The government will also establish the Information and Communication Technology (ICT) security assessment facility where product certifications and compliance assessment of all sensitive ICT products linked directly or indirectly to Critical Information Infrastructure (CII) will be done, it said.
Jammu and Kashmir administration is planning to set up a dedicated incubator for cybersecurity-related startups to promote local industries. Under its recently launched Cyber Security Policy, the administration will also outsource relevant research and development projects to the corporate sector.
It is also mulling to provide special fiscal and non-fiscal incentives to cybersecurity firms operating in the union territory (UT) according to the prevailing government policies.
"The government of J-K shall set up a dedicated incubator for cyber security related startups. The UT shall also develop a venture capital model to provide assistance to first generation entrepreneurs, startups and small and medium-sized enterprises (SMEs) operating and intending to enter in this field (cybersecurity)," the policy document said.
Jammu and Kashmir would endeavour to conduct Cyber Security Expos to showcase the advantages of the indigenously developed products by SMEs and Startups, it said. "This will ensure a platform for cybersecurity enthusiasts to interact and discuss the latest developments across the globe,” the document read.
It said the government would award a certain number of cybersecurity contracts every year to SMEs incorporated in Jammu and Kashmir and devise a mechanism to ensure transparency in the allotment procedure.
"To boost the local industry, special fiscal and non-fiscal incentives will be given to firms operating in Jammu and Kashmir as per the prevailing policy(ies) of the J-K government," it said.
"Startups Incorporated in Jammu and Kashmir will be provided access to government applications to showcase their product as proof of concept (PoC). These projects may be converted into full-scale government contracts, post performance reviews," it said.
According to the document, the government will enter into strategic partnerships with the private sector to set up infrastructure such as cybersecurity training and development labs, which in turn will facilitate the development of new products.
"To ensure safety at the supply end, the government shall work with Internet Service Providers (ISPs) to help individuals assess the existing security levels and devise strategies to protect them from future attacks," it said. Further, to avoid fraudulent practices and identify service users, the government would take up personal identity assurance and other measures.
It said the J-K government will partner with various institutions, public sector undertakings, government bodies like Software Technology Parks of India (STPI) and National Institute of Electronics and Information Technology (NIELIT) for driving various initiatives.
"The potential partners include academic and research institutions, private players and other government organisations," the document read. According to the policy, the J-K government will promote an annual competition, named the Cyber Security Challenge, which will help identify and nurture individual talent.
“This will be a UT-wide drive to increase awareness as well as build assurance in the community about government initiatives and efforts to secure the cyber space with the help of its stakeholders,” it said.
The government will also establish the Information and Communication Technology (ICT) security assessment facility where product certifications and compliance assessment of all sensitive ICT products linked directly or indirectly to Critical Information Infrastructure (CII) will be done, it said.
"The facility will provide among other services vulnerability assessment and penetration testing services for critical infrastructure sectors, security assessment for control systems, ICT product security assessment and certification service, common criteria evaluation service and protection profiling," it said, adding the common criteria for Information Technology Security Evaluation is an international standard for computer security certification.
Common criteria will be used as the basis for government-driven certification scheme, product testing and evaluations that will be conducted for government agencies and critical infrastructure, the document said.
(With PTI inputs)