Govt to have Cyber Security Analysts, CERT, Early Warning System; set up CoE, think tank

‘Will combat cyber terror, protect J&K from threats’

*Jammu, Srinagar to have Security Operation Centres

Sanjeev Pargal

JAMMU, Dec 2: The Jammu and Kashmir Government will be initiating a series of steps to tackle cyber attacks which include creation of a pool of ‘Cyber Security Analysts’ to combat cyber terrorism, establish Centre of Excellence (CoE) for tackling modern-day security threats, set up a ‘think tank’ for policy and decision inputs, have an early warning and response system and form Computer Energy Response Team (CERT).
All this is part of Cyber Security Policy 2022 which has been approved, official sources told the Excelsior.
“Jammu and Kashmir will create a pool of ‘Cyber Security Analysts’ trained in cyber security, to work as part-time security specialists of the Government, advising the Government in combating cyber terrorism, protecting the UT from cyber threats, simulating cyber-attacks to help find security loopholes, and assisting JK-CERT on the ground in case of a cyber-security incident,” the Cyber Security Policy document, a copy of which is in possession of the Excelsior, revealed.

It proposed to create a Centre of Excellence (CoE) for combating modern-day security threats. This state-of-the-art facility will be equipped with means to detect any security threats.
“The CoE will provide Centralized Incubation Facility to create specialized professions for Jammu and Kashmir and country to help combat cyber threats. It would also contribute towards real-time monitoring and analysis of security events as well as tracking and logging of security data for compliance of auditing purposes,” the Policy proposed.
It said the Government shall create a think tank comprising of relevant stakeholders for policy and decision inputs to facilitate cooperation and collaboration against cyber threats at the highest level.
As per the Policy document, the Government will establish Jammu Kashmir-Computer Energy Response Team (JK-CERT), which will be a nodal agency for the UT to coordinate with institutions, organizations and companies.
It will contribute towards the UT’s efforts for a safer and stronger internet for all citizens by responding to major incidents, analyzing threats, and exchanging critical cyber security information with trusted partners.
“The Cyber Security Police Framework intends to provide holistic and complete solution for cyber security threats. Five pillars of the UT Cyber Security Policy include Incident Management Framework, Compliance and Enforcement Framework, Capacity Building Framework, Legal and Regulatory Framework and Business Development Framework,” the Policy revealed.
The Cyber Security Policy proposed to identify, analyze, protect and build capabilities to prevent and respond to cyber threats posed to UT’s digital information and ICT and Operational Technology (OT) assets in cyber space through a combination of institutions, people, processes, technology, legal framework and interaction between all of them.
The Policy proposed an Early Warning and Response System.
Understanding the importance of business continuity, the Policy proposed that the Government shall mandate an agency to design and develop a business continuity plan which needs to establish early warning and response system by establishing Security Operations Centre (SOC) at two locations—one each at Jammu and Srinagar.
“One location should work as standby to the other location in case of any type of calamity by continuously monitoring the threats towards all Government websites and infrastructure,” the Policy stated.
It added that the Government will also formulate a Critical Information Infrastructure Protection Plan in collaboration with other agencies like NCIIPC, CERT-IN, NCCC and also private sector by adopting a risk-based analysis approach.
The Government will also create requisite infrastructure and set up an Information Sharing and Analysis Centre to share actionable information, develop capabilities and analyze trends to identify latest opportunities and threats.
The Policy aims to enforce measures to safeguard the personal information of citizens stored in Government database saying any data breach of an individual’s financial account losing money or sending unwanted mails using identity theft for their personal account to harm others may have several implications in both economical and social affairs.
The Government shall conduct customized training programmes on cyber security for Government departments, Public Sector Undertakings (PSUs), Banks, Telecom companies and other key industries which are having critical infrastructure, it said.
It added that privacy laws and data protection laws will be proposed by the Department of Law, Justice and Parliamentary Affairs.
To promote SMEs in cyber security, the Government shall award a certain number of cyber security contracts every year to SMEs incorporated in Jammu and Kashmir and devise a mechanism to ensure transparency in the allotment procedure.