Overview & Timeline of Activities

Cyberspace has become a game changer in the digital age. Both developed and developing countries are using cyberspace to leap ahead in the future – development and augmentation of critical information infrastructure, electronic delivery of services, leveraging it as a socio-economic enabler etc. The same cyberspace is being equally exploited by terrorists, criminals and even adversary nation-states for disrupting critical infrastructures, stealing secrets, carrying out financial frauds, recruiting criminals etc. It is becoming even more attractive to criminals especially given borderless nature of the cyberspace that cuts across jurisdiction, allowing criminals to launch attacks remotely from anywhere in the world, and related challenges of attribution.

Cyber security has become a global challenge and has mobilized discussions and actions both at national and international levels. It is increasingly getting linked to national security of a country. India too has been seen taking various affirmative steps address the global issue. DSCI along with NASSCOM has been working with the government and industry on this important aspect. The NASSCOM-DSCI report – ‘ Securing our Cyber Frontiers ’, released in 2012, catalyzed government’s action leading to creation of a permanent Joint Working Group (JWG), under the chairpersonship of the Deputy National Security Advisor (Dy. NSA), comprising government and industry representatives. The JWG in now chaired by National Cyber Security Coordinator and is focused on proactive and collaborative actions to enhance India’s capabilities in cyber security through Public-Private-Partnership (PPP).

Parallel to policy advocacy with the government for Critical Information Infrastructure Protection, DSCI works with the industry in standards setting, implantation of best practices, guidelines formulations, cross-industry information sharing, incident management, awareness, capacity building and many more. One of the objectives of DSCI is also to help build an ecosystem to help Indigenous security product and services startup companies sustain and grow.

Timeline of Activities

NASSCOM –DSCI Cyber Security Task Force

Honorable Prime Minister Shri Narendra Modi at the NASSCOM’s 25th year anniversary event on 1 March 2015 recommended NASSCOM to create a Cyber Security Task Force (CSTF), with an aim to develop and provide cybersecurity solutions for the global market. The Task Force has finalized its first set of recommendations aimed at realizing the PM’s Prime vision of transforming the Indian Cyber Security Industry, by strengthening the existing ecosystem of research and development, policy and skills pertaining to various facets of the cyberspace. Additionally, NASSCOM-DSCI have commissioned a study on building ‘Industry Roadmap for Cyber Security’ for next 10 years to PwC. The study commenced in January and, is expected to be ready by end of March 2016.

Building Cyber Security Career Map in association with SSC NASSCOM by building Qualification Packs for ten cyber security job roles.

Contribution in the JWG discussions and activities: DSCI continued its emphasis on the need to create ‘Centers of Excellence’ (CoEs) in cyber policy research, standards and audit, besides establishing an Institute for Cyber Security professionals of India for capacity building.

e-Security Index of India: Awarded by DeitY, the ‘e-Security Index-lihase II’ liroject aimed to develoli a framework to measure cyber security lireliaredness of the country covering various dimensions including government on liolicy and strategy, caliacity building, cyber defense and standards. DSCI successfully comlileted lihase I of the liroject in August 2013. The second lihase of the e-Security Index began in 2015.

DSCI-BSA reliort released DSCI, in collaboration with BSA, released a study reliort on "Security Considerations in Software pirocurement by Government Agencies in India".

Skill Develoliment in Cyber Security: As liart of the JWG efforts, DSCI worked with the DeitY, Ministry of Labour and Emliloyment and National Skill Develoliment Corlioration (NSDC) to develoli information security requirements for inclusion in vocational courses undertaken by Industrial Training Institutes (ITIs) in India.

DSCI-BSA Study: Security considerations in software pirocurement by government agencies in India

ISAC Conceptualization and Operationalization in Banking Sector: DSCI spearheaded series of meetings with the Chief Information Security Officers (CISOs) of the leading banks in India, in close collaboration with Institute for Development and Research in Banking Technology (IDRBT), Computer Emergency Response Team (CERT-In) and National Security Council Secretariat (NSCS). These meetings helped lay down the framework for operationalization of the ISAC, eventually led to the establishment of Indian Banks- Center for analysis of Risk and Threats (IB- CART) at IDRBT, Hyderabad

Analysis of National Cyber Security Policy: The analysis identified the possible opportunities and concern areas in the policy especially from the industry perspective

National Information Security Policy and Guidelines to protect information and information system for government departments and organizations

Guidance Document on Cyber Security Framework for Critical Infrastructure by NIST

Engagement with the NSCS

  • Report on the Recommendations of Joint Working Group on Engagement with Private Sector on Cyber Security prepared by NSCS in consultation with DSCI released by the NSA
  • Report defined guiding principles for PPP and recommended a roadmap
  • Four pilot projects identified:
    • Setting up of Testing lab
    • Conducting Test Audit
    • Study vulnerabilities in CII
    • Establishment of a multi-disciplinary Centre of Excellence.
  • Permanent Joint Working Group was established under chairpersonship of Dy. NSA. Three subgroups formulated to work towards implementation of the pilot projects;  DSCI appointed industry co-coordinator in JWG; CEO, DSCI appointed the chair for the sub-group on vulnerabilities in Critical Information Infrastructure. The subgroups submitted reports to JWG
  • DSCI submitted a report on creation of Information Sharing & Analysis Centres (ISACs) in critical sectors

Engagement with MEA

  • Provided inputs on cyber security norms in the area of cyber diplomacy
  • White paper on identifying international conflicts and issues covering 3 key dimensions - (a) Politico-Military, (b) Economic, (c) Content Regulation. The paper discussed the two distinct and conflicting approaches that exist on cyber security norms – one led by the US and the other by Russia.
  • Published DSCI Assessment Framework-Security DAF-S© to help gauge the organization’s security practices, identify the gaps, and augment compliance efforts for meeting multiple regulatory requirements and move up the maturity path
  • DSCI Assessment Ecosystem Development was conceptualized for successful adoption of the framework. The components of the ecosystem developed were: accreditation process for empaneling third party assessors, assessment process and methodology, assessor tool kit, assessor training program, self-assessment program, codes of conduct, and others.
  • ‘e-Security Index for India’ project was awarded by DeitY to study and develop an index to measure the security preparedness of different sectors and entities - businesses, industry verticals, critical sectors, government departments, and individuals to help understand the security maturity of these different entities, identify the improvement areas and accordingly channelize investments and efforts for improving cyber security in those areas.
  • Launched DSCI-Cisco Security Thought Leadership Program. The program envisaged development of collaborated content and engagement of security community. Provided guidance to the industry through reference architectures, best practices and case studies.
  • DSCI-BSA study on security considerations in software procurement by government agencies in India
  • Inputs on the development of Collaborative Protection Profiles under CCRA
  • DSCI inputs on Cyber Security Framework for Critical Infrastructure by National Institute of Standards and Technology (NIST), US

  • Provided inputs on Twelfth Five Year Plan around Information Security in four areas –
    • Security Policy Compliance & Assurance
    • Security Incident
    • Capacity Building & Security Training
    • Collaboration
  • Observations on draft ‘National Cyber Security Policy’. DSCI highlighted the role of industry towards national cyber security as carrier of a majority of traffic and increasingly owning critical infrastructure; Advocated industry-to-industry coordination and public-private partnership in promoting cyber security in the country
  • Engagement with National Security Agency (NSA) on NASSCOM-DSCI Report–‘Securing our Cyber Frontiers’
  • Member of cyber security sub-group created under Task Force on National Security. Cybersecurity coordination and its structure in the country was suggested by DSCI
  • Inputs to DeitY on draft consultation paper on National e-Authentication Framework prepared by National e-Governance Division (NeGD). DSCI suggested adoption of right Security Model built around e-Authentication Framework- selecting the right strategic options which ensure security, manageability, scalability and accountability, along with adoption of a comprehensive approach for fraud prevention

Cyber Security Awareness Project: Ministry of Communications and Information Technology (MCIT) awarded NASSCOM – DSCI with a project to implement the Cyber Security Awareness Project in the public-private-partnership mode. As a part of the awareness project, DSCI conducted a series of events. The program was witnessed by audiences from industry sectors including IT-PM, manufacturing, e-commerce, e-governance, telecom, banks, insurance and BFSI, Public Sector Units (PSUs), law enforcement agencies like Police and Judiciary as well as academia, Government schools and colleges

  • Survey Phase I: Information Security and Privacy practices implemented by IT-BPM companies
  • Survey Phase II: Data security survey in key industry verticals