Cyber frauds: ASSOCHAM-PwC paper moots proposal for creating central monitoring mechanism

“The SOC should develop a fusion centre to integrate information available from other commercial sources as well to have a better assessment of evolving global threats,” noted a joint paper prepared by ASSOCHAM and consulting firm PwC based on post-event recommendations for ASSOCHAM’s 10th annual summit on cyber and network security submitted to the government.

The paper recommended that government, industry and security vendors come together on a common platform to formulate and implement policies and procedures for cyber security.

Highlighting the need for seamless flow of information between state intelligence agencies, central intelligence agency, various government departments and ministries in India, the paper said that a framework should be established to effectively curb cyber incidents and reduce the time taken in responding to cyber incidents.

It also suggested that India should ensure active collaboration with other countries and global cyber security agencies through international treaties, bilateral agreements and memorandums of understanding in order to understand the latest threats and take proactive security measures to tackle them.

“The government should consider active participation in international cyber security conventions and treaties, which provide measures to combat cybercrime and gather electronic evidence from service providers.”

With a view to establish programmes to promote research and development (R&D) in the field of cyber security, the ASSOCHAM-PwC paper suggested the government to introduce tax incentives, subsidies and investment funds.

It noted that government should set aside a budget for every cyber security-information and communication technology (ICT) project on the lines of Singapore which was ranked on top in cyber security index released by the United Nations in June 2017.

The joint paper further said that the government should carry out due diligence and accordingly prescribe baseline cyber security parameters for relevant systems to be deployed in the government ecosystem, as well as for critical information infrastructure protection.

“The emphasis should be on building capabilities and capacities for application, equipment and infrastructure testing through deployment life cycle to detect and mitigate any vulnerabilities and backdoors in the product/technology.”

Highlighting the need for the government to focus on promoting cyber security as a skill set among individuals, the paper said that government should include cyber security related skills in the job descriptions of government employees by working in close co-ordination with Department of Personnel (DoPT).

It added that including cyber security in educational programmes and promoting it as a mainstream profession would help the sector attract right talent.

The paper further said that government should also grant security clearances and non-disclosure agreements (NDAs) to third parties and vendors working for critical establishments.

Besides, law enforcement officers must be trained in requisite cyber skills to ensure that digital evidence is secured efficiently and used properly in criminal proceedings.

It is also imperative to develop sector specific cyber security policies by engaging academia, industry, government and law enforcement agencies to develop and define standards, mechanisms and guidelines which are in-sync with requirements of specific industries.

The ASSOCHAM-PwC joint paper also said that government should define a national cyber security awareness programme, identifying the target audience and defining mechanism to disseminate cyber awareness material effectively.

Cyber security courses should be introduced at all levels of education such as undergraduate school and panchayat levels.