Tamil Nadu's Cyber Security Policy 2.0: Enhancing State Protection
Tamil Nadu has unveiled its Cyber Security Policy 2.0, aiming to strengthen the digital defenses of the state's IT infrastructure. Issued on August 23, this updated policy supersedes the previous version from September 2020 and brings a comprehensive framework for the protection of government assets through strict guidelines and Standard Operating Procedures (SOPs).
Key Components of the Policy
The policy document, crafted by the Information Technology and Digital Services Department, outlines strategies for managing e-signatures, securing emails, enforcing robust password policies, and safeguarding social media platforms. It also emphasizes the importance of backup and recovery processes and conducting thorough information security audits.
Expert insights from the Centre for Development of Advanced Computing (C-DAC), Indian Institute of Technology Madras (IIT-M), and the Tamil Nadu e-Governance Agency have been instrumental in shaping this policy.
Scope and Applicability
Cyber Security Policy 2.0 is mandatory for all State government departments, Public Sector Units, and other related agencies under Tamil Nadu's jurisdiction that utilize IT networks and digital data. Moreover, it extends to stakeholders like suppliers, contractors, and consultants, ensuring a comprehensive coverage of all entities interacting with state data systems.
Objectives and Mission
The primary aim of this policy is to safeguard the government's information assets, including its infrastructure, software, and citizen services, while ensuring their continuous availability to both the government and its citizens. The policy lays down a framework for a robust institutional mechanism to monitor and secure digital infrastructure.
By fostering a comprehensive security risk reduction strategy, CSP 2.0 establishes security capabilities and infrastructure designed for layered protection of mission-critical systems and data. This includes measures to effectively detect, prevent, and mitigate cyber attacks.
Mandatory Coordination and Training
A notable provision of CSP 2.0 is the requirement for State government departments to appoint officials responsible for liaising with the Cyber Security Incident Response Team (CSIRT). These officials will play a crucial role in gathering and managing information about cyber security incidents affecting government websites and IT systems.
To ensure readiness, these nominated officials must undergo annual training focused on managing changes, incidents, and problem-solving in cybersecurity contexts.
Data Backup and Risk Assessment
The policy mandates that all government departments regularly back up datasets and ensure these are stored securely in multiple locations. This is to verify their integrity and completeness regularly. Additionally, a comprehensive risk assessment by Chief Information Security Officers (CISOs) or Information Security Officers (ISOs) is required to evaluate the value, sensitivity, and potential impact of compromises on each asset or application.
By implementing these measures, Tamil Nadu's Cyber Security Policy 2.0 aims to position the state as a leader in digital safety and resilience, safeguarding its critical resources and ensuring mutual trust between the government and its citizens.
