Manufacturers in India not overly concerned with US tariffs: IT secy

India’s electronics manufacturers are not “overly concerned” about the impact of the increased tariffs announced by US president Donald Trump, IT secretary S Krishnan said on Monday, adding that the situation is constantly evolving.

“We’ve been in regular consultation with manufacturers in India. That is something that we are speaking to them on an ongoing basis. They are not overly concerned right now, but it also depends on how this whole situation plays out. It’s a dynamic situation,” Krishnan told reporters at the launch of the first digital threat report for the BFSI sector released by the Indian Computer Emergency Response Team (CERT-In) along with SISA, a private cybersecurity company.

On cybersecurity, he said that the BFSI sector was ahead of many other sectors and some of its practices deserved to be emulated.

Krishnan also emphasised CERT-IN’s role in the process: “The government is committed to further strengthening Cert-In as an institution, both in terms of personnel, in terms of resources, in terms of capabilities and what they need in terms of equipment because this is the role which will only continue to grow and not diminish.”

‘Part of cybersecurity posture must never be made public’

At this launch event, Krishnan said that part of the country’s cybersecurity posture, specifically its exact technical capabilities, must always remain in the shadows to better deal with adversaries even as the government needs to be both credible and trustworthy before the public.

“But at the same time, there are many capabilities I don’t think I would like many of you to know what they are. Equally, I don’t think I would like you to know what we don’t know either,” he said.

“It is important that we maintain a posture where there are certain capabilities and capacities that are built up in these organisations, which are best not publicised or best not known simply because we are dealing with adversaries. We are not in a particularly friendly neighbourhood. We are dealing with a range of adversaries,” he said.

Krishnan said that given the “cloak and dagger”, “cat and mouse” nature of cybersecurity, a certain degree of confidentiality and discretion are required in how India’s cybersecurity capabilities are presented.

“While I would want to emphasise that there is constant vigilance, I would not want to advertise every capability or capacity that we have,” he said.

He said that while a part of cyber security works “in shadows”, the other part operates in “public glare” and involves collaboration across institutions and private companies, especially because the private sector has a much bigger attack surface than the government even though the government might face more sophisticated attacks from state actors. He said that the government could learn from the private sector, given the latter’s capacity, on how different attacks are dealt with.

The IT secretary stressed on the need to develop domestic technology and capacity in cybersecurity.

“This is one space where it is each country, each nation for themselves. Nobody is going to share the most advanced features of whatever cyber security defences they have. Nobody is going to share with you the kind of hidden backdoors and everything else that different types of software could potentially have. So, we have to have domestic capabilities,” he said. That’s why, he said, MeitY is keen to encourage and work with cybersecurity and deep tech start-ups.

‘Increase in reported number of cybersecurity incidents means that there is greater awareness about the reporting mechanism’

In December, MeitY had informed the Parliament that cybersecurity incidents reported by the banking sector to Cert-In fell by 81% between 2021 and 2023. Between 2019 and 2023, the number of cybersecurity incidents reported to and tracked by the Indian Computer Emergency Response Team more than quadrupled while those related to government organisations more than doubled.

In response to a question by HT about the meaning of these numbers, Krishnan said that the increased numbers reflected the greater awareness about the need to report such incidents. He said that the fact that a greater number of incidents have been reported shouldn’t be seen as a tool to penalise those who report “because traditionally in India, people won’t report anything, so it’s a good thing that reporting is done”. He also clarified that these are numbers related to cyber security incidents and this doesn’t mean that all of them are related to cyber attacks, breaches or leaks. “It also means that our overall surveillance is improving. It also means that we have more capacity to find out what is happening across the entire cybersecurity space,” he said.

DPDP rules expected in 6-8 weeks

Krishnan said that MeitY is going through all the comments it received in response to the public consultation on the draft Digital Personal Data Protection Rules. “We may have to do another round of internal consultation,” he said and the rules will take at least six to eight more weeks.

HT has learnt that the ministry received more than 6,000 comments during the consultation.