India to mandate trusted network devices by 2027 in cybersecurity push

The Indian government aiming to ensure that every device that is connected to a network comes from a trusted source by 2027, the new National Cybersecurity Coordinator (NCSC) Lt Gen MU Nair said on October 27.

Nair, who was speaking at a panel discussion on the inaugural day of the seventh edition of the India Mobile Congress (IMC), said, “The scope of National Security Directive on Telecommunication Sector (NSDTS) will increase over the next few years where we will ensure that every device that is connected to a network whether hardware or software used, are all from a trusted source and is a trusted product.”

“We propose to have the device be connected to a network or in a will be either from a trusted source or a trusted product by about 2027,” he added. However, the methodology through which the government will conclude whether a device is trusted or not is not clear.

The NSDTS launched in 2021, aims to classify telecom products and their sources under the ‘trusted’ and ‘non-trusted’ categories.

The NCSC, under the National Security Council Secretariat, coordinates with different central-level agencies in matters of cyber security issues of national and critical importance

Nair’s comments come on the backdrop of Prime Minister Narendra Modi signalling cybersecurity as a key focus area for the country. He called for greater self-reliance in cybersecurity hardware and software at the Indian Mobile Congress.

Nair also said that India’s average number of cyber security incidents reported are way higher than the global average. While the global average for reported cyber security incidents in the last six months stood at 1,164, the figure for the same period for India stood at 2,168.

The National Cybersecurity Coordinator also said that in the last six months, 58 per cent of malicious files in the cyber domain such as information stealers, ransomware etc have been delivered through the web.

While pointing out the lack of cybersecurity awareness in government and commercial organisations, Nair said, “As a routine and part of government machinery for any commercial organisation, one doesn’t feel the significance of security of cyberspace as a key result area. Investments, resource resource location in this area, therefore, is minimal, with implications not being thought of…”

“We are perhaps ignoring the single most factor that can freeze all our digital assets impacting every citizen, not only our country, but all across the world..” Nair warned. Moneycontrol