybersecurity as a key priority. Studying Indian cybersecurity, the CSTF will identify challenges and develop an action plan, Reddy says. It will identify intervention opportunities for the Indian IT industry in global cybersecurity, develop cutting-edge technologies and address global market requirements.
“Learnings from global countries will catalyze the Indian security product ecosystem,” Reddy says
CSTF will also create a blueprint to make India a hub for cybersecurity solutions, develop cybersecurity R&D and create cybersecurity experts.
Pawar, the newly appointed chair of CSTF, says this entity is in line with India’s new national vision. “We created CSTF, aligning it with Prime Minister Modi’s vision of making India a cybersecurity expert nation and his recent exhortation to the industry.”
He says CSTF aims to make India a global hub for providing cybersecurity solutions, products and services. It also aims at building the Indian cybersecurity industry from its 1 percent market share to 10 percent by 2025, having 1 million certified and skilled cybersecurity professionals and building 100+ successful Indian security product companies.
CSTF will form working groups focused on four key pillars: Industry development, policy enablement, technology development and skill development, with a thrust on fulfilling these (and other) recommendations from 2012:
- Create a national structure for cybersecurity;
- Design & implement a competency framework for building a cybersecurity workforce;
- Create & maintain Inventory of critical information infrastructure;
- Establish a centre of excellence for best practices in cybersecurity;
- Establish a national threat intelligence centre;
- Establish a centre of excellence for cybersecurity research;
- Establish a cyber command to defend India.
Security Leaders Raise Questions
Some security leaders are skeptical about CSTF, fearing it will experience hiccups in implementation. Many universities and private institutions are working to establish cybersecurity research labs–so, how will CSTF get support and talent?
Some say India is good at cybersecurity forensics, consulting and processes, but lags behind in cybersecurity solutions. A few companies have tried for a decade to make digital security solutions in India; but having Indians accept their solutions remains a challenge.
Subramanian says CSTF must focus on financial and technology support for incubating entrepreneurs wishing to build cybersecurity solutions.
“They need support for IPR protection of the cybersecurity solutions they create and a vehicle to take them global,” he says. “India can borrow from the Israeli experience to make it a reputable global cybersecurity solutions manufacturer.”
Gurgaon-based Rakshit Tandon, consultant with the Internet and Mobile Association of India and cybercrime adviser to the UP Police, points out that the Indian government previously created a five-member cybersecurity panel with academia and government for handling cybercrime and research, but it hasn’t seen the light of day.
“I’m keen to see how CSTF collaborates with central and state institutions in designing the research framework,” says Tandon. “Also, where will the funding for R&D capabilities, developing appropriate solutions and information sharing come from?”
Jharkhand-based Vineet Kumar, founder, Cyber Peace Foundation, says the top agenda must be protecting India’s critical information: “It’s time CSTF has more practical, not merely advisory guidelines to protect data.”
R Chandrashekhar, President, NASSCOM, says CSTF understands that cybersecurity is a multi-dimensional concept from many disciplines. “Nations must take steps in their respective jurisdictions to create necessary laws, promote implementation of security practices, incident management, information sharing mechanisms and educate corporate and home users about cybersecurity,” he says. “It’s a global problem that stakeholders must address jointly.”
Subramanian calls this a Herculean task. “CSTF cannot do this alone, as it must involve many senior cybersecurity professionals in mentoring and incubating cybersecurity product initiatives