Sources said after the cyberattack on AIIMS servers last December, which exposed the security infrastructure of healthcare system, the proposal was once again pushed for the approval of the Cabinet Committee on Security headed by PM Modi
The government is considering to make health as India’s seventh ‘critical sector’, sources have confirmed News18. The other key sectors such as banking, financial services and insurance, telecommunications and transportation among others are also awaiting final approval to be formally declared ‘critical sectors’.
According to a senior government official, the proposal was drawn last year but put on back burner. Sources said after the cyberattack on AIIMS servers, which exposed the security infrastructure of healthcare system, the proposal was once again pushed for the approval of the Cabinet Committee on Security headed by Prime Minister Narendra Modi. It is expected that the proposal made by the National Security Council Secretariat is likely to get cleared.
Read More: Sudden Fog In Delhi-NCR Hits Flight Operations At IGI Airport
The AIIMS cyberattack, which took place last December, has led to an urgency to officially declare health as a critical sector to enhance protection of assets from cyber threats.
The move would help the ministry or department to get sufficient support from various cyber security establishments. Also, funds would be allocated accordingly for the purpose.
The present proposal is seeking an approval of the Cabinet Committee on Security (CCS) for formal declaration of seven sectors of the nation, that are, banking, Financial Services & Insurance, (BFSI), telecommunications, power & energy (P&E), Strategic & Public Enterprises (S&PE), transportation, government and health as ‘critical sectors’.
If the proposal gets approved, it will help the concerned ministry or department in carrying out due diligence and accord priority to the allocation of resources including finances, for promoting cyber security within their jurisdiction, the official said.
Last year, it was unanimously recommended that seven sectors (six mentioned earlier) and health may be considered as ‘critical sectors’. The National Critical Information Infrastructure Protection Centre (NCIIPC) moved to NSA to declare these sectors “critical”. The approval of the CCS is required for formally declaring the above mentioned seven sectors as ‘critical’.
Read More: Tirupati Temple’s Darshan To Get Easy With Introduction Of Facial Recognition System From March 1
The NCIIPC has been designated as the national/nodal agency in respect of Critical Information Infrastructure Protection since 2014. The NCIIPC is responsible for identifying all the Critical Information Infrastructure (CII) elements in the country for the approval by appropriate government authority for notifying the same. It is responsible for providing strategic leadership and coherence in the government to respond to cyber security threats against identified CII.
The Covid-19 pandemic has enhanced digitisation in almost all sectors of the country but has also led to increase in threats to cybersecurity. Therefore, for securing the Indian cyberspace from the growing trend of complex cyber incidents / attacks, it was necessary to identify and declare ‘critical sectors’ where the focus is to improve cyber security posture and cyber defence, the official added.
HOW IT WILL HELP
Once health is declared as the seventh critical infrastructure, the ministry or the department will get the right impetus and direction to identify the critical assets, information infrastructure, processes that would need to be protected in terms of ‘Confidentiality, Integrity and Availability’. This, in turn, will lead to prioritisation and allocation of resources including human resources and finances, by the concerned ministry/ department to protect their computer systems and networks.
IT ACT DEFINES CRITICAL INFRASTRUCTURE
The IT Act 2000 defines critical infrastructure: “The appropriate government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.” It means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.
