• Large-scale digitization of public services: Emphasize security in the early stages of the design of all digitization initiatives, develop institutional capacity to assess, assess, certify and rate core devices and report vulnerabilities in a timely manner and incidents.
  • Supply chain security: Monitoring and mapping the supply chain of integrated circuits (ICT) and electronic products, intensifying product testing and certification, leveraging the country’s semiconductor design capabilities globally in strategic, tactical and technical levels
  • Protection of critical information infrastructures: Integrate supervisory control and data acquisition (SCADA) security with enterprise security, monitor device scanning, assess security devices, maintain a repository of vulnerabilities, prepare a baseline of security at an aggregate industry level and track its controls, design audit metrics for threat preparedness, and develop cyber insurance products
  • Digital payments: Mapping and modeling of deployed devices and platform, supply chain, transaction entities, payment flows, interfaces and data exchange, routine threat modeling exercises to reveal vulnerabilities, threat research and threat intelligence sharing, timely disclosure of vulnerabilities
  • State-Level Cybersecurity: Development of state-level cybersecurity policies, allocation of dedicated funds, critical review of digitization plans, guidelines for security architecture, operations and governance
  • Small and Medium Business Security: Policy intervention in cybersecurity by providing incentives for a higher level of cybersecurity readiness, developing security standards, frameworks and architectures for the adoption of the Internet of Things (IoT) and the industrialization