India has been waiting for a national cybersecurity strategy for over three years now—so we filed an RTI with the IT Ministry to find out more about the hold-up. "The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy, which holistically looks at addressing the security issues of national cyberspace," responded the Cyber Security division of the IT Ministry last week. "No further information is available with CPIO [Chief Public Information Officer]." This reply is nearly identical to IT Minister Ashwini Vaishnav's parliamentary response on the matter last December. Why it matters: Without the strategy, there are few incentives for organisations to implement robust cybersecurity practices. Data, privacy, and digital services are heavily compromised in the process. The multiple cybersecurity attacks hitting the country of late, particularly on government institutions, are a prime example of this. What did we ask for? A list of all the individuals and entities that submitted comments on the strategy during its public consultations in 2019, along with copies of their submissions. We also asked for copies of any orders indicating when the finalised strategy will be introduced. Whose jurisdiction is this anyway? The limited response is surprising—especially given that the RTI was bumped around between departments before it was forwarded to the appropriate one. We first filed an RTI with the Department of Electronics and Information Technology (MeitY) on the strategy earlier this year. Two weeks later, our application was transferred to the Prime Minister's Office. A day later, it…
