A legal framework is also in the offing for cybersecurity standards; the ministry has also asked for a security audit of NPCI infrastructure, Bhim and UPI applications by CERT-In
The ministry of electronics and information technology plans to formulate a legal framework to ensure compliance with security standards which will be mandated for mobile phones.
Besides, a legal framework is also in the offing for cybersecurity standards to prevent any cyber attacks at a time when the focus is on connecting the country through a digital medium, a senior official from the ministry told DNA Money.
Under the initiatives for mobile security, the ministry has already asked mobile phone firms for information on security procedures and privacy norms followed by them. It has also asked for a security audit of NPCI (National Payments Corporation of India) infrastructure, Bhim (Bharat Interface for Money) and UPI (Unified Payments Interface) applications by CERT-In (The Indian Computer Emergency Response Team), the official added.
"All these measures are being undertaken to create a framework wherein all will be mandated to follow certain procedures for security of users' data," the official said.
Two sub-committees have been constituted for developing security standards whose report is expected to be out soon; one is on the process for digital payments under Reserve Bank of India and another on the security of technology.
Recently minister of electronics and IT Ravi Shankar Prasad had a meeting with senior officials of the ministry to finalise the requirements for creating cybersecurity standards framework.
"The formulation of appropriate standards, a legal framework for enforcing applicable standards and a compliance mechanism -- testing, certification and surveillance are the immediate requirements," the official added.
BIS Act has a working group on information security and biometrics and it has adopted other security standards, typically with a lag. However, no cybersecurity has been mandated under this Act.
Makers of Internet of Things (IoT) devices and set-top boxes will also be asked to submit security procedures just like mobile phone firms. Also, WiFi routers and IP cameras which are using default settings become vulnerable to cyber threats, while in case of set-top boxes, the prevalence of Chinese Conditional Access System is leading to potential vulnerability, the official added.
The ministry is also looking at amendments in the Information Technology (IT) Act in line with the changing times.
Pavan Duggal, a cyber expert and Supreme Court lawyer, said technology is changing rapidly. The current IT Act is a thoroughly outdated legislation and the last amendments were done in 2008; that too was merely some changes and all issues were not addressed. "Technology has changed so much in the last ten years. The IT Act needs to reflect existing realities of today's world. Even cyber security needs to addressed well. We still do not have a framework for it," he said.
...& ANALYSIS
- The IT ministry has asked for a security audit of NPCI infrastructure, Bhim and UPI applications by CERT-In
- Two sub-committees have been constituted for developing security standards; report to be out soon
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Cellphone security")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}