The Tamil Nadu government has unveiled its Cyber Security Policy 2.0, outlining significant steps to ensure the protection of government assets from cyber threats. Released by the Information Technology and Digital Services Department on August 23, the policy provides a comprehensive framework for audit, compliance, and monitoring, aiming to enhance the security of the state’s IT infrastructure.
This policy update supersedes the Tamil Nadu Cyber Security Policy 2020, with inputs from key institutions like the Centre for Development of Advanced Computing (C-DAC), Indian Institute of Technology Madras (IIT-M), and the Tamil Nadu e-Governance Agency.
Cyber Security Policy 2.0 (CSP 2.0) is applicable to all State government departments, Public Sector Units, and associated agencies, including third-party stakeholders such as contractors and consultants who utilize digital infrastructure.
Key aspects of the policy include guidelines on e-signatures, email security, password management, social media practices, and procedures for backup and recovery. It also mandates regular information security audits to identify vulnerabilities and mitigate cyber attacks.
Each department is required to appoint officials to liaise with the Cyber Security Incident Response Team (CSIRT) for incident reporting and management.
CSP 2.0 emphasizes a layered security approach, focusing on mission-critical systems and citizen services. Departments must also ensure regular backups of datasets, stored in multiple locations, and conduct annual risk assessments to evaluate potential security breaches.
In its bid to strengthen cybersecurity capabilities, the policy mandates that department officials undergo annual training on managing cyber incidents and changes in infrastructure. These efforts aim to protect government data, software, and infrastructure, ensuring their availability to both the state and its citizens.