In the wake of several hacks of Indian government websites this month, the effectiveness of cyber security in India is very publically being called into question.
The attacks saw Indian government websites pulled down by Brazilian hackers and homepages replaced by a video of a man dressed as a joker on the side of a road where the websites redirect to other websites. Subsequent counter hacks by Indian hackers on Brazilian websites in the same manner do little to take Indian cyberspace out of the line of fire in this latest cyber spat.
It is reported that more than 16,000 Indian websites are hacked every year. While the number of sites hacked in 2009 stood at 9,180, it grew to 14,232 in 2011.
“A total of 294 websites belonging to various ministries and government departments were hacked in the January-October 2012 period and 2,000 government websites were hacked so far this year (till March 2013)”, said Mirza Faizan of the Bangalore-based Cyber Security Response Team (CSRT).
So what is being done to address the cyber vulnerability in India?
There are many teams, centres, organisations and departments with informational, technical, IT and cyber security roles in their remit:
- The Indian government Department of Electronics and Information Technology (DEITY) website states “…securing India’s cyber space.” as part of their mission
- The National Technical Research Organisation (NTRO) was set up with the UK’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) as a clear benchmark back in 2004.
- The national critical information infrastructure protection centre (NCIPC) of India is yet to be established
- The national cyber coordination centre (NCCC) of India has also been proposed
- A cyber security council for India has also been reported to have been set up under the National Security Council Secretariat (NSCC) with the specific aim of dealing with the growing threat posed by cyber-terrorists
The lack of an effective cyber security strategy leaves India at risk of cyber attacks. The lack of real actions coming out from these government groups suggests that there is hesitancy in knowing the direction to take in implementing cyber security.
The Indian government has given direction for businesses as to how they are to protect private data. The Information Technology Act (ITA) requires any organisation that collects information in India to ensure private data stays private. To adhere to the ITA organisations need to comply to ISO 27001 and be subject to external auditing of reasonable security practices and procedures.
ISO 27001 is the international best practice standard for information security management systems (ISMS). Closely aligned to ISO 27002, ISO 27001 helps organisations meet information related regulatory compliance objectives, and helps them prepare and position themselves for new and emerging regulations.