With the establishment of the National Critical Information Infrastructure Protection Centre (NCIIPC) in 2014, India has taken an important measure towards strengthening its cybersecurity. But while the establishment of NCIIPC as such is a positive step forward, several shortcomings mark, however, its implementation.
In this paper, I will first briefly outline the origin and development of NCIIPC and will then go on to critically examine three challenges or limitations in particular: NCIIPC’s command and control structure; fallacies in the framework that was used to rank sectors in order of criticality; and the absence of sector-specific guidelines and standard operating procedures (SoPs). As we will see, each of these contributes to important vulnerabilities remaining in India’s critical information infrastructure (CII).
15 Mar 2016