NCIIPC
CERT-IN

NCIIPC the good and bad side of India's nodal cybersecurity body

Pallavi Vishwakarma
July 3, 2023

In 2008, the Indian parliament finally recognized the need for a focussed approach to cybersecurity and separated it into two segments: Critical and Non-Critical. And therefore, the NCIIPC was created and given the responsibility to protect all CII, and CERT-IN was assigned to manage all non-critical systems.

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organization of the Government of India created under Sec 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16th Jan 2014. It is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection. NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing, and situational awareness for early warning or alerts.

Value added by NCIIPC in cybersecurity

  • Identification of critical sub-sectors.
  • Issuance of Cyber Alerts and Advisories Daily and Monthly
  • Coordinate, share, monitor, gather, evaluate, and anticipate national-level risks to critical information infrastructure (CII) for policy guidance, knowledge exchange, and situational awareness for early warning or alerts. The agency in charge of running a CII system is primarily responsible for keeping it secure.
  • Research and development for a secure and knowledgeable environment
  • Assist CII owners in implementing the best practices, standards, and policies for CII protection.
  • Create awareness and training around cybersecurity.
  • Protect against cyberterrorism, cyberwarfare, and other threats by providing guidance aimed at reducing the vulnerabilities of vital information infrastructure.
  • Provide strategic leadership and coherence across governments to respond to cybersecurity threats against the identified critical information infrastructure.

Things wrong with NCIIPC

  • Even if the NCIIPC runs a responsible vulnerability disclosure procedure, the carelessness and lack of communication go completely against the spirit of that program. It is detrimental to their information security posture when they fail to promptly patch highly-critical vulnerabilities and notify affected citizens of the incident.
  • The ethical hacking organization reports that it found over 13,000 personally identifiable records exposed as well as instances of file leakage, exposed private keys, and 35 exposed credentials in the NCIIPC servers and applications. And when they were alerted about this by NCIIPC only one-eight of the total vulnerabilities were patched by the NCIIPC.
  • NCIIPC has identified the following as ‘Critical Sectors’ – Power & Energy, Banking, Financial Services & Insurance, Telecom, Transport, Government, and Strategic & Public Enterprises still there were attacks that have caused havoc for those working in that sector. From the Oil India Limited ransomware attack in April to the grounded Spice Jet flights in May that left passengers stranded for four hours, to Goa's flood monitoring system in June, to the reported banking data breaches in August, to the more recent cyberattacks on the AIIMS healthcare sector and the onslaught that followed on Safdarjung Hospital in New Delhi, authorities have realized the need to prepare for an escalation in cyberattacks in future.

Final Thoughts

The development of India's cybersecurity has advanced significantly with the creation of NCIIPC. As they have introduced CII as a key sector to protect, finally the Indian institution is in place to implement policies that will make organizations compulsory to focus on cybersecurity. However, due to some reason, they are not able to implement it effectively but if the Indian government has identified cybersecurity as a major concern then they must have to include CII as an important aspect of their security policies.

SecOps Solution is an award-winning agent-less Full-stack Vulnerability and Patch Management Platform that helps organizations identify, prioritize and remediate security vulnerabilities and misconfigurations in seconds.

To schedule a demo, just pick a slot that is most convenient for you.

Next

Related Blogs

Cyber Security
The Role of Patch Management in Compliance and Regulatory Requirements
Ashwani Paliwal
July 28, 2023
Patch Management
Compliance
Auto Patch
The Role of Patch Management in Compliance and Regulatory Requirements
Ashwani Paliwal
April 25, 2024
Cyber Security
Patch Wednesday Day (12/100) - KB5036909 Patch
Ashwani Paliwal
July 28, 2023
PatchDay
SecurityPatch
Deployment
Patch Wednesday Day (12/100) - KB5036909 Patch
Ashwani Paliwal
April 24, 2024
Cyber Security
Top 10 Qualys VMDR Alternative
Ashwani Paliwal
July 28, 2023
Qualys
Alternatives
Top 10
Top 10 Qualys VMDR Alternative
Ashwani Paliwal
April 23, 2024
Cyber Security
How Automated Patch Management Improves IT Security and Efficiency
Ashwani Paliwal
July 28, 2023
PM Tools
Auto Patch
Security
How Automated Patch Management Improves IT Security and Efficiency
Ashwani Paliwal
April 22, 2024
Cyber Security
What is SOC as a Service (SOCaaS)?
Ashwani Paliwal
July 28, 2023
SOC
cybersecurity
Threat
What is SOC as a Service (SOCaaS)?
Ashwani Paliwal
April 20, 2024
Cyber Security
How to increase ec2 storage without shutting down the system
Ashwani Paliwal
July 28, 2023
AWS
EC2
Cloud Security
How to increase ec2 storage without shutting down the system
Ashwani Paliwal
April 19, 2024
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud AgentTenable NessusRapid7 InsightVM
Resources
CVECase StudieseBooksPolicy TemplatesBlogPricing
Company
About UsContactCareer
Try It
Patch AstraEPSS CalculatorContactFree ScanSchedule DemoLog In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :