Cyber Security Of Government Websites In India

Introduction

Cyber security is one of the most important aspect in our society. Every person has a right to protection over its data. A person when invents anything, like he needs a copyright so that others are prevented from using it without his permission. Similarly, one needs protection over its websites, data inserted, etc. Other people should also respect this primary concern. But when one person invades others privacy, tries to steal its data, alter and mould for its own benefit, it is called a cyber attack. In layman’s language, it is an attempt by a person to hamper the computer network and system. It is usually done by hackers. They do it satisfy their hidden motives. Cyber security systems are installed to protect the websites from such activities. There are a number of government websites which have used this kind of protection. They have to maintain these cyber security measures to ensure the protection of significant infrastructures relating to financial systems, science, public health and safety institutions, defence aerospace and intelligence agencies. Use by the private sector to protect its revenue, reputation and liabilities cannot be denied.

Need and Recent Trends

Government websites are a country’s identity as it reflects the working, achievement of that government institution. It shares he mass knowledge of the projects and initiatives taken by the government. The national security is in danger when such attacks take place. A country may lose a fortune due to this. We need to understand the need to protect these websites and what all can be done to do that. Financial losses and also the cost of installation for the cyber security are huge. Although it is difficult to hack into systems like that but as we have seen in our recent past the number of cyber attacks we have faced.

We are trying to deal with the problem but yet we don’t have a conclusive solution. Continuous efforts are required to cop-up with the cyber terrorism. We have seen the number of cyber attacks that took place in the previous years it is huge but when it comes to attack to government websites it has been 172, 110 and 54 in past three consecutive years. These attacks related Central Ministries or Department and State Government including academia, commerce, and energy government in general. Cyber attack Attempts to government websites in India is a concern from a long time back. These attacks are launched by the people who reside in different parts of the world and become too difficult to locate their true identity. This has become the need of the hour for India to have an official legislation for data protection. which has been in talks lately. The threats would continue to rise as the rapid increase in the number of users and businesses joining. To save for the billion of losses, we need a conclusive law for the same.

Initiatives Taken Up

There are various initiatives taken by the government of India to maintain the cyber security. One of such is Akamai’s Cloud Security Solutions which helps various institutions including the government to protect its web assets. It follows an integrated system of web protection and application deliver network. It helps them to prevent cyber attacks in a simple way and provide comprehensive defences and layers of application. It helps in increasing the website performance. It helps to make user to make the process shorter also. Cyber attacks pose a threat to the user as he may lose whatever the person has eared till now. It may be used for wrongful purpose also.

Information Technology Act 2000

According to the Section 70 of the Information Technology 2000 clearly says that a computer resource that has information relating to national security, economy, public health and safety, the attack on such computers will cause destruction, and thus the appropriate government has the authority to declare any such computer system to be a protected system by a notification. It may authorise persons for the same. Central government has the authority to prescribe procedures for such system. In contravention of these provisions, imprisonment for a term of ten years and a fine may be imposed.

The Digital India’s initiative was taken up to protect the country from cyber threats under the MiETY. Cyber Swachhta Kendra was the part of this initiative of the Government of India. It dealt with detection of botnet infections and cleansing them so that further infections can be prevented. It works with the help of Internet service providers and product or antivirus companies. It is also known as Botnet Cleaning and Malware Analysis Centre and aims at securing the cyberspace. It is also used by Indian computer Energy Response Team under section 70-B of the IT Act 2000.

Another initiative was launched Cyber Suraksha Bharat. It took place in association with National e-Governance Nation(NeGD). It aims at creating awareness in creation to cybercrime, conducting workshop for the best practices and tools that can used for the cyber security health by the officials. It also aims for the CISO’s, its staff their security. It is done for all the government departments. They raised the importance of good governance.

National Critical Information Protection Centre (NCIIPC)

National Critical Information Protection Centre was established by the central government in order to keep a check on the activities that are crucial to our country and which if hampered will destruct our national security, economic growth and public healthcare. It is in accordance with section 70 A of the IT Act. It has power and energy, telecom, banking and finance, government as part of their crucial sectors. It lays down the provisions for the appointment of skilled personnel Chief Information Security Officers as a stringent measure for the cyber security. Government of India has made guidelines for the organisation as to adopt best practices for safeguarding infrastructure, application and its compliance. All this has been done keeping in light the increasing number of government attacks in the future. Another step by the Central Government in this regard seems to be crisis management plan. A strategic framework is created to protect the breach for employees for the employees as well as leaders. The aim behind all these initiatives seems to be one that is cyber security. To know whether these initiatives are fulfilling their objectives the government took a step forward and started conducting mock drills. It has been observed so far 44 such cyber security mock drills were conducted by CERT-IN and 265 organisations have participated from various states and sectors. These sectors include the crucial sectors mentioned above. The CISO’s and administrators are made to participate in training programs to prepare them, so far 515 participants in 19 pieces of such training programme has been observed. CERT-IN is the national agency which takes care of the country’s cyber security and has helped in lowering these risks. It helps them by issuing alerts and advises them with vulnerability of cyber attacks and the measure how they can tackle them. The training programs have also helped in fishing against cybercrimes.

Data Protection Bill

Recently, we have seen the upcoming of the Data Protection Bill waiting for consent by the Union Government. This bill proposes to protect the Indian users from global breaches; it focuses on local data security. The bill aims to protect the Indian citizen from being exploited and hold accountable the social media companies to have them solve problems relating to offensive content and its spread out. The sharing of data abroad can be done only on certain conditions. It sets the rights of the individuals and grounds for processing the personal data.

National Cyber Security Strategy 2020

Tremendous growth of technology and future threats to cyber security has lead to the development of the National Cyber Security Strategy 2020. The earlier NCS Policy was made in 2013. Challenges today include data protection, cyber terrorism, misuse of data, etc. Emergence of cyber attacks by the organised criminal groups, Cold War in technology or State sponsored attacks are the threats. There is a need to restructure. This Strategy of 2020 proposes a term of 5 years and has been formed under the NCS Secreterait through a well represented task force. The aim is to secure cyberspace. The strategy builds its foundation on 3 pillars:-

  1. A) Secure the national cyberspace
  2. B) Strengthen the people. Structure, process and capability
  3. C) Synergise the resources including cooperation and collaboration

The strategy aims at achieving 5 trillion economy and to achieve such targets the government also needs a huge budget. Keeping in mind, the size and scale of our nation, the government needs a budget of Rs 25000 crores. The country needs to understand the threats to cyber security and the wreck it can create if attacked. Government organisations need to make stringent steps for the same as they are crucial part of the nation.

Cyber and Information Security Division (C&IS Division)

Cyber and Information Security Division as the name suggest deals with issues in cybercrime, national security policy and guidelines for the implementation of the same. It has been further bifurcated into 4 wings performing their respective functions.

In the year 2015, 2016, 2017 and 2018 RBI faced a total of 1171, 1372, 2059 and 921 cases of fraud through internet and ATMs. CERT-IN is the authority which takes steps in this regard. There were more than 53000 of cyber security incidents in the year 2017. The country has faced these number of attacks in the recent years:-

2016- 199

2017- 172

2018- 110

2019- 54

We can see that through the steps by our government in the field of cyberspace have not been fatal. We just need a conclusive plan to eradicate our problem from its roots.

Conclusion

Cyber attacks can come from anywhere and by anyone. There are no borders in the cyber world. The government websites are an integral part of our country. If their working is hampered our national security is in danger. The government has taken numerous initiatives as we have already discussed. They are trying to fulfil their obligation of cyber security as has been laid down in the provisions relating to the IT Act of 2000.We also need to understand by installing cyber security appliances, one cannot be 100% sure of security. One cannot solely rely on them. We can achieve a secure cyberspace; the goal is not yet achieved but is also not far. We can’t underestimate the threats that might come owing to the growth in technology and users. We just need stringent plans and implementation and we will soon reach a “secure cyberspace”.

 

By-

 

 

 

 Vanshika Garg

(Amity Law School, Noida)

 

Previous post: https://desikanoon.in/adoption-in-india/