Internet Democracy, an initiative by the NGO Point of View, has released an interactive map of Indian Government’s cyber security institutions. It provides a clearer picture of the hierarchy of the cyber security agencies under the Government. We have listed some of the most important agencies that are involved in cyber surveillance or dealing with cyber crime.
Institutes focusing on national cyber security:
The New Media Wing (NMW) and the Electronic Media Monitoring Centre (EMMC) come under the Ministry of Information and Broadcasting (MIB) and are involved in media surveillance. The EMMC reports breaking news aired on networks to the National Security Advisor and the Principal Secretary to the PM. The NMW tracks the internet, including microblogs etc., to government relevant trends and gauge public opinions.
Most of the institutes under the Ministry of Home Affairs (MHA) also fall in this category. The National Intelligence Grid (NATGRID) which keeps all sorts of citizen data in a single database that can be accessed by officers from RAW, CBI, IB etc., comes under the MHA. The National Cyber Coordination Center (NCCC) and the National Crime Records Bureau (NCRB) also come under this ministry.
Other than this, the Home Affairs Ministry directly controls the Intelligence Bureau (IB), the National Investigation Agency (NIA), the Central Bureau of Investigation (CBI) and the Narcotics Control Bureau (NCB). All institutes under the MHA are in charge of internal security in some capacity. The NCB and IB are exempted under RTI.
The Ministry of Communication and Information Technology controls CERT-In, the Indian Computer Emergency Response Team that performs emergency cybersecurity functions and releases annual reports of security incidents. The proposed National Media Analytics Centre (NMAC) and Digital Swachhata Kendra (DSK) will also come under the MCIT. NMAC will monitor and analyse content on the internet and counter negative content, while DSK will look to deal with malware and botnets.
Department of Electronics and Information Technology (DEITY): Operating under the MCIT, DEITY is responsible for ensuring cyberspace security, other than delivering government services online and promoting the IT sector. It is directly responsible for institutes like UIDAI which operates the Aadhaar database, to NIXI, the National Internet Exchange of India.
Prime Minister’s Office (PMO): Institutions under the PMO have a wide range of responsibilities from dealing with cybercrime, incident response, global internet and governance. Directly controlled institutions include:
– National Security Council (NSC) which directly controls the National Security Council Secretariat (NSCS), Strategic Policy Group (SPG) and National Security Advisory Board (NSAB)
– The Cabinet Committee on Security (CCS) through which decisions like the formation of a new body, or response after an attack, have to go through
– and the Research and Analysis Wing (RAW) which is responsible for international intelligence collection.
The PMO administratively controls the National Technical Research Organisation (NTRO), which is directly responsible for the National Institute of Cryptology Research and Development as well as the National Critical Information Infrastructure Protection Centre.
Ministry of Finance (MoF): The Central Economic Intelligence Bureau (CEIB) operates under MoF. It directly controls various intelligence agencies that deal with economic offences.
Institutes which focus on external cyber security:
– The Defence Intelligence Agency (DIA) operates under direct control of Ministry of Defence (MOD). MOD also administratively controls Defence Research and Development Organization (DRDO) and the Institute of Defense Studies and Analysis. These institute focus on international level offensive and defensive capabilities of the nation.
– Global Cyber Issues Cell operates under the direct control of the Ministry of External Affairs (MEA). This cell tracks the international processes that affect national policy making.
Policy: The National Information Board (NIB), a policy making body for cybersecurity, operates independently and is chaired by the National Security Advisor. Established in 2002, it deals with issues related to surveillance and cyber crime.