wordpress blog stats
Connect with us

Hi, what are you looking for?

What we know about National Cyber Coordination Centre from IT Committee report

indian products

The COVID-19 pandemic affected the implementation of the union government’s cybersecurity project, the National Cyber Coordination Centre (NCCC), leading the government to revise down funds required by half in financial year 2020-21.

For FY2020-21, the Ministry of Electronics and Information Technology (MEITY) revised down funds from Rs 170 crore (Budget Estimate) to Rs 80 crore (Revised Estimate) under the head Cyber Security Projects (NCCC & Others). Note that from the budget documents, it appears that CERT-in, NCCC, and the broader cyber security projects by the union government receive budgets under two heads: “Cybersecurity (NCCC & CERT-in)” and “Cyber Security Projects (NCCC & Others)”. The latter allotment is made under PM Narendra Modi’s flagship Digital India scheme.

When questioned about the significant downward revision of funds required under “Cyber Security Projects (NCCC & Others)” under Digital India, MEITY said funds used during the first two quarters of FY21 was lower since COVID-19 impacted NCCC’s operations. The actual disbursement was only Rs 24.07 crore being disbursed eventually.

This was disclosed in a report by the Parliamentary Standing Committee on Information Technology, led by Shashi Tharoor, on MEITY’s demand for grants for FY21-22. In the same report, MEITY seemed to cite shortage of funds as the reason for National Cyber Coordination Centre’s implementation remaining incomplete. While detailing the phase-wise implementation plan for NCCC, MEITY said that the full-fledged Centre will be implemented “within a period of one year if requisite funds are provided“.

Now, MEITY’s budget estimates for FY21-22 for the the NCCC, CERT-in, and broader cyber security projects is

Advertisement. Scroll to continue reading.
  • Rs 216 crore for Cybersecurity (NCCC & CERT-in) and
  • Rs 200 for Cyber Security Projects (NCCC & Others) under Digital India

Urgency of setting up NCCC cannot be overemphasized: IT Committee

The IT Committee noted with concern that although the NCCC’s setting up was approved back in April 2015 (with an outlay of Rs 770 crore), it was only allotted budgets from FY17-18  and its implementation has been delayed citing shortage of funds. Cyber attacks on critical infrastructure “have become commonplace” and the urgency of setting up NCCC “cannot be overemphasized”, the Shashi Tharoor-led IT Committee noted.

The country can hardly afford the sluggish approach of the Ministry in setting up of NCCC as a pro-active agency in dealing with issues relating to cyber space. The Committee desire that Detailed Project Report which is under consideration of Department of Finance be expedited and the Ministry make adequate provision of funds for Cyber Security Projects (NCCC & Others) scheme so that the project of setting up of NCCC is not delayed any further.— IT Committee Report [emphasis supplied]

What we know about NCCC

The NCCC, which scans and records metadata, was approved in 2013 and was live as of August 2017. The NCCC can “actively” tie up with other cyber intelligence agencies to collect and share data to conduct surveillance, although, via lawful means. It is limited to online and cyber intelligence and collects data through tie ups with other intelligence units. The government’s meta data scanner is likely to have access to NATGRID and also information collected by agencies under the Home Ministry.

According to MEITY’s submission to the Committee on NCCC’s status, the government said it had set up the Centre to generate “real-time macroscopic views” of cyber security threats in India. Here’s what we learnt from the Committee’s report:

  • Objective: It is a multi-stakeholder body being implemented by CERT-In at MEITY, that scans and shares metadata online and coordinates among different agencies to mitigate cyber security threats. NCCC’s objective is to secure India’s cyberspace through security policy, compliance and assurance, incident early warning, security training and so on.
  • Approval and timeline: The setting up of the NCCC was approved with an outlay of Rs 770 crore for a period of five years and was initiated in April 2015 after approval.
  • Phase I: In Phase I, the project on Threat and Situational Awareness (NCCC Test Bed) has been implemented. Phase-I of NCCC was operationalised in July 2017, where in metadata from 20 sites of ISPs and organisations is being analysed. Another 15 remote sites are targeted to be operationalised by August, 2021. Steps have been taken for implementation for the remaining 250 metadata collection sites. The office space is currently being renovated. Data Centre co-location services is being hired for primary and disaster recovery site for NCCC.
  • Posts: A total of 65 posts (60 S&T and 5 non-S&T) were sanctioned in yr. 2016 out of which 57 posts have been filled (54 S&T and 3 non-S&T), recruitment for remaining posts is currently going on. A proposal for creation of remaining 59 posts (S&T and non-S&T) as per the NCCC Detailed Project Report (DPR) is under consideration with Department of Expenditure, Ministry of Finance. The full-fledged NCCC will be implemented within a period of one year if requisite funds are provided, MEITY said.

Budgets allotted over the years

Cyber Security (CERT-in & NCCC) | Year: Budget Estimate, Revised Estimate, Actual

  • FY21-22: Rs 216 crore
  • FY20-21: Rs 140 crore, Rs 90 crore, Rs 61.22 crore
  • FY19-20: Rs 42 crore, Rs 35 crore, Rs 29.98 crore
  • FY18-29: Rs 40 crore, Rs 31.83 crore, Rs 29.90 crore

Further, the Ministry also allots more funds under the Digital India programme for cyber security under the head Cyber Security Projects (NCCC & Others) | Year: Budget Estimate, Revised Estimate, Actual

  • FY21-22: Rs 200 crore
  • FY20-21: Rs 170 core, Rs 80 crore, Rs 24.07 crore (as of February 1, 2021)
  • FY19-20: Rs 120 crore, Rs 102 crore, Rs 92.07 crore
  • FY18-29: Rs 110 crore, Rs 110 crore, Rs 107.48 crore

Make CoWIN, Aarogya Setu secure: IT Committee

Both the CoWIN app and the Aarogya Setu app need to work in conjunction to be effective against COVID-19, the Committee noted in its report.

MEITY informed the Committee that CoWIN will serve as a backend application for ensuring “smooth” vaccination sessions and Aarogya Setu will serve as the frontend citizen facing application. The Committee stressed upon the need for apps to sync since they have been developed by two different ministries, CoWIN by the Health Ministry and Aarogya Setu by MEITY.

As vaccination progresses, and the apps garner significant user bases, they become “susceptible and lucrative targets” for cyber attacks, such as the phishing attack targeting the COVID-19 vaccine cold chain, the Committee noted. It recommended that adequate security arrangements be put in place to ensure that both apps do not fall prey to cyber attacks.

MEITY took note of the global phishing attack on the vaccine cold chain and also disclosed that there were some attacks on some prominent pharmaceutical companies in India. “CERT-in has been at the forefront in detecting this; responding to those issues; and helping the concerned organizations to ramp-up their security as well,” the Ministry had said.

Read more 

Advertisement. Scroll to continue reading.

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ