India needs a central coordinator for its cybersecurity ops

Given how the government appeared to be lacking a clear response on the cybersecurity breach at the Kudankulam Nuclear Power Plant, a central data security agency is an idea whose time has come. In 2017, when NITI Aayog’s cybersecurity report was published, there were 36 bodies under different Union ministries, including the Computer Emergency Response Team India (Cert-IN). Each of these bodies has its own reporting structure and response protocol on managing cybersecurity. Now, each of the states has its own Cert, as had been recommended by NITI Aayog, and more cybersecurity cells have been added by central ministries. While the security infrastructure and reach seems to have become robust, a lack of coordination—the Kundankulam episode is proof of this—has left the system performing sub-par. The government, as per a report in Hindustan Times, is planning an umbrella organisation for all cybersecurity concerns, emulating the system in place in the UK, the US, and Singapore. To be sure, the government had already created the office of the National Cyber Security Coordinator. But, a central hub for coordination can perhaps ensure more effective action. For instance, in the case of an attack, the central command can immediately be alerted, and then other government agencies can ramp up defences to protect from a further breach. Had the Kudankulam attackers wanted, the breach could have easily crawled from the nuclear power plant to other utilities, shutting down the whole system.