New Defense Cyber Agency Chief Spells Out PrioritiesBut Will the Government Actually Carry Out His Priorities?
Rear Admiral Mohit Gupta, who was recently appointed chief of India's new Defense Cyber Agency, has made a series of recommendations for top action-items. But will the government actually carry out his priorities? (See: New Cyber Agency to Battle Against Hackers )
Gupta is calling for the nation to adopt a new cybersecurity law, create an exclusive budget for cybersecurity and establish a taskforce that helps organizations in the battle against hackers.
The new agency that Gupta heads must carefully study the issues of making the right cybersecurity investments, building a workforce with the required skills and developing a concrete cybersecurity policy - and then take action.
He also is recommending that both government and enterprises should devote 10 percent of their IT budgets to cybersecurity. And he notes the government is developing a new five-year cybersecurity policy to be unveiled by year's end.
Security leaders are hopeful that the new agency, which pools talent from the Army, Air Force and Navy, will take a lead role in addressing cybersecurity threats. And Gupta's recommendations, made in a recent speech, are encouraging.
But the new agency that Gupta heads must carefully study the issues of making the right cybersecurity investments, building a workforce with the required skills and developing a concrete cybersecurity policy - and then take action.
A First Step
Some critics argue that the new agency's top priority should be to gauge the growing challenges the country is facing in protecting its critical infrastructure.
For example, Mumbai-based Ritesh Bhatia, cyber fraud investigator and forensic professional, says emerging cyberthreats are making many security technologies obsolete.
Delhi-based Col. Inderjeet Singh, chief cyber security officer, Vara United Ltd., a cybersecurity firm, adds: "The risks owing to newer threats have grown dynamically, and there is spike in the cost of the solutions. ... Organizations face budgetary constraints which should not be ignored by the defense agency that's responsible for tackling threats."
Some security leaders argue that the new defense agency should take a proactive approach to countering threats and building a resilient security posture.
"It's time IT and cybersecurity are treated as two separate entities and budgetary planning needs to be done accordingly," Bhatia says regarding the government's spending priorities. Spending on training for cybersecurity teams, acquisition of detection technology and cyber insurance needs to increase, he says. To develop a proactive defense policy to help battle against cyberattackers, some security leaders say the new cyber defense agency should:
- Create a clear charter to spell out the roles and responsibilities of those in the agency for safeguarding the national critical information infrastructure;
- Ensure the formation of CERTs in the finance, power, smart cities, healthcare and telecom sectors;
- Develop policies on how to tackle new threats involving the use of artificial intelligence and drones as well as social engineering;
- Create a standardized cybersecurity framework to be adopted by all organizations in the public and private sector;
- Help craft a cybersecurity law that can support various sections and clauses under IT Act;
- Come up with industry-specific cybersecurity regulations.
The cybersecurity coordinator's office has also been mandated to appoint a CISO for every ministry and provide them with the resources to tackle threats. So security professionals are awaiting news on how the new Defense Cyber Agency will work in tandem with the prime minister's office's national cybersecurity coordinator in achieving its goal of battling against hackers.