To push cyber infra, Govt may push use of made in India products

Contact Counsellor

Last Updated31/01/2024

India is poised to recommend the use of domestically developed cybersecurity products and services, particularly for critical sectors such as banking, telecom, and energy.
The initiative is driven by the need to enhance national security in the face of escalating cybersecurity threats.

The government has formulated the NCRF, a comprehensive policy to establish a clear framework for cybersecurity, outlining roles and responsibilities.
The NCRF draws upon existing legislations, policies, and guidelines to provide an implementable measure.
It has been developed by the National Critical Information Infrastructure Protection Centre (NCIIPC) with support from the National Cybersecurity Coordinator (NCSC).
- NCIIPC reports to the Prime Minister’s Office.
However, the NCRF is a guideline i.e. its recommendations will not be binding.
It was shared privately with companies and other government departments for consultation last year, but is yet to be made public.

The NCRF may recommend that enterprises allocate at least 10% of their total IT budget specifically for cybersecurity.
This allocation should be separate from general IT resources, aligning with global best practices and aiming to enhance organizational cybersecurity posture.

The NCRF could also suggest that regulators overseeing critical sectors define information security requirements.
Additionally, these regulators may need effective Information Security Management Systems (ISMS) instances to access sensitive data related to critical sector operations.
It may prescribe that national nodal agencies develop platforms and processes for machine-processing of data from different entities.
- This approach aims to facilitate sectoral and cross-sectoral analysis of audit compliance, audit effectiveness, and grading of auditors.

Recent high-profile cyber attacks, including the 2022 breach of AIIMS Delhi systems, have underscored the urgency for a robust cybersecurity framework.
The lack of an overarching framework has prompted concerns among union ministers, emphasizing the need for sector-specific legislations.