Although cybersecurity is supposedly a government priority, due to digitisation of services across sectors, financial allocation for this has been reducing over the past three years. And, allocated funds are not being utilised fully.
The government programme caters to operational expenditure of critical statutory organisations such as the Indian Computer Emergency Response Team (CERT-In), Centre for Development of Advanced Computing (C-DAC) and others. During 2014-15, allocation for cyber security, which includes funds for CERT-In and the Information Technology Act, stood at Rs 1.2 billion at Budget Estimate (BE) stage. Reduced to Rs 620 million at the Revised Estimate (RE) stage; actual expenditure was Rs 586 million.
Allocation for cybersecurity in 2015-16 decreased to Rs 1.05 billion at BE stage and further to Rs 850 million at RE stage; actual expenditure was Rs 682 million. Similarly, during 2016-17, allocation at BE stage was Rs 700 million, reduced to Rs 536 million at RE stage; actual expenditure has been only Rs 318.4 million.
For 2017-18, Rs 404.8 million has been allocated for the cybersecurity programme.
A parliamentary committee recently raised concerns about the decreasing allocation and utilisation of funds. It said this was an upcoming area and requiring increased allocation to meet the shortage of personnel, upgradation of technology and training, etc. It asked the ministry of electronics and IT (Meity) to give focused attention to cybersecurity and optimally utilise the allocations. The ministry has accepted the recommendations.
Meity says there were 9,622 cyber crime cases registered in 2014, growing to 12,317 during 2016. Experts say the profile and motivation of cyber attackers are changing. A new breed of cyber criminals has emerged, whose main aim is not only financial gain but to cause disruption to businesses in particular and the nation at large.
Governments and international bodies have realised the increasing threats to interconnected critical infrastructure and have taken various steps. India is among these. The National Cyber Security Policy aims to create a secure eco-system and strengthen the regulatory framework.
A National Critical Information Infrastructure Protection Centre is the nodal agency under the National Technical Research Organisation for protection of key information infrastructure.