This policy, therefore, aims to create a cyber security framework, which leads to specific actions and programmes to enhance the security posture of country's cyber space.
To build a secure and resilient cyberspace for citizens, businesses and
To protect information and information infrastructure in cyberspace,
build capabilities to prevent and respond to cyber threats, reduce
vulnerabilities and minimize damage from cyber incidents through a
combination of institutional structures, people, processes, technology
1. To create a secure cyber ecosystem in the country, generate adequate
trust & confidence in IT systems and transactions in cyberspace and
thereby enhance adoption of IT in all sectors of the economy.
2. To create an assurance framework for design of security policies and
for promotion and enabling actions for compliance to global security
standards and best practices by way of conformity assessment
(product, process, technology & people).
3. To strengthen the Regulatory framework for ensuring a Secure
4. To enhance and create National and Sectoral level 24 x 7 mechanisms
for obtaining strategic information regarding threats to ICT
infrastructure, creating scenarios for response, resolution and crisis
management through effective predictive, preventive, protective,
response and recovery actions.
5. To enhance the protection and resilience of Nation's critical
information infrastructure by operating a 24x7 National Critical
information Infrastructure Protection Centre (NCIIPC) and mandating
security practices related to the design, acquisition, development, use
and operation of information resources.
6. To develop suitable indigenous security technologies through frontier
technology research, solution oriented research, proof of concept, pilot
development, transition, diffusion and commercialisation leading to
widespread deployment of secure ICT products / processes in general
and specifically for addressing National Security requirements.
7. To improve visibility of the integrity of ICT products and services by
establishing infrastructure for testing & validation of security of such
8. To create a workforce of 500,000 professionals skilled in cyber security
in the next 5 years through capacity building, skill development and
9. To provide fiscal benefits to businesses for adoption of standard
security practices and processes.
10. To enable protection of information while in process, handling, storage
& transit so as to safeguard privacy of citizen's data and for reducing
economic losses due to cyber crime or data theft.
11. To enable effective prevention, investigation and prosecution of cyber
crime and enhancement of law enforcement capabilities through
appropriate legislative intervention
12. To create a culture of cyber security and privacy enabling responsible
user behavior & actions through an effective communication and
13. To develop effective public private partnerships and collaborative
engagements through technical and operational cooperation and
contribution for enhancing the security of cyberspace.
14. To enhance global cooperation by promoting shared understanding
and leveraging relationships for furthering the cause of security of
A. Creating a secure cyber ecosystem
1. To designate a National nodal agency to coordinate all matters related
to cyber security in the country, with clearly defined roles &
2. To encourage all organizations, private and public to designate a
member of senior management, as Chief Information Security Officer
(CISO), responsible for cyber security efforts and initiatives.
3. To encourage all organizations to develop information security policies
duly integrated with their business plans and implement such policies
as per international best practices. Such policies should include
establishing standards and mechanisms for secure information flow
(while in process, handling, storage & transit), crisis management plan,
proactive security posture assessment and forensically enabled
4. To ensure that all organizations earmark a specific budget for
implementing cyber security initiatives and for meeting emergency
response arising out of cyber incidents.