GUWAHATI, Sept 27 - For the first time, the State is going to have a comprehensive cyber security policy. The policy, which aims at ensuring, promoting and sustaining a safe and resilient cyberspace for citizens, business and government, is also expected to go a long way in protecting the sustainability of cyber security infrastructure.
The cyber security policy will also enforce the various IT security policies and guidelines defined for the Government of India, such as the IT Act 2000 (and amendment 2008), National Cyber Security Policy 2013, National Data Sharing and Accessibility Policy (NDSAP-2012), etc.
�The government had sought suggestions for preparing the draft by September 30. It will be approved after a detailed assessment, and once approved, the policy will be operative for five years,� State IT Department sources told The Assam Tribune.
The IT Department, which will be the nodal department for administering the policy, will also have the authority to implement and modify the policy and formulate guidelines, issue notifications and set up a monitoring mechanism for implementation.
�The policy will identify, analyze, protect and build capabilities to prevent and respond to cyber threats posed to the State�s information and information infrastructure in cyber space through a combination of institutional structures, people, processes, technology and cooperation,� sources said, adding that it would protect the State government�s digital information as well as data within its custody and safeguard its confidentiality, integrity and availability.
Establishing safeguards to protect the information technology systems and resources from theft, abuse, misuse and any form of damage is another major objective, as is to establish responsibility and accountability for information security in the State departments and agencies.
According to sources, vital data pertaining to the NRC, State police and citizen-centric services would get some much-needed security through the policy. It will help protect the State government�s digital information as well as data within its custody and safeguard its confidentiality, integrity and availability.
�The policy will ensure protection to crucial government infrastructure from hacking and manipulation. One of its main aims is to identify, analyse, protect and build capabilities to prevent and respond to cyber threats.
The IT Department will constitute an apex committee under the chairmanship of the senior-most Secretary of IT Department within 30 days from Gazette notification of the policy. The apex committee will provide policy directions to carry out implementation and monitoring of cyber security in the State.
Further, the policy will promote emerging technologies, like artificial intelligence, machine learning, block chain, etc., for ensuring cyber security in the State. It will also introduce course curriculum in schools and colleges on cyber security for skilling the youths. Another objective is to provide training and capacity building of the employees on cyber security on a regular basis to allow them to minimize the occurrence and severity of information security incidents.
�Overall, the policy will put in place a dynamic cyber security framework to address the information security challenges in a holistic manner involving all stakeholders,� sources said.
The policy will be reviewed from time to time, considering the threat landscape of cyber security for the State.