NASSCOM Cyber Security Task Force Working Group Discussion Slides June 10, 2015
CSTF Working Plan NASSCOM Cyber Security Task Force Scope / Charter Recommendations Four Working Groups Industry Development Technology Development Skills Development Policy Development A NASSCOM Initiative
Opportunities for Indian Industry NASSCOM envisages the Indian IT-BPM industry to achieve a size of USD 350-400 billion by 2025; the country can aspire to build a cybersecurity product and services industry of USD 35-40 billion by 2025 Currently, Indian industry revenue from security is estimated to be around 1% (USD 1.5 billion) of overall IT-BPM industry revenue (USD 146 billion); by 2025, India can aspire to scale it to 10% Generate a million skilled jobs in the security space by 2025 to cater to the rising global demand of security professionals current global shortfall is estimated to be around 0.7 million, expected to rise to 1.5 million in 2020 as per (ISC)2 Frost and Sullivan Booz Allen Hamilton Report
Global Initiatives/ Best Practices in WG Domains Industry Development In Israel o 200 cyber security firms; 78 companies have raised USD 400 million since 2010 o cyber related exports are more than 5 percent of global market US Department of Homeland Security has nurtured cyber security start-ups like Kryptowire & Nowsecure Skill Development In UK o Government offers apprenticeships to boost the number of civil service cyber specialists, cyber security training in further and higher education o Cyber specials program to bring volunteer police officers with specialist skills Israel Education ministry has set up after-school programs for cyber security in middle & high school. In US, National Initiative for Cybersecurity Education (NICE) for cyber-savvy citizens and building cyber-capable workforce. Technology Development Israel: Cyber security incubator established; Ben Gurion University has become the hub of Cyber Security Research and innovation. US: The federal cybersecurity R&D strategic plan intends to strengthen and leverage the link between industry and academia. UK: National Technical Assistance Center: Research in encryption & cryptanalysis Policy Development Many countries have established processes for policy implementation, proactive review with clear activity timelines and accountability mechanisms Policy push R&D investment, IP ownership & product commercialization Policy enables PPP initiatives - Coordinating Councils in US, National Cyber Security Hub in UK In US, protection for organization sharing security information with govt. through Cyber Intelligence Sharing and Protection Act (CISPA) bill debated A NASSCOM Initiative
Industry Development Group A NASSCOM Initiative
A NASSCOM Initiative
A NASSCOM Initiative
A NASSCOM Initiative
A NASSCOM Initiative
Technology Development Group A NASSCOM Initiative
Recommendations - Technology Development WG 1. Visibility & Motivation - PM as brand ambassador for Secure India Movement: The research and innovation in the area of Cyber Security requires a major impetus if India is to emerge on the global map. The Honorable Prime Minister be requested to help create a national movement secure India, and be the brand ambassador to galvanize the faculty and students at nation s academic institutions, and young Indian innovator firms in a movement similar to Swachh Bharat for cyber security research and development of products. National, State and college level hackathons to be also held. 2. Creation of Sectoral CERTs+: Each core industrial sector to have a sectoral CERT on similar lines as the (RBI s) Banking CERT. These to act as means for i) cyber security intelligence exchanges for respective sectors, ii) be affiliated with the sectoral Government Regulator and create sectoral compliance regulations, leading to direct creation of demand for sector specific cyber security solutions and create impetus for product innovation by the industry in response to the demand, iii) Enable sector specific PPP partnerships for R&D by academic institutions (COEs, labs, etc.) and innovation of security products by the Industry, by giving visibility to sector specific needs and revenue potential, iv) have a role in validating new technology solutions and setting standards for their sectors, 3. Role of Industry - NASSCOM, DSCI & Other Bodies: i) take the initiative in creation of Sectoral CERTs+. ii) Help in creation of a PPP innovation & incubator fund (see para 6 below), ii) Mapping of existing Industry capabilities and products, iii) Facilitate academia -industry collaboration for commercial incubation of R&D outcomes. iv) Work with Sectoral CERTs+ for identification of sector specific requirements and Technological Gap identification 4. Reduce Procurement Barriers for new Products of Small Firms in Govt Procurement: Govt will be the single largest customer of cyber security products. i) New innovation driven technologies and products by innovator firms must have a means to meet the procurement qualification requirements. For this there is a requirements to create testing certifications and quality standards. If a young Indian company can successfully meet, these then it would be eligible for R&D grant/subsidy of the testing certification cost, as also its products eligible for govt procurement (often as OEM through SIs). Ii) Procurement plans and roadmaps for the govt requirements must be released for next five years annually, this would make the potential demand and revenue potential visible to the Industry of the largest customer and help Industry in taking commercial decisions to invest in product development and R&D 5. Govt to Outsource Paid R&D to Small Innovator Firms and Academic Institutions: The R&D base of the country needs expansion through outsourced paid research for greater access to talent and grass-root innovation capabilities that exist in the private industry 6. Creation of National Cyber Security Innovation Fund: A PPP based fund with participation by the Govt, Sectoral CERTs+, and the financial institutions with the main aim to identify new technologies and products and innovator firms to invest in, mostly at commercial terms. This fund would also act as the incubator for new technologies, in partnership with Sectoral CERTs+ and R&D institutions
Skills Development Group A NASSCOM Initiative
One million certified skilled cybersecurity professionals by 2025 1. Develop cybersecurity as a national mainstream cadre. Mandate through SSC, global best practices and certifications: 200 universities/colleges to run both dedicated stream and commercial research 200 vocational training providers 5 regional security hubs integrated with industry 2. Select 100 Cybersecurity Drone acharyas and establish 10 COEs to create a pool of expert Cybersecurity trainers 3. Govt. declares cybersecurity as a strategic sector on par with the space, atomic energy and defence and make investments for capability and capacity building 4. Attract the best talent for Cybersecurity via widespread advocacy, early introduction in schools and talent search through hackathon and reality shows 5. Mandate Cybersecurity health index of essential public services, critical infrastructure and public companies 6. Embed Cybersecurity in the academic curriculum across all levels for creating cyber aware citizens Excellence@Scale
Policy Development Group A NASSCOM Initiative
Policy Development Policy advocacy (initiatives/ amendments) required for CS Industry (Product + Services) Development Ecosystem 1. Capability Development through PPP Addressing trust issues (PPP) Contracted projects to private sector to develop solutions/ technology, security clearance of individuals; secure sites Establishing Cyber Military Industrial Complex Engaging industry (including startups) on contracts in existing CS initiatives such as NCCC, Botnet Clearing 2. Promoting innovation and startups Govt. promoting startup ecosystem (funds, incubation, infrastructure, IP-Patent issues etc.) to be developed; single window or distributed? System Integrators (SIs) to include and promote startups in solutioning eg. internal incubation programs Procurement (including tendering) & audit processes of govt. to encourage startups eg. EMD requirements, market share restrictions, etc. 3. Showcasing Indian industry abroad international delegations, conferences, road shows etc. 4. Testing and Assurance mechanisms Test Labs, Certifications harmonized with global standards, domestic + global market + becoming global delivery hub 5. Enabling Framework Cyber Commission; Privacy Law, Info exchange framework, encryption policy, Cyber Security Act (mandatory disclosures on structure, investments, etc.), LEA capability building, international cooperation etc.; whistleblowing provisions and policies in government & private sector; e-security index 6. Inputs from Industry, Skills and Technology WG A NASSCOM Initiative
Thank You