Governance & Risk Management , Incident & Breach Response , Information Sharing
Gulshan Rai to Head Cybersec at PMO
CERT-In's Chief to be Special Secretary, CybersecurityMultiple sources say CERT-In director general, Dr Gulshan Rai is about to be formally named to a new role, the equivalent of special secretary heading the cybercrime and cybersecurity center at the prime minister's office.
Internal sources at the Department of Electronics and Information Technology say that the talks about appointing Dr. Rai have been ongoing for a year now. It's finally been decided to escalate him to special secretary's rank at the PMO to handle India's cybersecurity. Dr. Rai is expected to be responsible for laying down policies and guidelines to protect the critical ICT infrastructure and co-ordinate with cybersecurity agencies in implementing the same.
See Also: 'But I Was Compliant...' - Investing in Security for a Compliant Business
ISMG reached out directly to Dr. Rai, who declined to confirm or deny this new appointment.
"I am not sure of this move, as I do not have any official letter from the government," he says.
However, Dr. Rai agreed that this move has been in the cards for some time. "There are two things: one to get an official letter for me to really confirm the news, and second, the relieving date should be clear, right?"
Long-Discussed Move
Sources say that Dr Rai will assume the new role in the next few days. They also say that the discussion to bring in Dr. Rai comes in the wake of Prime Minister Narendra Modi stating his concerns about cybersecurity and the proposed danger it holds for India during his address at Nasscom's 25th anniversary.
Meanwhile, DeitY, under the ministry of communications and information technology, has put up an advertisement on its official website calling for candidates to fill the post of director general, ICERT, at New Delhi - the current post held by Dr Rai.
Over a year ago, the government had discussed appointing the head of the National Cyber Security Council, whose primary task would be to co-ordinate among the various agencies involved in cybersecurity, and Dr. Rai's name was actively considered. The plan did not materialize because of legal issues and objections that arose, questioning the legal powers of the center.
Dr. Rai recently was selected as one of the five-member cybercrime panel of leading academicians and professionals, which sources believe is a prelude to the plan of his new appointment. Dr. Rai was instrumental in creating the draft policy of the National cybersecurity policy of 2013 with a vision to create a cyber-resilient country.
Industry Reacts Positively
Cyber experts commend the likely move, saying that it would be ideal to get Dr. Rai to assist the PMO in co-ordinating with various segments under cybersecurity to ensure the success of the e-governance program.
Security practitioners acknowledge that Dr Rai can contribute immensely to making the cyber world more secure if rightly empowered.
"PMO, being the supreme body, can effectively leverage Dr. Rai's skills, given his expertise in developing security framework, standards and guidelines on cybersecurity," says Delhi-based Neeraj Aarora, cyber lawyer and forensic examiner who regularly interacts with CERT-In,
Mumbai-based Prashant Mali, president, cyber law consulting, finds Dr. Rai's current role as the head of CERT-In statutory. "In his new role, he would be an adviser and a policymaker to lay down the vision and clear strategy to fight cybercrime."
Expectations?
With the proposed change, cybersecurity practitioners expect establishment of an institutional cybersecurity framework and cyber-force to provide adequate support to the police and legal machinery.
While the industry sees greater challenges for Dr. Rai, given the increasing vulnerabilities, some of the expectations that the industry has of him are to help stengthen the cybersecurity framework to international levels, develop schemes to ensure cybersecurity meets the government, business and public needs and co-ordinates action among all verticals and horizontals.
Mali suggests setting up a country-wide single point of contact for getting data from foreign countries, establishing a country-wide cyber criminal database and make it available as a cellphone app to all cyber crime police, spreading cybercrime awareness in schools and other institutions.
"Dr. Rai should take stringent measures in advising the goverment in making the IT Act 2000 part of the curriculum of law and other infosec courses and leave no stone unturned in creating a resilient cyberspace," Mali says.