Back

CHAPTER 5: SECURE INDIA - ENSURING DIGITAL SOVEREIGNTY, SAFETY AND SECURITY OF DIGITAL COMMUNICATIONS

Details of the Section

2022 Goals:

  • a. Establish a comprehensive data protection regime for digital communications that safeguards the privacy, autonomy and choice of individuals and facilitates India’s effective participation in the global digital economy
  • b. Ensure that net neutrality principles are upheld and aligned with service requirements, bandwidth availability and network capabilities including next generation access technologies
  • c. Develop and deploy robust digital communication network security frameworks
  • d. Build capacity for security testing and establish appropriate security standards
  • e. Address security issues relating to encryption and security clearances
  • f. Enforce accountability through appropriate institutional mechanisms to assure citizens of safe and secure digital communications infrastructure and services

Submission Closed

Details of the Section

1.1 Establish a strong, flexible and robust Data Protection Regime,

(a) Harmonising communications law and policy with the evolving legal framework and jurisprudence relating to privacy and data protection in India, including:

  • i. Amending various licenses and terms and conditions, wherever necessary, to incorporate provisions with respect to privacy and data protection

(b) Addressing issues of data protection and security in digital communications sector, by:

  • i. Ensuring that core data protection and security principles are applied and enforced
  • ii. Promoting the usage of indigenous communication products and services

Submission Closed

Details of the Section

1.2 Provide Autonomy and Choice for every citizen and enterprise

(a) Recognising the need to uphold the core principles of net neutrality:

  • i. Amending the license agreements to incorporate the principles of non-discriminatory treatment of content, along with appropriate exclusions and exceptions as necessary
  • ii. Ensuring compliance with net neutrality principles, by introducing appropriate disclosure and transparency requirements.

Submission Closed

Details of the Section

1.3 Assure Security of Digital Communications

(a) Addressing security issues across layers:

  • i. Infrastructure Security (physical infrastructure, cyber-physical infrastructure, hardware & network elements), Systems Security (equipment, devices, distributed systems, virtual servers)
  • ii. Application and Platform security (web, mobile, device and software security)

(b) Developing security standards for equipment and devices:

  • i. Telecom Testing and Security Certification (TTSC) to develop and enforce security standards for digital communications products and services
  • ii. Aligning with global standards on safety and security
  • iii. Harmonising the legal and regulatory framework applicable to security standards such as the BIS Act, Electronics & Information Technology Goods (Requirements for Compulsory Registration) Order, Indian Telegraph Act, etc.
  • (c) Participating in global standard setting organisations to ensure consideration for local needs of the Indian communications industry

    (d) Strengthening security testing processes by:

    • i. Enhancing institutional capacity to perform testing, including establishing domestic testing hubs and laboratories with state-of-the art facilities
    • ii. Establishing comprehensive security certification regime based on global standards
      • (e) Formulating a policy on encryption and data retention, by harmonising the legal and regulatory regime in India pertaining to cryptography with global standards, as applicable to communication networks and services

        (f) Facilitating Security and Safety of Citizens, Institutions and Property by:

        • i. Facilitating establishment of a Central Equipment Identity Registry for addressing security, theft and other concerns including reprogramming of identity of mobile handsets
        • ii. Facilitating lawful interception agencies with state of the art lawful intercept and analysis systems for implementation of law and order and national security
        • iii. Increasing awareness amongst users about security related issues concerning digital communications networks, devices and services

        (g) Establishing a Security Incident Management and Response System for Digital Communications Sector by:

        • i. Instituting a sectoral CERT
        • ii. Improving information sharing and coordination between various security agencies, including CERT-In and sectoral CERTs as may be necessary
        • iii. Enforcing obligations on service providers to report data breaches to authorities and affected users, based on specific parameters
        • iv. Strengthening the Security Audit Mechanism

        Submission Closed

Details of the Section

1.4 Developing a comprehensive plan for network preparedness, disaster response relief, restoration and reconstruction

(a) Strengthening network resilience by:

  • i. Framing and enforcing standard operating procedures to be followed during disasters and natural calamities, including sectorial guidelines for disaster response applicable to various service providers
  • ii. Establishing institutional framework to promote monitoring of activities, rapid dissemination of early warning disaster notifications and better coordination and collaboration between relevant Ministries / Departments, including the National Disaster Management Authority of India

(b) Developing a Unified Emergency Response Mechanism, by:

  • i. Creating an institutional framework with clearly defined roles and responsibilities, Standard Operating Procedures and technical guidelines
  • ii. Incorporating obligations under the license terms and conditions for implementation of Next Generation 112 services in all areas, based on geo-location technologies, and provide online access to caller location and details to authorised central and state agencies
  • iii. Enforcing obligations of service providers to share infrastructure, and ensure interoperability in emergency situations in a network-agnostic, operator-agnostic and technology-agnostic manner

(c) Enhancing the Public Protection and Disaster Relief (PPDR) plan for India by:

  • i. Facilitating the establishment of a Pan-India network for Public Protection and Disaster Relief (PPDR)
  • ii. Making necessary spectrum available for PPDR including by establishing INSAT satellite-based mobile communication systems
  • iii. Implementing global and regional harmonized spectrum Plans for PPDR

Submission Closed

Back