The Centre is likely to recommend enterprises in banking, telecom, and energy sectors to use only security products and services developed in India.

       According to a report in The Indian Express, the government has drawn up a policy called "National Cybersecurity Reference Framework (NCRF) to provide guidelines on roles and responsibilities for cybersecurity based on existing legislations, policies, and guidelines.

       Click here to follow our WhatsApp channel

       The move comes following various cybersecurity-related incidents, with the most recent being an attack on the AIIMS systems in New Delhi in 2022.

       The NCRF states: "In recent years many threat actors backed by nation-states and organised cyber-criminal groups have attempted to target critical information infrastructure (CII) of the government and enterprises. In addition, the availability of "cyber-attacks-as-service" has reduced the entry threshold for new cyber criminals, thus increasing the exposure to individuals and organisations."

       The framework, drawn up by the National Critical Information Infrastructure Protection Centre (NCIIPC), was shared with companies and government departments for consultation in May last year. The NCRF may also recommend enterprises to allocate at least 10 per cent of their total IT budget towards cybersecurity. "Adequate resources must be allocated for cybersecurity, and these should be distinct from IT resources... Based on global best practice, it is recommended that at least 10 per cent of the total IT budget should be allocated to cybersecurity. Such allocation should be mentioned under a separate budget head for monitoring by the top-level management / board of directors," the NCRF states.

       In June last year, former national cyber security coordinator Lt General Rajesh Pant said that the NCRF will be released for the public soon. He said, "It (NCRF) is an important document that supersedes the 2013 policy [National Cybersecurity Policy of 2013]. From 2013 to 2023, the world has changed as new threats and new cyber organisations have emerged, calling for new strategies. The document will be put in the public domain after a final check by the committee to ensure that nothing confidential is released.

       He added that the NCRF is a guideline, and its recommendations will not be binding.

       Also Read

       Telecom Bill 2023: Here are 10 important changes that will impact you

       Centre to disburse Rs 400 cr to 20 firms under PLI scheme for telecom gear

       Trai directs annual audit for telcos, asks to refund overcharged tariff

       Telecom Bill drops OTT reference, retains regulator Trai's powers

       Govt issues bare minimum terms of reference for 16th finance commission

       Tax-GDP ratio likely to be highest or second best in FY24 since 2008-09

       Kerala govt agrees to discuss financial problems of state in Assembly

       Unanimity among current RBI monetary policy committee's internal members

       Likely surge in prices due to Red Sea attacks, says finance ministry report

       Green policy pragmatism shaping India's transition: FinMin economy review

       The policy may also recommend that "the regulators may also need to access sensitive data and deficiencies related to the operations in the critical sector, and therefore they also would need to have an effective information security management system (ISMS) instance."