 "Cyber criminal")
For countering cyber attacks and cyber terrorism, the Odisha government has formulated a 'Crisis Management Plan for Cyber Security in Odisha -2016' that outlines a framework for dealing with cyber related incidents.
It involves rapid identification, information exchange, swift response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical business functions and processes of the state government.
The crisis management plan is prepared in line with National Cyber Security Policy -- 2013. It aims to create the infrastructure mechanism to address the cyber security issues. As there is lack of adequate expertise in government and government agencies, the plan proposes to set up Computer Emergency Response Team-Odisha (CERT-Odisha or CERT-O) in line with CERT India (CERT-In) to cater to crisis situations in cyber security.
CERT-O, to be created, will be an unit of E&IT (electronics and information technology) department of the state government. While principal secretary of the department will be the chairperson of the governing body, representative from CERT-In (India), an expert from IIT, Bhubaneswar or IIIT, Bhubaneswar, chief information security officer (CISO) and two experts on cyber security will be members of the body. The head of CERT-O will be the member convenor.
“The modalities to establish CERT-O may be finalized by E&IT department, Odisha government. Odisha Computer Application Centre (OCAC) being the nodal agency and technical directorate of IT department, Odisha government will facilitate the provisions for IT infrastructure & support to CERT-O. At present, the CEO, OCAC or any person nominated by the government may head the CERT-O initially to start with”, read the plan.
Among others, CERT-O aims to formulate state's crisis management plan from time to time and implement the same in coordination with CERT-In and with direction of state level crisis management committee (SCMC). It will also take proactive measures to increase awareness and understanding of information security and computer security issues throughout the community of network users and service providers by disseminating security related information.
It will also act as a nodal agency to conduct security audits or assessments of government and constituent IT infrastructure in the state, evolving security policy for the state and will act as a central point for monitoring, identifying vulnerabilities and suggesting remedial measures for correcting vulnerabilities in computer and communication systems(websites & e-governance applications) belonging to government and 'certify' any e-governance or e-commerce site in the state.
The crisis management plan assumes significance as the Odisha government has witnessed a series of hacking of government websites. In the past, the websites of Regional Transport Authority (RTO), Odisha University of Agriculture Technology (OUAT), Odisha Staff Selection Commission (OSSC) and Utkal University have been hacked in the state.
