The National Cyber Safety and Security Standards (NCSSS) plans to release online security guidelines for private and public sector companies in India “to secure their online data” by the end of this year, Hindu Business Line reports.
While a set of guidelines could help companies secure their online data, it is not clear how the agency will go about pushing it. In the report Amar Prasad Reddy, Additional Director-General, NCSSS is quoted as saying that they will include ISPs under the guidelines so that websites publishing confidential material can be immediately taken down. While this could have been in reference to information that is leaked from servers by hackers, it could also be used to clamp down on Snowden leaks, Radia tapes, or other whistleblower information!
S Mohan, Chairman of NCSSS says that these are just guidelines and that the organisation won’t mandate any rules. However, knowing the way laws are passed in India there is a chance that these guidelines might be added to existing laws.
The primary objective of the guidelines are to help institutions like banks, government enterprises and private firms deal with sensitive material, secure their data on the Internet. According to Symantec (pdf), India is the third most vulnerable country in the world when it comes to data breach threats from malicious cyber activities, and 1 in 8 legitimate websites have a critical vulnerability.
The upcoming policy will also suggest collaboration between States and the Centre to exchange information about attacks and installation of safety measures to minimize such attacks. This is also an aspect that has been touched upon in National Cyber Security Policy (pdf) that was unveiled in July last year. This policy deals with creating and ecosystem for cyber security in the country.
Considering there is already a policy in place around online safety, it is not clear what NCSSS is trying to achieve with this new policy other than suggesting a crackdown on leaked information via ISPs.