Govt could make critical sectors use Indian cybersecurity products: Report

Proposed policy to lay out clear roles and responsibilities for organisations to follow

The government is planning to release a draft policy that will make companies in critical sectors use cybersecurity products and services developed in India, the Indian Express reported on Tuesday.

The National Cybersecurity Reference Framework (NCRF) is expected to lay out clear roles and responsibilities that organisations should follow under existing rules, policies and guidelines. The government might ask companies and organisations in critical sectors like banking, energy, telecommunications and healthcare to only use and deploy cybersecurity solutions developed in India.

The framework has been drawn up by the National Critical Information Infrastructure Protection Centre (NCIIPC), which comes under the Prime Minister’s Office, in collaboration with the National Cybersecurity Coordinator (NCSC).

The preliminary NCRF was circulated privately among companies and government departments for feedback in May last year and it has not been officially put out for public consultation.

Three supplementary compendiums outlining international cybersecurity standards, products, and solutions have been created alongside the primary policy document, said the report.

NCRF is significant as cyberattacks on critical government infrastructure have increased over the past few months.

Business Standard reported earlier this month SPARSH, the government’s digital portal for pension-related services, suffered a data breach that risked personally identifiable information of around 3 million ex-servicemen in the country.

Last year, a breach in the state-run Indian Council of Medical Research’s database led to sensitive personal data of around 810 million Indians being put up on sale on the dark web.