It is time for India to develop an action plan to counter the China Cyber Risk on our Country.

Under the Information Technology Act 2008, it is the duty of the CERT-IN to protect the national Cyber Space. For this purpose, enormous powers have been vested with the authority under Sections 69,69A,69B and 70B. Time has come to check the useful of such legislation.

I place before the Government of India an action plan consisting of the following agenda.

 1.  A security advisory should be sent officially from CERT-In to all the Indian Companies to ensure that any purchase of electronic devices from China which are capable of being used with Internet must be subjected to a security clearance by a committee constituted for this purpose along with a general China Cyber Risk Status report for the company. The committee which should consist of security specialists should file a report to the Board of Directors and this should be part of the disclosures to be made in the annual report since this directly affects the security of information owned by the company.

2. CERT IN should advise the Ministry of Commerce to introduce an Export licensing system so that any export of IT skills and software to China is monitored and suitably regulated.

3. CERT In should also advice the Ministry of Commerce to introduce a special import “Quality Inspection” requirement for all imports of electronic devices from China with a capability of being connected to Internet.

4. CERT In should demand a report from all Indian companies about information on employment of people of Chinese origin and examine the risks associated in entrusting security critical IT work to such work force.

5.CERT In should advise all Indian ISPs to ensure that any IP traffic from and to China are monitored for security threats.

6. CERT-In should invite private sector information security professionals to constitute themselves into a consultancy group and collaborate with CERT-In for the purpose of public-private partnership in National Cyber Security.

7. CERT In should set up a China Cyber Risk Management Task force which should implement a coordinated action plan to supervise the above strategies and to chalk out a suitable long term action plan.

8.CERT In should move action for an International Treaty with like minded countries to form a consoritum for monitoring IP traffic from and to China from all the countries.

9.CERT In should move ICANN to ensure that a global system for isolating China from Internet should be put in place so that in the event of a Cyber War, the threat from China may be contained quickly.

In case CERT In does not agree that China poses a Cyber Risk to India, they should come out with a suitable statement stating that China does not pose a Cyber Threat to India and no special action plan is necessary.

Securing India from the Cyber Threats is not only an IT issue and hence there is need for response from the Ministry of Defence and the PMO on how they will coordinate the activities with CERT In. In case necessary, it is time to constituthe Cyber Command bringing together the interests of all minsitries who have a stake in the national security.

We look forward to a response from CERT-In on all these aspects. Hope media in Delhi takes up this issue with the kind of enthusiasm and persistence that is being shown in public interest cases such as the Ruchika case.

Naavi

Be Sociable, Share!