The responsibility for the job has been vested in National Critical Information Infrastructure Protection Centre (NCIIPC), the nodal agency to coordinate cyber security operations for critical infrastructures across the country. NCIIPC has prepared a five-year plan to completely revamp and integrate the cyber security apparatus of all critical infrastructure such as power, transportation, water, telecommunication and defence.
The agency, which is soon to be notified, further plans to set up sectoral Computer Emergency Response Teams (CERTs) that will be connected to it. It will install sensors on all critical systems to give real-time information to its command and control centre about any cyber attack to formulate quick response.
The government has also defined clear mandates for NCIIPC and CERT-IN, which is also engaged in cyber security of national infrastructure. NCIIPC will only look after absolutely critical sectors that have high threat perception coupled with greater dependence on computer and information technology (CIT), while other sectors will be with CERT-IN. These sectors (with NCIIPC) have been identified as energy (power, coal, oil and natural gas), transportation (railways and civil aviation), banking and finance, telecom, defence, space, law enforcement and security.
Functioning under the aegis of National Technical Research Organization (NTRO), NCIIPC last Monday also organized the first national conference of chief information security officers (CISO) of critical sectors of the government.
Sources said this is part of the step to first create awareness and ensure setting up of a robust security system in all critical government agencies at their own level. The task has been divided into five phases. Once agencies set up their security infrastructure, it will be connected to NCIIPC.
"There are plans to open a Cyber Security Operation Centre, a 24/7 control room for real-time information and response and a National Institute of Critical Information Infrastructure Protection for training of CISOs. We will also issue daily cyber alerts," said NCIIPC director Muktesh Chander in a presentation.
Sources said this infrastructure will ensure that NCIIPC gets real-time information as soon as a cyber attack happens on any network, can quickly analyze different attacks and provide immediate response. "If the same virus attacks different systems, we will not have to analyze them separately and formulate different responses," said an official.
National security advisor Shivshankar Menon, who addressed the gathering, stressed on participation of the private sector and said, "The NCIIPC is setting up a joint working group with representatives of industry associations to bring out guidelines for protection of critical information infrastructure in India."