Digitally Secure: Plan to train govt personnel on cybersecurity is a good move

While the Centre is yet to release the National Cybersecurity Policy 2020, it has started efforts to plug cybersecurity gaps. As per The Indian Express, state- and central-government employees will be trained on cybersecurity/cyberhygiene best practices over the next two-three years. Broadcast Engineering Consultants India Limited (BECIL), a PSU, has been tasked with selecting agencies for this. Given how the scope for government handling of citizens’ data in the digital format has greatly expanded in recent years, training government official on cybersecurity is a necessity.

The plan to train employees on which emails to open and what attachments to access is essential, but there is also a need to upgrade infrastructure and reporting mechanisms. India was one of the first countries to have a national cybersecurity policy, but the policy focussed on the private sector’s cybersecurity readiness while there was little oversight on the government’s readiness. An article in this paper by Kanishk Gaur highlights the flaws in the existing system; CERT-In requires all government organisations to carry out regular vulnerability and penetration testing once a year, but the contracts are awarded on a lowest-bid basis.