Government could make critical sectors use Indian cybersecurity products: Report

The government is gearing up to introduce a draft policy mandating companies in critical sectors to utilize cybersecurity products and services developed within India, according to a report by the Indian Express. The forthcoming National Cybersecurity Reference Framework (NCRF), devised by the National Critical Information Infrastructure Protection Centre (NCIIPC) in collaboration with the National Cybersecurity Coordinator (NCSC), is poised to articulate distinct roles and responsibilities for organizations operating in pivotal sectors such as banking, energy, telecommunications, and healthcare. Anticipated to provide a structured framework under existing regulations, policies, and guidelines, the NCRF may require companies in these critical sectors to deploy cybersecurity solutions from India exclusively.

Initiated last year, the preliminary NCRF was circulated privately among companies and government departments to solicit feedback, although it has not been officially subjected to public consultation. In conjunction with the primary policy document, three supplementary compendiums have been created, outlining international cybersecurity standards, products, and solutions.

This development gains significance in the context of the escalating frequency of cyberattacks on critical government infrastructure in recent months. Instances such as the SPARSH portal data breach, which jeopardized the personally identifiable information of approximately 3 million veterans, and the data breach at the state-run Indian Council of Medical Research, involving sensitive personal data of around 810 million Indians being traded on the dark web, underscore the pressing need to fortify cybersecurity measures.

Disclaimer: This information has been collected through secondary research and IBEF is not responsible for any errors in the same.