National Cyber Security Policy

The National Cyber Security Policy (NCSP) is a strategic framework established by the Government of India to safeguard public and private infrastructure from cyber threats, protect sensitive data, and build capabilities to respond effectively to cyber incidents. It aims to create a secure, resilient, and trustworthy cyberspace that supports national security, economic growth, and citizens’ digital well-being.

Background and Need

With the rapid expansion of India’s digital ecosystem — driven by e-governance, financial technology, social media, and critical information infrastructure — the country has witnessed a corresponding rise in cyber threats, including hacking, phishing, ransomware, identity theft, and data breaches.
Recognising these risks, the Ministry of Electronics and Information Technology (MeitY) introduced the National Cyber Security Policy, 2013 to establish a comprehensive approach towards cyber protection. The policy was designed to align with global standards and to promote collaboration among government agencies, private organisations, and individuals to ensure the security of cyberspace.
A new and revised National Cyber Security Strategy (NCSS) 2020 has since been proposed to update the framework in line with emerging technologies and threats, though it is yet to be officially adopted as policy.

Objectives of the National Cyber Security Policy

The policy outlines multiple objectives to enhance India’s cyber resilience:

1. To create a secure cyber ecosystem in the country through coordination among stakeholders.
2. To strengthen protection of critical information infrastructure such as energy, defence, transport, banking, and telecommunications.
3. To build capacity and capability in terms of technology, skills, and institutional frameworks for effective cyber security.
4. To promote research and development (R&D) in cyber technologies and foster innovation.
5. To raise awareness among citizens, businesses, and government departments about safe online practices.
6. To encourage international cooperation on cyber issues, including information sharing and best practices.
7. To enable a legal and regulatory framework that addresses emerging cybercrimes and ensures effective enforcement.

Vision and Mission

• Vision: To build a secure and resilient cyberspace for citizens, businesses, and the government that enhances trust and confidence in electronic transactions and information systems.
• Mission: To protect information and infrastructure in cyberspace, reduce vulnerabilities, and minimise damage from cyber incidents through appropriate institutional mechanisms and coordination.

Key Features and Strategic Components

1. Protection of Critical Information Infrastructure (CII)
   • Identification and protection of critical assets across sectors like power, banking, defence, telecom, and transport.
   • Coordination through the National Critical Information Infrastructure Protection Centre (NCIIPC), established under the National Technical Research Organisation (NTRO).
2. Cyber Threat Management Framework
   • Development of real-time threat intelligence and incident response mechanisms.
   • Strengthening of the Indian Computer Emergency Response Team (CERT-In) as the nodal agency for monitoring and responding to cyber incidents.
3. Capacity Building and Skill Development
   • Training of cyber security professionals, researchers, and auditors.
   • Establishment of cyber labs, testing centres, and academic programmes in universities.
   • Aim to train over 500,000 professionals in cyber security.
4. Public–Private Partnership (PPP)
   • Collaboration between government, academia, and the private sector for sharing threat intelligence and developing secure technologies.
   • Engagement with industry associations to improve cyber hygiene and compliance.
5. Legal and Regulatory Framework
   • Enhancement of cyber laws under the Information Technology (IT) Act, 2000, particularly its 2008 amendments.
   • Development of legal processes for digital evidence, cybercrime investigation, and cross-border data sharing.
6. Information Sharing and Coordination Mechanisms
   • Creation of sectoral CERTs for specific industries (e.g., banking, power, defence).
   • Establishment of coordination channels between CERT-In, ISPs, and law enforcement agencies.
7. Research, Innovation, and Indigenous Development
   • Promotion of indigenous technologies for encryption, network defence, and secure communication.
   • Support for national R&D projects in cryptography, intrusion detection, and data protection.
8. Cyber Awareness and Education
   • Nationwide campaigns to promote cyber safety and responsible digital behaviour among citizens.
   • Introduction of cyber security topics in school and higher education curricula.
9. International Cooperation
   • Engagement with global organisations, regional forums, and other countries for cyber diplomacy and capacity sharing.
   • Participation in international cyber security conventions and bilateral agreements.

Institutional Framework

The implementation of the National Cyber Security Policy involves several key institutions:

• Ministry of Electronics and Information Technology (MeitY): Nodal ministry for policy formulation and coordination.
• CERT-In (Computer Emergency Response Team – India): Central agency for cyber incident reporting, response, and coordination.
• NCIIPC (National Critical Information Infrastructure Protection Centre): Responsible for protection of critical infrastructure.
• National Informatics Centre (NIC): Provides secure IT infrastructure for government operations.
• Cyber Crime Coordination Centre (I4C): Functions under the Ministry of Home Affairs to tackle cybercrime investigation and enforcement.
• State-level CERTs and Cyber Cells: Handle local-level cyber incidents and awareness programmes.

Challenges in Implementation

Despite its strong framework, the National Cyber Security Policy faces several challenges in execution:

1. Lack of Coordination among central and state agencies, leading to fragmented responses.
2. Shortage of skilled manpower in advanced cyber forensics and network security.
3. Rapidly evolving cyber threats such as ransomware, zero-day attacks, and data breaches.
4. Inadequate funding and limited research infrastructure for indigenous cyber solutions.
5. Weak private-sector participation, especially among small and medium enterprises (SMEs).
6. Legal and jurisdictional complexities in cross-border cybercrime cases.

Proposed National Cyber Security Strategy 2020

Recognising the limitations of the 2013 policy, a National Cyber Security Strategy 2020 has been proposed to strengthen the framework. Its key pillars are:

• Secure: Establish robust security architecture and governance mechanisms.
• Strengthen: Develop skilled manpower, cyber audit systems, and testing infrastructure.
• Synergise: Promote coordination among government agencies, industry, and international partners.

The strategy also emphasises the development of cyber insurance, critical infrastructure resilience, data protection standards, and incident reporting frameworks.

Significance of the Policy

• Protects India’s digital economy and supports initiatives like Digital India and Smart Cities.
• Builds national capability against cyber espionage, sabotage, and warfare.
• Enhances public trust in online governance and financial systems.
• Promotes innovation and entrepreneurship in cyber security technologies.