48 Government Sites Hacked In 2019: Here Is How The Centre Is Planning To Tackle Cyber Crimes This is a significant drop from 99 hacks recorded in 2016, 172 in 2017, and 110 in 2018.
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Several instances of cyber attacks and breaches had been reported in India since 2018. Due to this, the central government has been pushing for data localization and is coming out with the data protection bill to safeguard the data of Indian users. Riding on the initiatives, the government could reduce the number of hacks on central and state-owned websites.
In a written response to Lok Sabha's query, Ministry of Electronics & Information Technology (MeitY) said that 48 government websites were hacked as of October 2019. This is a significant drop from 99 hacks recorded in 2016, 172 in 2017, and 110 in 2018.
Initiatives Taken By Govt To Combat Cybercrimes
MeitY also informed the Lok Sabha that several measures have been taken to strengthen cybersecurity in the country. Some of the initiatives are:
National Critical Information Infrastructure Protection Centre: The central government has established the centre for protection of critical information infrastructure in the country, as per the provisions of section 70A of the Information Technology (IT) Act, 2000.
Indian Computer Emergency Response Team (CERT-In): CERT-In issues alerts and advisories regarding latest cyber vulnerabilities and countermeasures to protect computers and networks.
Chief Information Security Officers (CISOs): According to the written response, the government has issued guidelines for CISCOs highlighting their responsibilities for securing applications, infrastructure and compliance.
Website Audit: MeitY informed that all the government websites and applications will be audited concerning cybersecurity before their hosting. Following this, a regular website and application audits will be conducted. About 90 security auditing organisations have been enrolled for audit implementation of Information Security Best Practices.
Crisis Management Plan: The central government has formulated Crisis Management Plan to counter cyber attacks and cyber-terrorism. The plan will be implemented by all ministries, departments of the central government, state governments and their organizations and critical sectors.
Mock Drills: Cybersecurity mock drills are being conducted to enable assessment of cybersecurity posture and preparedness of organisations. According to MeitY, 44 such drills have already been conducted by CERT-In. Around 265 organisations from different states and sectors such as finance, defence, power, and telecom among others participated in the drills. CERT-In also conducts regular training programmes for network/system administrators and Chief Information Security Officers (CISOs) for dealing with cyber attacks. About 19 such pieces of training with 515 participants have already been conducted as of October 2019.
Protection against malware: The central government also launched Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) for detecting malicious programs and provide free tools to remove them. National Cyber Coordination Centre (NCCC) has also been set up to generate situational awareness about existing and potential cybersecurity threats.
Green Signal To PDP Bill
In order to protect Indian users from global breaches, union government approved Personal Data Protection (PDP) Bill which focuses on data localisation. The bill proposes that any critical information related to individuals should be stored and processed only in India. It states that "sensitive personal data" needs to be stored locally but can be processed in abroad, subject to certain conditions.
The bill is also looking to make social media companies more accountable and solve issues related to the spread of harmful content.
The draft PDP bill was introduced by a committee in July 2018. The bill has defined personal data as any data of a natural person which allows direct or indirect identifiability. The bill defines sensitive personal data as financial data, biometric data, religious and political beliefs, caste, intersex/transgender status, and official IDs such as Permanent Account Number.