It's Official: Rai is New Cyber ChiefExperts Offer Advice for India's New Head of Cybersecurity
Dr. Gulshan Rai, former director general of CERT-IN, has finally taken charge as India's first cybersecurity chief at the prime minister's office.
Rai was said to have been named to the post in early March, but he declined at that time to confirm the news. Earlier this week, Information Security Media Group reached out directly to Rai, who now confirms his appointment as the chief of India's cybersecurity at the PMO. He is expected to take up all measures to strengthen and preserve India's cybersecurity while laying emphasis on public-private partnership in making the national cybersecurity policy more practical.
"I'm just going to take over the new responsibility," Rai says. "At this point, I'm not in a position to give details about my new role and responsibilities or define any set agenda."
Industry experts welcome the government's decision to appoint Rai. They acknowledge that, given his experience with cybersecurity, e-governance, dealing with the legal framework and being instrumental in creating a draft of the National Cybersecurity Policy of 2013, Rai can contribute significantly in his role.
"Creation of such a position has been desired by the industry and was one of the key recommendations of the NASSCOM-DSCI Report of 2012 - 'Securing Our Cyber Frontiers'," says Dr. Kamlesh Bajaj, CEO at the Data Security Council of India. "This role will be important to drive the PPP initiatives in cybersecurity and enhance collaboration and coordination between government agencies."
Delhi-based Pavan Duggal, Supreme Court advocate and president of Cyberlaws.Net, maintains that this is the first time that this kind of position in cybersecurity has been filled - and it comes at a moment when cybersecurity is no longer just a governmental subject because large chunks of India's critical information infrastructure are in private hands.
"There is a need to identify loopholes in the existing legal framework and fix them at the earliest in order to protect and preserve country's infrastructure," Duggal says.
Among the top expectations for Rai: initiating a practical national cybersecurity policy not confined only to paper, but implemented in its full capacity. Rai is also expected to promote entrepreneurship through those who can contribute immensely toward development and innovation in the cyber domain.
Mumbai-based Dinesh O Bareja, principal adviser-IS practice at Pyramid Cyber Security and Forensics Pvt. Ltd., expects a more proactive approach. "Information sharing, incident response and critical infrastructure protection are woefully inadequate - in terms of preparedness, readiness and resilience; in some cases, they are not even present," he says. "Dr. Rai should initiate establishing a center of excellence/policy to prepare properly defined sectoral policies, frameworks and standards localized to India's requirements."
Duggal argues that the government must have an agenda with primacy for cybersecurity: it is critical not just for protection and preservation, but also because it becomes absolutely essential for successful implementation and ongoing evolution of Digital India. While there's a need for a fine balance between protection of cybersecurity and enjoyment of civil liberties, including personal and data privacy, capacity building will be the topmost priority, he adds.
Bajaj believes the government's agenda for cybersecurity should include the following:
- Recognizing cybersecurity as a strategic domain of national security and implementing a robust national cybersecurity framework;
- Strengthening protection of critical information infrastructure through public-private partnerships;
- Promoting research and development, innovation, investments and entrepreneurship;
- Focusing on building capabilities and skills across sectors and domains;
- Contributing and taking leadership in global forums to protect India's strategic interests.
Immediate IssuesCritical information infrastructure protection in governmental and private sectors is the topmost issue for Rai to address, several experts say.
However, Duggal says, "The priority is to ensure that governmental and confidential information on governmental computer networks and resources are not accessed by unauthorized bodies."
He expects the new body to push for more open consultative approach on cybersecurity and its technical, policy and regulatory issues and pave the way for effective implementation and running of various PPP projects.
Bareja says the immediate issues for Rai are:
Agra-based Rakshit Tandon, cybersecurity adviser to UP Police, says, "It is important to recommend having state-specific cybersecurity and forensic policies, which will help law enforcement groups to deal with cybercrime effectively."
What Next at CERT-IN?
With Rai's movement to the PMO, his former post at CERT-IN is vacant, and it's expected to take about two months to fill. In response to an advertisement put up by DeitY on its official website, calling for candidates, sources say that about 20 applications have been received. The ministry of communications is evaluating them. Until then, sources say the senior-most person at CERT-In, in the rank of additional secretary, will be put in charge.
Meanwhile, the information security industry is curious to understand the progress made on the five-member cybercrime panel, including leading academicians and professionals, that the home ministry had set up, with Rai as one of the panel members.