Even though the provisions on information security and privacy in India’s 2011 IT rules are rudimentary, they are, more often than not, callously ignored.
Only 60% of India’s top 500 websites support HTTPs in some form or another, which means that Indian website operators provide a lesser level of online security than those from the US.
Focusing solely on getting rid of Aadhaar, or destroying it, is a waste of powder. The underlying issues of online privacy and civil liberties will still remain.
From Paytm to UID – from the Ministry of Corporate Affairs to leading insurance and telecom companies – India Inc and the government are prone to poor design choices and sloppy programming.
2017 will need to see less of the carrot and more of the stick in order to persuade India’s institutions to prepare against an ever-increasing number of cyber security threats.
From mandatory disclosures to improving CERT-IN’s functioning and transparency, there is much to be done in the event of future cyber attacks.