India has been working in the direction of establishing a Tri Service Cyber Command for Armed Forces of India since 2013. In the year 2014, India government reiterated its commitment to form the cyber command but again no concrete steps were taken by then government in this regard. The position remains the same till the month of June 2016 as we have no dedicated cyber command for armed forces in India till now.
However, things are going to change very soon. Some officials and analysts in India are calling for progress on the tri-service command on cyber security that is still pending approval by the Ministry of Defense. Perry4Law Organisation (P4LO) has been recommending about such cyber command since 2013 and we once again request the Indian government to do the needful in this regard. The proposed cyber command could cover all the three segments of armed forces of India. P4LO also strongly recommend that sector specific Computer Emergency Response Teams (CERTs) must also be established on the lines of CERT-In. Indian government must also expand the role of the first Chief Information Security Officer (CISO) of India, the position presently held by Dr. Gulshan Rai.
Cyber attacks against India have significantly increased and India must be well prepared to deal with the same. In fact, Indian cyberspace must be protected on a priority basis and suitable techno legal offensive and defensive mechanisms must be established by Indian government in this regard. Indian cyber security is lagging far behind as compared to other countries. India is still struggling to deal with issues like cyber warfare, cyber espionage and cyber terrorism, etc. The critical infrastructure protection in India and its problems, challenges and solutions (pdf) are still to be managed by Indian government.
At P4LO we firmly believe that a dedicated cyber warfare policy of India (Pdf) must be formulated as soon as possible. The present effort of Indian government seems to be a step towards that objective. However, the main thing is the implementation of various policies formulated from time to time. Till now Indian government has not been able to implement the objectives of the National Cyber Security Policy of India 2013 (NCSP 2013). Further, India government has also failed to integrate the NCSP 2013 with the National Security Policy of India.
Another major failure of Indian government in this regard is the failure to enact a legislation mandating strict cyber security disclosure norms in India. Although proposed in the year 2013, the disclosure norms for cyber security breaches in India are still not implemented. This would prevent actual and effective implementation of cyber security norms in India. Recently the Reserve Bank of India (RBI) has hinted for such disclosure norms on the part of banks in India. A cyber security framework for banks in India has been prescribed by RBI and banks are required to comply with the same till 30th September 2016. So work in these directions is also taking place in India although in a very slow manner.
A proposal to set up a dedicated tri-service command for cyber security has been forwarded to the Ministry of Defense after top officials with the Indian air force, army and navy approved the idea. But the plan has yet to be approved. A draft proposal for setting up a separate tri-command on cyber warfare was prepared in consultations with the chiefs of the Indian air force, Indian army and Indian navy after Chinese hackers broke into the computer systems of the headquarters of the Eastern Naval Command in Visakhapatnam in 2012 where the homemade Arihant nuclear submarine was undergoing sea trials.
During the same time, Defence Research and Development Organisation (DRDO) informed that their computer systems were breached and sensitive files were leaked. A top defence ministry officer admitted that India has delayed on the cyber security front. “Cyber command would ensure both offensive and defensive cyber security capabilities. Issues like cyber warfare, cyber espionage and cyber terrorism, etc. would be taken care of by a cyber command. Nevertheless, the proposal to set up the cyber command was kept in abeyance. P4LO hopes that Indian government would now clear the cyber command as we have a government that has both will and courage to see through this much needed project.