India’s cybersecurity budget is inadequate: Experts

India's cybersecurity budget was more than doubled last year. Yet, it is "woefully inadequate" in the wake of revelations made by US National Security Agency contractor Edward Snowden and increasing cyberattacks on government infrastructure, according to experts.

In 2014-15, the Department of IT has set aside Rs 116 crore for cybersecurity. The country has proposed to set up a national cybercoordination centre (NCCC) with a separate budget of Rs 1,000 crore. The coordination centre is still awaiting Cabinet clearance. "Allocation is woefully inadequate given Snowden's revelations we need at least 10 times that amount," said Sunil Abraham, executive director at Center for Internet and Society.

According to the Computer Emergency Response Team-India (CERT-In), reported attacks on Indian websites have increased nearly five times in the past four years. Until mid-2014, CERT-In recorded more than 60,000 incidents. Cybersecurity of government infrastructure faces multiple issues. It needs better hardware and software audits and implementation of proposed projects.

According to Sivarama Krishnan, executive director at consultancy firm PwC which works on various government projects, cybersecurity budgets might be spread across various government departments and the allocation has seen encouraging growth since the Narendra Modi government has come into power. "In real essence, the government spending in security has been growing," said Krishnan. "Every Digital India discussion ends with cybersecurity being talked about."

Experts also pointed out the need for a singular view of the government's cybersecurity infrastructure. "Various states are doing many things for cybersecurity. Once these kinds of islands are get set up, it would be worth seeing how the government is going to integrate all of them to convert into a productive vehicle," said Krishnan.

Government software needs to be audited for security loopholes better as multiple software exploits have taken place in the past few years. "There is a lot of security and non-security testing that can be outsourced to SMEs, academia and even individual researchers in an open fashion," said Abraham.

The IT Department has set aside Rs 117 crore for Standardisation of Testing and Quality Certification (STQC) programme, which audits government software and hardware for loopholes.

The national cybercoordination centre, if it becomes a reality, will be a big step in fighting cybercrime. "If that comes about, that has an outlay of several hundred crores, that would show a greater intent of the government in fighting cybercrime," said Kamlesh Bajaj, chief executive at Data Security Council of India, an independent self-regulatory body set up by Nasscom.

However, many are sceptical of how the government plans to implement programmes that fight cybercrime."The main thrust should be defensive measure like adoption of cryptography," said Abraham. "Natgrid was supposed to give quite a lot of intelligence including cyber. It has gone to sidelines," said Krishnan.

Comments