Federal Cybersecurity Agency for India: A Need or a Far-Fetched demand?

The need for solid cybersecurity measures has never been more important in this day and age when cyber threats know no boundaries. India is ranked Tier 1 in the Global Cybersecurity Index, highlighting the progress the country has made towards developing its cybersecurity systems. Notably, India has a robust infrastructure that is undergoing constant development. Even with such recognition, there are major gaps that prevent effective enforcement and response to cybercrimes. One of the questions that is often posed is: Does India require a federal cybersecurity agency?

India’s Cybersecurity Status 

India has developed a legal and policy framework that enables it to mitigate cyber risks. For example, the National Cyber Security Policy 2013 aims to safeguard the nation’s critical infrastructure and also undertakes efforts to foster cybersecurity awareness among citizens. Furthermore, India’s ranking in Tier One of the Global Cybersecurity Index is in itself a recognition of the country’s work vis-à-vis legal policies, technical capabilities, organizational structures, human resource development, and international relations.

Nonetheless, India continues to grapple with challenges, particularly with respect to coordination and enforcement. One of the biggest challenges is the question of jurisdiction, which is one of the stemming issues.

Since cybercrimes are complex and limitless in scale, it could be an initiative to create a body that coordinates activities from the center, that is, at the national level. Similar to CBI, such a federal cybersecurity body would fill up the gaps in the present system—coordinate the state machinery, the various law-and-order enforcement agencies in the states, and all other such related parties

1. Enhanced Coordination Across States

   Cyber crimes rarely respect jurisdictional boundaries. For instance, some cybercriminals based in one jurisdiction can direct their activities against victims who reside in various other jurisdictions. A single transaction may include various jurisdictions. This is where the problems of state police come in. They may not necessarily have the expertise, resources, or jurisdictional authority to handle such crimes. A federal agency can best serve as a central coordinating body that takes the lead in ensuring uniformity in the prosecution of cybercrimes while improving interagency relationships among the various states. Federal involvement would relegate the time needed for investigation, prosecution, and eventual conviction of the cybercriminal.

   
   

2. Single Point of Contact (SPOC)

   The fact that there is no SPOC for reporting cybercrimes against people or organizations is indeed a horrible situation. Usually, when someone becomes a victim, s/he needs to run from pillar to post — state police, CERT-In, SEBI, RBI (depending upon the kind of victim and cyber - crime) and there are cybercrime cells — with multiple overwhelming directions on whom exactly to approach. Therefore, a federal cybersecurity agency can double up as a SPOC for any kind of cyber issues, thus simplifying matters for the victims to ensure their problems are taken up on priority.

   
   

3. Building Specialised Cybersecurity Expertise

   Cybersecurity professionals are in acute short supply in India, and the few available are generally overloaded due to the lack of coordination against cybercrime. As a result of the establishment of a central agency focused exclusively on cybersecurity, the country will be able to concentrate its efforts in building up specialised skills and knowledge needed for fighting increasingly complex cyber threats. This may mean that the government has to start a whole set of properly trained cybersecurity professionals with knowledge and tools to counter the developing digital threats like ransomware, data breaches, and cyber espionage.

The Case for Cybercrime-Specific Judicial Bodies:

Besides the creation of a federal cybersecurity agency, Indian judicial framework to deal with cybercrimes must also be rethought. Cybercrimes find themselves under the jurisdiction of Magistrates (JMFC or MM) on the criminal side and the Cyber Appellate Tribunal on the civil side. Legal proceedings for cyber-related offenses often turn out slow and ineffective due to lack of specialized knowledge concerning the detectives and prosecuting officers about the technicalities of digital crimes.

In order to address this, India could try and set up Cybercrime dedicated Courts or maybe Cybercrime Tribunals, with adjudication through professionals knowledgeable in the field of Technology and Cyber security. That would help make the delivery of justice effective to take into account the peculiar problems posed by crimes over the Internet. Thus enable filling more accurately, the liability within the offender at the same time creating a deterrence for potential future cyber criminals.

A Step Toward a Comprehensive Cybersecurity Ecosystem

The Indian government has taken extraordinary initiatives in the consecutive years for improving cybersecurity infrastructure. By September 2024, the government was planning to announce a national registry of the assumed cybercriminal and implant more than 5,000 “cyber commandos” within the next five years to make that capacity much more feasible to bring threats down to India’s smallest level of government. On the other hand, as the cyber threats incidences would be rapidly mounting, the described implementation would hardly be enough.

A federal cybersecurity agency could operate together with some specialized cybercrime courts and tribunals. The measure would, in essence, bring about more integration between the two, so that in the end it becomes an approach. Instead of spreading the responsibility, manpower, and powers available across different institutions, bringing them together under one national body would make India more capable of protecting its critical infrastructure, citizens, and businesses from malicious cyber activities.

Conclusion:

The rank of India in the Global Cybersecurity Index simply showcases the progress the country has made in dealing with cyber threats. But as cybercrimes grow in complexity and expand in number, India will have to alter its very strategy toward cybersecurity. With the new Digital India Act under consideration and in its drafting stage, we suggest that a federal cybersecurity agency and specialized courts and/or tribunals for cyber crimes be set up, so that India can be at a much better place to address and handle the challenges of digital threats. With such united moves, gambling with its digital future would be much more justifiable by India and that would involve preserving its leading status in global cybersecurity.