Close on the heels of China Cyber Security Law, we now have a draft of a comprehensive Cyber Security law from Singapore. Both are interesting pieces of legislation that requires a detailed analysis which we may keep for a later day.
These developments will obviously trigger a thought on whether India should also consider a similar law.
In India, we have the ITA 2008 which provides the office of the Director General, CERT-IN all the powers that is required to implement an effective Cyber Security plan across the Cyber Space. These powers are supplemented with Sections 69,69A and 69B which provides powers to the secretaries of Home and IT additional powers that can lead to Cyber Security related decisions. Once the Data Protection law comes in, there will be a “Data Protection Commissioner” in place.
Presently, RBI already regulates the Financial Sector which is the key sector for Cyber Security. CERT-IN is restricting its control mostly to the Critical Information Infrastructure and is not imposing itself on the private sector as regards Cyber Security issues.
Most of the objectives that the Singapore legislation tries to achieve can be achieved in India through notifications by the CERT-IN. Legal empowerment is already present and we may not need a separate law to reach our objectives though the temptation for a new law is always great.
Probably CERT-IN needs to expand its work force base to meet all the responsibilities that an Apex Cyber Security Organization needs to fulfill. It also needs to step out of Delhi and start a sub-office in places like Bengaluru to be in close touch with South India and the IT hub.
Such regrouping and enhancement of CERT-IN resources is perhaps a more effective option than to think of another separate law with overlapping powers for executives and additional expenditure for the Government.
Perhaps more discussion is needed on this aspect and the two day conference in Delhi on “Securing Cyber Space-2017” on July 14th and 15th should be one forum in which these discussions may start.
Naavi
Reference:
Singapore releases draft of a Cyber Security Law