Data Security Council of India (DSCI), is a not-for-profit, industry body on data protection in India, setup by NASSCOM. It is committed to make India’s cyberspace safe, secure and trusted by establishing best practices, standards and taking new initiatives in cybersecurity and privacy. In an interview to Express Computer’s Sandhya Michu, Rama Vedashree, CEO, DSCI, provides detailed insights about the new initiatives undertaken by DSCI in the wake of growing cyber attacks, the upcoming Data Protection Law, and capacity building for cybersecurity.
Some edited excerpts follow:
Tell us about the recent initiatives undertaken by DSCI in the current year?
As an industry body, we engage with diverse stakeholders, for activities that spin off from our core strategic objectives. In the current year, we have taken several initiatives to grow the cybersecurity market in and from India. One of them is cybersecurity industry development. Growing the industry to the vision which we have setup for making it USD 35 billion by 2025. We have been working on developing the start-up ecosystem, including how do we enable market access both in India and globally, their customer and investor connect programs. That is one big area that we have been focused on. We also want to make India the destination for cyber security whether it’s for product R&D or for global in-house centers.
Secondly, we started working with user organizations, not just the banking sector, but the critical infrastructure organizations and their nodal agencies like National Critical Information Infrastructure Protection Centre (NCIIPC) and CERT-in to ensure, the preparedness for cybersecurity threats is well planned. We have been working with sectors like banking, telecom, insurance, critical infrastructure (Oil and Gas companies). Of course the third area of focus for last many years has been Data Protection and Privacy such as privacy certification and readiness of the industry for EU General Data Protection Regulation (EU GDPR). DSCI has worked extensively around EU GDPR and its implications not only for tech industry but also for Banks in India who operate in EU. EU GDPR and its implications for IT Industry has been a key focus area in the last one year.
The latest in the current scheme of work is the recent announcement of Data Protection Committee, constituted by Government of India. It is anchored by MeitY and DSCI is one of the members of the committee. We have participated in the committee deliberations and presented the industry perspectives on cross border data flow, localization, India’s growing analytics industry and innovation on data, best practices of various global data protection regimes, and the need to take cognizance of a digital economy and balancing data protection regulations with industry growth and innovation. Additionally, DSCI was a part of two sub-committees constituted by RBI, on mobile banking security and cards payments security. DSCI has contributed largely to these deliberations and reports, which have been finalized by RBI and we understand these reports will be submitted to the standing committee of cybersecurity and other stakeholders. Then there are many focus areas on use cases of Artificial Intelligence, Blockchain, Machine Learning and Internet of Things in cybersecurity. We have built communities around these technologies. The next big project we have taken up is digital payments security awareness campaign. DSCI along with MeitY, NABARD, State Governments will be rolling out for end users and merchants. Overall digital payments adoption drive is being done by banks and government. Security of digital payments is very important to build trust among the end users so that in the long run it will make digital payments more sustainable.
We have built this campaign in four Indian languages; the campaign is conceptualized and designed by DSCI and Google in association with MeitY along with other financial institutes who will be raising awareness through their channel of communications. In lines of digital payments security, we are working on digital payments security alliance where we will bring various digital payments providers be it technology companies, platform providers, and financial institutes to come together to deliberate on the policy imperatives for digital payments security.
As digital payments are becoming a driving force behind the digital economy, what are some of the initiatives taken by DSCI to make this space more secure?
RBI, MeitY are focused on security framework for digital payments. DSCI is engaged with industry members in studying global best practices and LEA capability building for consumer grievances handling. Industry players like PayPal, Paytm are associated with DSCI in some of these initiatives to drive digital payments security. We hope the formation of the digital payments security alliance will deliberate and come up with whitepapers and policy recommendations.
What efforts is DSCI taking to build knowledge and capacity building around new emerging technologies like Blockchain, IoT, AI and Machine Learning?
This year the Government of India and DSCI have undertaken to build a National Technology Repository for cybersecurity. As part of the project, we will discover and showcase all the competencies across the country in 25 technology areas. In the first phase, we are looking at five areas: Forensics, AI, Blockchain, IoT and Cryptology. We are studying the entire landscape as the competency may reside in freelancers, startups, large services firms, global in-house centers or it can reside in academic labs. Presently, we are studying and capturing insights from academia, industry members, and user organizations. As part of the platform, at a country level, we will have a dashboard view of competencies in certain technologies and will be opened to public. This repository will help government and industry. It can give insights to the government on current capabilities and domains to invest in future for both academic, research and industry development including startups. We are building this repository leveraging machine learning and automation to ensure it stays current and updated. The first phase will be rolled out in the next 2-3 months.
In line with the Prime Minister’s vision to make India a hub of cybersecurity products and services, NASSCOM-DSCI Cybersecurity Task Force (CSTF) had launched the roadmap for building the cybersecurity products and services industry to USD35 billion by 2025. How are you currently working with the industry and the government to meet this ambitious target?
Promoting Indian cybersecurity innovation & entrepreneurship is one of the imperatives to build robust capabilities and strengthening cybersecurity posture of the country. Though Indian cybersecurity industry is at a nascent stage, we have seen some success stories of our entrepreneurs winning in global markets. As cybersecurity startups continue to face challenges in market access, it is important that the government and investors come forward to support them at different stages of their lifecycle. We started this in 2016. So far, we believe as of last year we were at USD4.5 billion revenue in cybersecurity in India. We have about 100 plus product startup companies and the workforce in the cybersecurity domain is around 1.70 lakh. With industry collaboration and government support, we believe this growth charter will be met.
What key opportunities do you envisage for the cybersecurity industry?
In terms of present opportunities for cybersecurity, we are quite upbeat. In India, there is enough focus now from the government and regulators side. Some sectors have taken the lead. For example, the banking sector had come up with a cybersecurity framework last year, which was followed by the insurance sector. NCIIPC came up with the guidelines for critical infrastructure sector companies. I think the attention for cybersecurity in large enterprises at a board level is happening now. Previously security used to be looked at as compliance, but now security is getting limelight as both governments and businesses are going through a digital transformation. Breach notifications are gaining maturity and mandatory breach disclosure. Appointment of a CISO and risk officers are no longer options. MeitY is asking every government department to appoint a CISO. Recently, there was an advisory from MeitY to reserve 10% of every IT project budget for cybersecurity. The National Cybersecurity Coordinator Office and the Urban Development Ministry have issued a cybersecurity framework for 100 smart cities mission.
The Modi government recently appointed an expert committee, headed by former Supreme Court judge B N Srikrishna, to “study various data protection issues” in India and recommend a Draft Data protection law. What role is DSCI going to play. Can you throw some light on the same?
In the next few months, we will be working with the Data Protection Committee. We will advocate industry perspectives for a data protection regime to support the growing digital economy. Issues like cross border data flow, privacy by design principles, privacy breach notifications and capability building will also be looked at.