India released New Cyber security policy framework and outlined potential future initiatives to protect government and non-government information installation from non-state actors. I congratulate all involved stakeholders for coming out with minimum framework to protect our information. The policy talks about public-partner collaboration to tackle any attack on India information installation and at the same time assure all users from different verticals to about their information safety. The policy is like forward looking statement of publically traded company financial statement. Before talking about future, I believe accepting the leakage in the current information security system installation and roadmap to plug the same. In a country where maximum number of user accessing social sites through mobility device are first to line of user being exposed and targeted by non-state actors.
In 2010, similarly TRAI came out with very ambitious regulation related to Unsolicited Commercial Communications, Server hosting location, User data storage and access, Network management professional origin requirement and many more. The reality is not bad but very bad. It is the easiest thing to get user information and target them with malware, adware and phishing through multiple medium and interestingly maximum user are not aware that they are being targeted. Flood of email advertisement through spammer companies advertising well-known brand clearly indicate business originator.
Instead of talking about future framework including PPP model, government must focus on increasing social awareness ad campaign. Few days of print based awareness program is not going to educate Indian citizen but focussed effort is needed. How many times, we have seen any security awareness ad flashing during Prime Time TV shows. The policy is definitively going to bring in latest technology and revenue potentials for leading security firm. There must clear guideline for all government and non-government organization to install X-Y-Z security solution to fulfil India Vision of Cyber Security. I strongly believe that this time around user may see real change rather than launching and dumping regulation without proper tracking.
