RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY



Similar documents
National Cyber Security Policy -2013

Guidelines. for setting up. Dedicated Project Team. Page 1 of 14

Guidelines for Independent Third Party Audit and Performance Monitoring Of SWAN. Draft for discussion

National Policy on Universal Electronic Accessibility

NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015

2 Gabi Siboni, 1 Senior Research Fellow and Director,

NICE and Framework Overview

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

Government of India Ministry of Labour and Employment

The National Internship Framework - Newsletter 2

Cyber security Indian perspective & Collaboration With EU

MINISTRY OF HIGHER EDUCATION, OMAN COLLEGES OF APPLIED SCIENCES STRATEGIC PLAN-PHASE

Presented by Vuyelwa Toni Penxa, Samuel Isaacs, Joe Samuels and Mark Albertyn

Challenges and Role of Standards in Building Interoperable e-governance Solutions

Diversity of Cultural Expressions INTERGOVERNMENTAL COMMITTEE FOR THE PROTECTION AND PROMOTION OF THE DIVERSITY OF CULTURAL EXPRESSIONS

National Initiative for Cyber Security Education

GAO FEDERAL EMERGENCY MANAGEMENT AGENCY. Workforce Planning and Training Could Be Enhanced by Incorporating Strategic Management Principles

National Cyber Security Strategy of Afghanistan (NCSA)

Making our Cyber Space Safe

Programme Specification

Revised Scheme of Service. for Accountants

Procedure & Training Manual Flying Training Directorate

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

Department of Defense DIRECTIVE

Government leadership in assuring better quality healthcare in South Africa: policy into practice

People Strategy 2013/17

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Guidelines for Capacity Building and Institutional Framework for e-governance under NeGP

Australian Government Cyber Security Review

Business Plan 2012/13

Frequently Asked Questions (FAQ) Guidelines for quality compliance of. eprocurement System?

Actions and Recommendations (A/R) Summary

National. icr Policy

Director of Performance & Academic Standards

SENATE STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS AUSTRALIAN FEDERAL POLICE. Question No. 100

Special Purpose Vehicle (SPV)

Government of India Ministry of Communications & Information Technology Department of Electronics & Information Technology (DeitY)

MULTI ANNUAL WORK PLAN

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Cyber Security in EU: ENISA approach

Republic of Zimbabwe. Zimbabwe Institute of Public Administration and Management (ZIPAM) ByDr. Callistus Dingiswayo Ndlovu, Director General, ZIPAM

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Minutes of the meeting of the Copyright Enforcement Advisory Council.

REPUBLIC OF MAURITIUS NATIONAL CYBER SECURITY STRATEGY

ROYAL HOLLOWAY University of London PROGRAMME SPECIFICATION

Annex II: Terms of Reference for Management and Implementation Support Consultant (Firm)

Standards in the Digital Single Market: setting priorities and ensuring delivery

EUROPEAN CYBERSECURITY FLAGSHIP SUMMARY

Financial education Improving financial skills for prosperity

INFORMATION SECURITY STANDARDS DEVELOPMENT IN MALAYSIA

Registrar On-Boarding Process

ACADEMIC POLICY FRAMEWORK

Citizen's Charter Department of Defence Research and Development Government of India 2015

BUSINESS PLAN FOR THE PERIOD THE FINANCIAL 2013/2014

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Nursing Expert Reference Group Terms of Reference

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

PERSONNEL SPECIFICATION. POST: Specialist Community Occupational Therapist Band 6 FACTORS ESSENTIAL % DESIRABLE %

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

System/Data Requirements Definition Analysis and Design

The UNESCO Supervising Entity - Project Management and Review for 2013

HORIZON Energy Efficiency and market uptake of energy innovations. Linn Johnsen DG ENER C3 Policy Officer

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

[STAFF WORKING DRAFT]

POST OF INCLUSIVE EDUCATION COORDINATOR IN THE DIRECTORATE FOR EDUCATIONAL SERVICES WITHIN THE MINISTRY FOR EDUCATION AND EMPLOYMENT

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Programme Specification: MSc Electronic Commerce

OUTCOME OF PROCEEDINGS

Role of Financial Reporting & Disclosures in Corporate Governance

Programme Specification: BSc (Hons) Occupational Safety and Health (Top up)

Cyber Security in EU: ENISA approach

Head of Delivery Operations (Head of Academy)

Work Integrated Learning Programmes

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Memorandum of Understanding

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

GOVERNMENT RESPONSE TO THE CHILD INTERVENTION SYSTEM REVIEW

Matrix of Strategic Plan of Action on Food Security in the ASEAN Region (SPA-FS)

Cyber Security Strategy of Georgia

Inspector Manager (Healthcare) Health Information and Quality Authority

Cyber intelligence exchange in business environment : a battle for trust and data

Roles & Grades Rate Cards and Applicable SFIA Skills

Programme Specification

Huawei Cyber Security Evaluation Centre: Review by the National Security Adviser

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE

Transcription:

RECOMMENDATIONS OF JOINT WORKING GROUP ON ENGAGEMENT WITH PRIVATE SECTOR ON CYBER SECURITY

NATIONAL SECURITY COUNCIL SECRETARIAT Salient Features of the JWG Report on Engagement with Private Sector on Cyber Security 1. One of the primary challenges facing both government as well as industry is to ensure the security of their computer networks and systems. Cyber security cannot be achieved in isolation by either government or industry alone. It requires joint efforts and collaboration. Following discussion with representatives of the private sector on their role in enhancing cyber security, it was decided to set up a Joint Working Group (JWG), under the chairpersonship of the Deputy National Security Advisor, to work out the details of the Roadmap for cyber security cooperation that needed to be evolved. This JWG included representatives of both government and private sector. 2. The JWG had constituted five Sub-Groups to flesh out the details of such engagement. These five Sub-Groups submitted their reports to the JWG on 16 August, 2012, which thereafter finalized its recommendations. 3. Guiding Principles The JWG has identified the following guiding principles and objectives that would underpin the public-private partnership (PPP) in cyber security: a) Given the diverse stakeholders in cyber security, institutional mechanisms should be set up to promote convergence of efforts both in public and private domains; b) Use existing institutions and organizations to the extent possible in both private sector and government and create new institutions where required to enhance cyber security; c) Set up a permanent mechanism for private public partnership; d) Identify bodies that can play a wider role in funding and implementation in the public and private sector; e) Identify areas where both private and public sector can build capacities for cyber security; f) Put in place appropriate policy and legal frameworks to ensure compliance with cyber security efforts; 1

g) Promote active PPP cooperation in international forums and in formulating India s position on global cyber security policies; h) Establish India as a global hub of development of cyber security products, services and manpower; and i) Promote indigenization and work on joint R&D projects to meet the cyber security needs of the country. 4. Roadmap for PPP on Cyber Security Issues (1) Institutional Framework On the basis of these guiding principles, the following coordination and oversight structure is proposed: (a) There should be a permanent Joint Working Group (JWG) under the aegis of the National Security Council Secretariat (NSCS) with representatives from Government as well as Private Sector. (b) This JWG will act as an advisory body and coordinate Public-Private Partnership (PPP) on cyber security. (c) A Joint Committee on International Cooperation and Advocacy (JCICA) will be set up as a permanent advisory committee of the JWG in promoting India s national interests at various international fora on cyber security issues. (d) The composition of both JWG and JCICA will be finalized in consultation with industry associations. (e) The private sector will set up Information Sharing & Analysis Centres (ISACs) in various sectors and cooperate with the sectoral CERTs at the operational level. (2) Capacity Building (a) Critical shortage of cyber security professionals need to be tackled in mission mode with innovative recruitment and placement procedures along with specialized training of existing manpower. This programme may be implemented in PPP mode. (b) There has to be a concerted effort to increase the number of cyber security professionals and equip them to efficiently meet the challenges of Cyber Security. (c) Ministry of Communication and Information Technology (MCIT) and Ministry of Human Resource Development (MHRD) and the private sector may jointly establish a cyber security capacity building framework. (d) Establishing a competency framework to assess skills required, identify gaps, 2

and devise strategies and programmes for capacity-building. This may include designing security certification schemes for IT professionals and advising cyber security related curriculum for formal sector (B.Tech, M.Tech., MBA etc). (e) Work towards establishing a multi-disciplinary Centre of Excellence (COEs) in Cyber security areas including best practices, forensics, cyber crime investigation, studies, research and international frameworks/ institutions. (f) MCIT and private sector should jointly run cyber security awareness campaigns for the general public, teenagers, children, etc. (g) Ministry of Home Affairs (MHA) and MCIT may setup training facilities for training of Law Enforcement Agencies (LEAs) in cyber crime investigations and cyber forensics. Private sector may be associated with establishment of training facilities and provide basic and advanced level trainings to the LEAs. (h) Government and private sector may fund research & development for development of indigenous cyber security products and solutions that meet international standards and address the global market. (3) Security Standards and Audits Given the role of security standards and audit in enhancing the level of preparedness and assurance in cyber security, the private sector would be an active partner in undertaking the following activities: (a) Define baseline security standards and practices/guidelines for the critical sector organizations both in the public and private sectors. The standards may be developed by a MCIT led body with active involvement of the industry and academia. (b) Define enhanced standards and guidelines for organizations that fall in the high risk category i.e. the critical information infrastructure organisations. (c) Laying down of security standards and guidelines for acquisition of IT products and services. (d) Develop protection profiles, capturing users cyber security concerns, to aid the procurement of IT products as well as compliance verification of IT products prior to deployment. (e) Work jointly towards the establishment of Institute of Cyber Security Professionals of India (similar to ICAI for CAs). This could be an autonomous institution under the patronage of MCIT. (f) Make cyber security audit mandatory by appropriate amendment in the listing requirements under the Companies Act. 3

(4) Testing & Certification The following measures may be taken for enhancing testing & certifying facilities to address the growing concerns relating to supply-chain vulnerability: (a) Establishment of National Testing and Certification Schemes, under the supervision and oversight of appropriate empowered entities under the MCIT. (b) While action is underway for establishment of Telecom Testing and Certification Centre in telecom sector, there is a need for establishment of an independent government certification body for IT products under the MCIT. The certification body should be separate from the testing facilities. In the interim, Standardisation Testing and Quality Certification (STQC) may be authorized as certificate issuing body for IT products. (c) Development of skills and competence of evaluators, validators and certification body personnel for successfully running the National Testing and Certification Scheme. (d) Establishment of private owned testing labs, duly accredited by the certification body; Government may provide the necessary incentives for the private sector for opening testing labs. (e) Encourage active participation in the communities of interest for defining protection profiles for addressing the security requirements of specific sector. (f) Take necessary steps to transition from a Common Criteria Certificate Consuming Nation to a Common Criteria Certificate Authorizing Nation. 5. Pilot projects As the first step towards the implementation of the above recommendations, four pilot projects have been identified for early implementation: (a) Setting up of a pilot testing lab, (b) Conducting a test audit, (c) Study vulnerabilities in a sample Critical Information Infrastructure, and (d) Establishment of a multi-disciplinary Centre of Excellence (COE). 6. The permanent JWG (to be constituted) will work out the Action-Plan for implementation of the recommendations. 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information