Partnership to Address Staffing CrisisGovernment Leads Initiative to Develop 12,050 Security Pros
In line with Prime Minister Modi's Digital India campaign, the National Institute of Electronics and Information Technology, under the Ministry of Communications & IT, has taken up the task of skilling 12,050 information security professionals this year. NIELT will leverage the public/private partnership model to meet its training goals.
Discussing the initiative, Dr. Ashwini Sharma, managing director, NIELT, says many critical services essential to the well-being of the economy are increasingly dependent on IT. "As such, the government is making efforts to identify the core services that must be protected from electronic attacks, and seeks to work with private and public organizations responsible for these systems so that their services are secured in a way proportional to the threat perception."
In line with information security education and awareness, NIELT has designed a certification scheme course on information/cybersecurity which any prospective candidate can undertake and complete. It has three certification levels, from very basic to the most advanced level.
Yet, security leaders tell ISMG they are concerned about the government's inadequate efforts in addressing the nation's information security staffing challenge.
"As far as the PPP model goes, the digital India programme provides information about the vision to combat cybersecurity," says Mumbai-based Dinesh Bareja, principal adviser-IS at Pyramid Cyber Security and Forensics Pvt. Ltd and member of Open Security Alliance. "But tactical and operational plans are missing."
Skills Development Through PPP
In line with Modi's vision of making cybersecurity an integral part of national security, NIELT is leveraging the public/private partnership model to provide a strong foundation for developing courses to impart training on how to mitigate real cyber-attacks.
"We are leveraging the public/private partnership model to launch awareness campaigns in information security in partnership to train 12,050 infosecurity professionals in the country this year as part of the digital India program," says Dr. Sharma.
For this, NIELT will partner with CERT-In, C-DAC (Centre for Development of Advance Computing) , DSCI (Data Security Council of India), ERNET (Education & Research Network), Standardisation Testing and Quality Certification Directorate and others.
"This will help create awareness around cybersecurity hygiene, so people will know cybersecurity's a crucial domain in Information security," Dr. Sharma says.
Being part of the government's Information Security Education and Awareness Project, NIELT has involved six master trainers from US-based Carnegie Mellon University and academia from Indian Institute of Sciences and IITs to impart training, and is rolling out short-term courses to build professionals.
"We have rolled out seven NIELT centres across Gorakhpur, Agartala, Chennai, Jammu, Calicut and Aurangabad to train cybersecurity and infosec professionals," Dr. Sharma says.
It has launched these short-term certification courses:
- Certification Scheme in Information Security;
- Certified System Security Analyst;
- Certified Information Systems Security Auditor;
- Certified System Security Solution Designer;
- Certified Computer Forensic Professional.
Security leaders says launching an operation of this scale in training infosecurity professionals is a good move. However, they say one cannot overlook the challenges regarding spotting real talent and profiles and private and public enterprise participation.
Bareja cites the specific challenges of poor infrastructure, quality of service, policy apathy, the slow pace of judicial recourse, capacity and the capability of law enforcement services and other bodies.
"The challenge lies in every enterprise understanding the severity of cyber-threats and encouraging their teams to acquire infosec skills that safeguard critical infrastructure," Bareja says.
Another area of concern, he says, is the lack of a designated agency to monitor the initiative and ensure success. He argues that NIELT must also monitor and ensure the investment commitments from industry leaders toward skilling infosec professionals lead to the success of making India a truly digital powerhouse.
Mumbai-based Sunder Krishnan, executive vice president and chief risk officer at Reliance Life Insurance, and chairman of ISACA's task force advisory group, says the biggest challenge is the government's ineffective action in combating cyber-threats through skill development programs.
"While there's been big talk and ambitious plans to build capacity, I do not see concrete steps taken to meet the targets or in setting stringent deadlines," Krishnan says.
"I am not sure if the department has a good skill development project management framework in place to work in coordination with industry and private enterprises," he says.
Experts say the key points the government should understand while designing a skills development plan is that newer attacks will be severe; only a few security professionals have the capability to fend off a sophisticated attack; and it is difficult to spot the right talent with adequate knowledge in this space.
Security leaders advise the government to be pragmatic in setting the expectations from the private and public enterprises, and also take stringent measures in ensuring their commitments are met.
"The private players have made commitments, and we see mind-boggling numbers offered in investment in equally mind-boggling time frames," Bareja says. "However, it is good to have public commitments, and this will drive smaller players to also come forward for their piece of the action, which has to be monitored through a good action plan."
This initiative cannot be successful without PPP, experts say. Initiatives for supporting research and funding will also help considerably.
"NIELT has to work with the task force set up by the NASSCOM in meeting its target of training 12,050 professionals in this space while prescribing policy frameworks for private and public players, which is more easy and realistic to adhere to," Krishnan says.
NIELT's Dr. Sharma remains optimistic about the initiative. "We will effectively leverage advanced virtual environment-based interactive information security training kits developed for advanced level information security skill development to impart training to web developers, system administrators, network administrators, security professionals, government officers, police personnel, defence force personnel working in IT areas to equip them to combat cyber-threats."