Even basic level cyber security awareness in India is missing. Government employees use governmental computers with great casualness. In many cases this results in installation of Malware on the governmental computers and thereby compromises the national security and cyber security of such computers.
Social engineering has proved to be the weakest link in the cyber security chain of India. Another reason for poor performance of cyber security in India is lack of good techno legal cyber security skills development in India. Cyber security skills development and trainings are essentially techno legal in nature and mere technological or legal approach towards cyber security is not enough.
Similarly, other important issues have also been ignored in India. For instance, we have no cyber warfare protection in India and no cyber warfare policy in India. The incidences of cyber attacks, cyber terrorism, cyber espionage, cyber warfare, etc are increasing against India. We must urgently develop cyber warfare capabilities in India to thwart growing cyber attacks against India.
A legal framework for cyber security in India is also required for effective critical infrastructure protection in India and critical ICT infrastructure protection in India. In fact the growing cyber attacks are affecting Indian critical infrastructure. Similarly, a cyber crisis management plan of India also cannot be implemented in the absence of proper legal framework.
There are many good open source tools that can help in ensuring good cyber security in India and investing in commercial software is an option and not compulsion. Still India needs expertise to use these open source software and in the absence of the same cyber security has been neglected to a great extent. Let us hope Indian government would wake up to this much needed reality very soon.