Half the govt websites in India are prone to cyber attacks

Data says 774 government websites have reportedly been hacked in the last five years

Even as the number of internet users continues to rise and the government increasingly seeks to offer citizen-centric services through the internet, data show about half the government departments and ministries in India are vulnerable to data theft, hacking and cyber terrorism.

According to government sources, of about 7,000 government websites, only 3,192 have been audited for information technology (IT) security, while 3,556 others are being audited.

Most government sites are hosted by the (NIC). Before being hosted, these websites have to be given a security certificate. The government has empanelled auditors to certify the security of such websites. “According to our data, about half the are vulnerable to cyber attacks. Most of the do not have proper security checks in place,” said Yash Kadakia, head of Security Brigade, a government-empanelled security auditor.

IT Secretary said, “We have made it mandatory for all to produce a security certificate before being hosted by NIC. We have been following this policy for the last two years.” Though he agreed the number of on had risen, he denied most were vulnerable to such threats. “We are working on a comprehensive cyber security policy to make the cyber space secure,” he said.

All-round attack
According to government data, 774 have reportedly been hacked in the last five years. These attacks appear to have emanated from countries such as Australia, Bahrain, Brazil, Egypt, Germany, Indonesia, Lebanon, Libya, Morocco, Pakistan, Saudi Arabia, Spain, Turkey, the UAE, the UK and the US.

In 2009, 201 websites of various ministries and government departments were hacked. This number rose to 303 in 2010, 308 in 2011 and 294 in 2012 (till October). According to data with (CERT-In), the cyber security arm of the government, the defacement of Indian websites has almost tripled, compared to 2007.

Huge losses
The defacement and hacking of have not only brought to the fore security lapses, but also resulted in financial losses to the exchequer. According to the Reserve Bank of India, between 2009 and 2011, 489 e-fraud cases were registered, and these led to a loss of about Rs 28.46 crore. Separately, the Central Bureau of Investigation’s economic offences unit registered nine financial fraud cases between 2009 and 2012 (February). These led to a loss of Rs 43.92 crore.

This is despite the huge sums the government spends to tighten security loopholes every year. In 2012-13, the Department of Electronics and Information Technology allocated Rs 45.2 crore towards cyber security.

Manpower crunch
A major reason why NIC-hosted websites are vulnerable to is it faces a shortage of manpower. NIC outsources security audit works, as it doesn’t have the manpower required to deal with such huge traffic.

Recently, the government had appointed a committee under the chairmanship of Unique Identification Authority of India Chairman to examine NIC’s requirement for additional workforce. It is expected the committee would submit a report within three months.

There is a shortage of auditors in India. Currently, their number stands at 60.

A senior government official said the government had taken various steps to improve cyber security. These include the implementation of best practices on security, based on ISO 27001, the establishment of the National Watch & Warning System in the form of CERT-In.

Till now, ISO-27001 standard has been implemented by only 527 government organisations.

image
Business Standard
177 22
Business Standard

Half the govt websites in India are prone to cyber attacks

Data says 774 government websites have reportedly been hacked in the last five years

Piyali Mandal  |  New Delhi 

Even as the number of internet users continues to rise and the government increasingly seeks to offer citizen-centric services through the internet, data show about half the government departments and ministries in India are vulnerable to data theft, hacking and cyber terrorism.

According to government sources, of about 7,000 government websites, only 3,192 have been audited for information technology (IT) security, while 3,556 others are being audited.

Most government sites are hosted by the (NIC). Before being hosted, these websites have to be given a security certificate. The government has empanelled auditors to certify the security of such websites. “According to our data, about half the are vulnerable to cyber attacks. Most of the do not have proper security checks in place,” said Yash Kadakia, head of Security Brigade, a government-empanelled security auditor.

IT Secretary said, “We have made it mandatory for all to produce a security certificate before being hosted by NIC. We have been following this policy for the last two years.” Though he agreed the number of on had risen, he denied most were vulnerable to such threats. “We are working on a comprehensive cyber security policy to make the cyber space secure,” he said.

All-round attack
According to government data, 774 have reportedly been hacked in the last five years. These attacks appear to have emanated from countries such as Australia, Bahrain, Brazil, Egypt, Germany, Indonesia, Lebanon, Libya, Morocco, Pakistan, Saudi Arabia, Spain, Turkey, the UAE, the UK and the US.

In 2009, 201 websites of various ministries and government departments were hacked. This number rose to 303 in 2010, 308 in 2011 and 294 in 2012 (till October). According to data with (CERT-In), the cyber security arm of the government, the defacement of Indian websites has almost tripled, compared to 2007.

Huge losses
The defacement and hacking of have not only brought to the fore security lapses, but also resulted in financial losses to the exchequer. According to the Reserve Bank of India, between 2009 and 2011, 489 e-fraud cases were registered, and these led to a loss of about Rs 28.46 crore. Separately, the Central Bureau of Investigation’s economic offences unit registered nine financial fraud cases between 2009 and 2012 (February). These led to a loss of Rs 43.92 crore.

This is despite the huge sums the government spends to tighten security loopholes every year. In 2012-13, the Department of Electronics and Information Technology allocated Rs 45.2 crore towards cyber security.

Manpower crunch
A major reason why NIC-hosted websites are vulnerable to is it faces a shortage of manpower. NIC outsources security audit works, as it doesn’t have the manpower required to deal with such huge traffic.

Recently, the government had appointed a committee under the chairmanship of Unique Identification Authority of India Chairman to examine NIC’s requirement for additional workforce. It is expected the committee would submit a report within three months.

There is a shortage of auditors in India. Currently, their number stands at 60.

A senior government official said the government had taken various steps to improve cyber security. These include the implementation of best practices on security, based on ISO 27001, the establishment of the National Watch & Warning System in the form of CERT-In.

Till now, ISO-27001 standard has been implemented by only 527 government organisations.

RECOMMENDED FOR YOU

Half the govt websites in India are prone to cyber attacks

Data says 774 government websites have reportedly been hacked in the last five years

Even as the number of internet users continues to rise and the government increasingly seeks to offer citizen-centric services through the internet, data show about half the government departments and ministries in India are vulnerable to data theft, hacking and cyber terrorism.

Even as the number of internet users continues to rise and the government increasingly seeks to offer citizen-centric services through the internet, data show about half the government departments and ministries in India are vulnerable to data theft, hacking and cyber terrorism.

According to government sources, of about 7,000 government websites, only 3,192 have been audited for information technology (IT) security, while 3,556 others are being audited.

Most government sites are hosted by the (NIC). Before being hosted, these websites have to be given a security certificate. The government has empanelled auditors to certify the security of such websites. “According to our data, about half the are vulnerable to cyber attacks. Most of the do not have proper security checks in place,” said Yash Kadakia, head of Security Brigade, a government-empanelled security auditor.

IT Secretary said, “We have made it mandatory for all to produce a security certificate before being hosted by NIC. We have been following this policy for the last two years.” Though he agreed the number of on had risen, he denied most were vulnerable to such threats. “We are working on a comprehensive cyber security policy to make the cyber space secure,” he said.

All-round attack
According to government data, 774 have reportedly been hacked in the last five years. These attacks appear to have emanated from countries such as Australia, Bahrain, Brazil, Egypt, Germany, Indonesia, Lebanon, Libya, Morocco, Pakistan, Saudi Arabia, Spain, Turkey, the UAE, the UK and the US.

In 2009, 201 websites of various ministries and government departments were hacked. This number rose to 303 in 2010, 308 in 2011 and 294 in 2012 (till October). According to data with (CERT-In), the cyber security arm of the government, the defacement of Indian websites has almost tripled, compared to 2007.

Huge losses
The defacement and hacking of have not only brought to the fore security lapses, but also resulted in financial losses to the exchequer. According to the Reserve Bank of India, between 2009 and 2011, 489 e-fraud cases were registered, and these led to a loss of about Rs 28.46 crore. Separately, the Central Bureau of Investigation’s economic offences unit registered nine financial fraud cases between 2009 and 2012 (February). These led to a loss of Rs 43.92 crore.

This is despite the huge sums the government spends to tighten security loopholes every year. In 2012-13, the Department of Electronics and Information Technology allocated Rs 45.2 crore towards cyber security.

Manpower crunch
A major reason why NIC-hosted websites are vulnerable to is it faces a shortage of manpower. NIC outsources security audit works, as it doesn’t have the manpower required to deal with such huge traffic.

Recently, the government had appointed a committee under the chairmanship of Unique Identification Authority of India Chairman to examine NIC’s requirement for additional workforce. It is expected the committee would submit a report within three months.

There is a shortage of auditors in India. Currently, their number stands at 60.

A senior government official said the government had taken various steps to improve cyber security. These include the implementation of best practices on security, based on ISO 27001, the establishment of the National Watch & Warning System in the form of CERT-In.

Till now, ISO-27001 standard has been implemented by only 527 government organisations.

image
Business Standard
177 22

Upgrade To Premium Services

Welcome User

Business Standard is happy to inform you of the launch of "Business Standard Premium Services"

As a premium subscriber you get an across device unfettered access to a range of services which include:

  • Access Exclusive content - articles, features & opinion pieces
  • Weekly Industry/Genre specific newsletters - Choose multiple industries/genres
  • Access to 17 plus years of content archives
  • Set Stock price alerts for your portfolio and watch list and get them delivered to your e-mail box
  • End of day news alerts on 5 companies (via email)
  • NEW: Get seamless access to WSJ.com at a great price. No additional sign-up required.
 

Premium Services

In Partnership with

 

Dear Guest,

 

Welcome to the premium services of Business Standard brought to you courtesy FIS.
Kindly visit the Manage my subscription page to discover the benefits of this programme.

Enjoy Reading!
Team Business Standard