The Ministry of Electronics and Information Technology (MeitY) is planning to create a domestic operating system to boost the government’s capabilities to deal with potential internal and external threats as it formulates a comprehensive cybersecurity framework.
A few technology giants have their own cybersecurity infrastructure from the primary layer onwards and have software to protect stored data. The government plans to do the same. It also proposes to establish a dedicated team of professionals to evaluate how the infrastructure needs to evolve to keep with the latest developments in the technological field. With the advent of 5G, the Internet of things (IoT), and the growth in cybercrime, there is a need for a more comprehensive framework that addresses national security threats.
An official noted that it is not just the primary layer or the OS that needs to be indigenous but also the software used for cybersecurity. According to a report by the Hindustan Times, the government should consider customising open-source software based on its security requirements, rather than developing a new OS from scratch, as that may not be a practically viable option, the official stated. Open-source software benefits from continuous scrutiny and improvements made by the community of programmers. There have been several instances where government domain email addresses were used to launch cyberattacks and the discovery of critical vulnerabilities in some government servers, underscoring the need for the country’s digital infrastructure to be made more secure. The government has also started cybersecurity training for all officials. The country has many channels to transmit data, including undersea cables and satellites and India needs to upgrade its framework to deal with the vast amount of data being circulated.
As per a recent survey reported by the Business Line, 71% of organisations in India attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place in response to the pandemic. The study consisted of more than 1,300 security leaders, business executives, and remote employees worldwide, including 92 responses in India. 80% of Indian organisations plan to have employees working from home at least once a week in the next 12-24 months, while 63% plan to make a permanent move to remote work over the next two years.
However, 53% of security and business leaders showed concerns that their organisations are only somewhat or not at all prepared to secure their workforce strategy. A lack of employee awareness to secure home networks and personal devices (53%) and visibility into employee security practices (56%) are specific security challenges. Only 29% of respondents felt that they have enough staff to adequately monitor the attack surface. It is clear that organisations need to eliminate blind spots by shoring up their defences to support the next phase of their workforce model, the report stated.
The study also found that the fast deployment of new technologies to facilitate remote work heightened the level of risk for Indian businesses. In the past year, a significant 88% of Indian organisations experienced a business-impacting cyberattack, with 56% of respondents indicating that the attacks targeted remote workers. 63% of security leaders attributed recent attacks to a third-party software vendor compromise — underscoring the need for greater visibility into the atomised attack surface. In a bid to address this demand, Indian security leaders plan to increase cybersecurity investments in vulnerability management (92%), cloud infrastructure and platforms (84%), and identity access management (66%).