The Maharashtra government’s recent announcement of the formation of the Maharashtra Cyber Crime Security Corporation (MCCSC) has sparked discussions and raised questions about the necessity and functionality of this new entity. While the move indicates the state’s acknowledgment of the increasing cyber threats, there are concerns about why a separate cybersecurity corporation is needed when there is already a cyber cell within the police department. Additionally, there are questions about how the corporation will operate and whether it will be a non-profit initiative or a revenue-generating entity.
In February 2024, the Maharashtra government restructured the existing Maharashtra Cyber Cell into MCCSC, signaling a significant step toward strengthening cybersecurity in the state. This transition brought about a policy shift requiring corporate entities to undergo mandatory annual cybersecurity audits to identify vulnerabilities, ensure the adoption of advanced security protocols, and mitigate cyber threats. Non-compliant companies will face penalties, highlighting the government’s proactive approach to safeguarding sensitive corporate data and financial integrity.
Despite having a dedicated cyber cell that investigates online fraud, hacking, and digital crimes, the Maharashtra government established the Cyber Command Centre with a substantial investment to enhance cybersecurity capabilities. Now converted into MCCSC, the specifics of structural changes and objectives remain unclear, raising questions about the need for a separate corporation and potential redundancies in cybersecurity efforts.
One of the major uncertainties surrounding MCCSC is whether it will operate as a government service or a commercial entity. With an initial investment of Rs 200 crore and full ownership by the state, the corporation is set to generate revenue by offering cybersecurity services to government and private organizations. The requirement for mandatory cybersecurity audits for corporate entities raises concerns about potential monopolization of cybersecurity oversight and limited flexibility for businesses in compliance approaches.
The governance structure of MCCSC, led by a board of bureaucrats and recruitment of a 99-member team along with additional experts in law, finance, and cybersecurity, raises concerns about bureaucratic inefficiency and accountability. The focus on revenue generation and ambiguity in the provision of cybersecurity services beyond audits raises questions about the corporation’s priorities and alignment with public interest.
Cybersecurity expert Ritesh Bhatia has questioned the focus on auditing companies rather than assisting individuals facing cyber fraud, suggesting the need for more transparency on the role, funding, and revenue model of MCCSC. The lack of clarity on the necessity, financial structure, and accountability mechanisms of the corporation before setting a precedent for other states highlights the need for greater transparency and evaluation of its impact on cybersecurity efforts in Maharashtra.
In conclusion, while the creation of MCCSC adds another layer to Maharashtra’s cyber governance, its effectiveness in strengthening cybersecurity and potential implications on bureaucratic influence remain uncertain. The government must provide more transparency and clarity on the role and operations of MCCSC to ensure its alignment with public interest and cybersecurity objectives.