The Minister for Communication & Information Technology, Sh. Ravi Shankar Prasad has in an written reply in Rajya Sabha informed that the cyber space is anonymous and borderless and has become very sophisticated and complex with the technological innovations and inclusion of different type of devices and services. The Government has taken several steps to tackle cyber security violations and cyber crimes in the country. The important steps taken include-
(i) In order to address the issues of
cyber security in a holistic manner, the Government has released the
National Cyber Security Policy-2013 on 02.07.2013, for public use and
implementation by all relevant stakeholders. This policy aims at
facilitating creation of secure computing environment and enabling
adequate trust and confidence in electronic transactions and also
guiding stakeholders actions for protection of cyber space. Several
steps have been taken to implement the Policy.
has setup National Critical Information Infrastructure Protection Centre
(NCIIPC) to protect the critical information infrastructure in the
(iii) Action has been initiated to set up a centre for
tracking all the compromised systems connected on the Internet in the
country and clean them on online basis so that the infection does not
carry forward. The prototype of such centre is functioning. The centre
will also collect and analyze malicious software so as to install
appropriate software to prevent malicious activities.
government websites are to be hosted on infrastructure of National
Informatics Centre (NIC), ERNET India or any other secure infrastructure
service provider in the country.
(v) All major websites are being monitored regularly to detect malicious activities.
(vi) All Central Government Ministries / Departments and State / Union
Territory Governments have been advised to conduct security auditing of
entire Information Technology infrastructure.
All the new government websites and applications are to be audited with
respect to cyber security prior to their hosting. The auditing of the
websites and applications is to be conducted on a regular basis after
hosting also. CERT-In provides necessary expertise to audit IT
infrastructure of critical and other ICT sectors.
Computer Emergency Response (CERT-In) has empanelled a total no. of 45
security auditors to carry out security audit of the IT infrastructure
of Government, Public and Private sector organizations.
Close watch is kept to scan malicious activities on the important
networks in the Government, Public and Service Providers.
All the Ministries/ Departments of Central Government and State
Governments have been asked to implement the Crisis Management Plan
(CMP) to counter cyber attacks and cyber terrorism.
National Watch and Alert System - Indian Computer Emergency Response
(CERT-In) team is working 24/7 and scanning the cyber space in the
country. The team works with Government, Service Providers, private
sector and citizens both on pro-active and reactive basis and help in
mitigating cyber incidents. The team also disseminate information and
advise on the steps for strengthening the security of the systems. They
work with the service providers to identify the computer systems which
are compromised and are participating in launching attacks, isolate them
and create corrective steps to clean them.. The system is being
strengthened regularly in terms of the resources to address all
(xi) Cyber Security mock drills are being regularly
conducted to prepare the organizations to detect, mitigate and prevent
(xii) Sectoral CERTs have been functioning in
the areas of Defence and Finance for catering to critical domains. They
are equipped to handle and respond to domain specific threats emerging
from the cyber systems.
(xiii) Information Sharing and Analysis
Centres (ISACs) for financial services has been set up at Institute for
Development and Research in Banking Technology (IDRBT). Such a centre
exchanges information on cyber incidents in financial sector and advises
them for appropriate mitigation. Action has been initiated to set up
similar ISACs in power and petroleum sector.
(xiv) India has
been recognized as Certificate Issuing Nation in the area of cyber
security under Common Criteria Recognition Arrangement (CCRA). Under
this arrangement, the certificates issued by India will be recognized
internationally. This recognition will help country to setup chain of
test centres for testing of Information Technology (IT) products with
respect to cyber security. He said that on the basis of current
availability of Information Technology (IT) Professionals and taking
into account the growth of the IT sector, the National Cyber Security
Policy envisages creation of a pool of 500000 Cyber Security
Professionals in five years.
Government has initiated
Information Security Education and Awareness (ISEA) project with the aim
to develop human resource in the area of Information Security at
various levels (Certificate level to B.Tech, M.Tech and Ph.D level).
Phase I of the programme has been completed. Domain specific training
programmes, seminars and workshops as well as capacity building for
carrying out research & development in four technology areas leading
to development of indigenous security products and solutions are
organized through the ISEA programme, Academic Institutions and
Industry. The project targets to train 1,14,038 persons through various
formal and non-formal courses, faculty training etc.
In one of
the efforts towards achieving that target, National Skill Development
Agency (NSDA) has initiated certificate / vocational level training
courses related to Cyber Security under Skill Development Initiative
Scheme (SDIS) by including a Cyber Security Modules into existing
courses run by Directorate General of Employment & Training (DGET),
Ministry of Labour. 10 courses have been included under Modular
Employability Scheme (MES) and Craftsman Training Scheme (CTS). Through
these courses, around 1.09 Lakhs professionals will be imparted training
in Cyber Security. Further, Government has set up R.C. Bose Centre for
Cryptology and Information Security at Indian Statistical Institute
(ISI), Kolkata at a cost of Rs. 115 Crores with the aim to promote inter
disciplinary research, teaching as well as training and development in
cryptology and cyber security.
With the increase in the
proliferation of Information Technology and related services there is a
rise in number of cyber security violations. The trend in increase in
cyber security violations is similar to that worldwide. As per the cyber
crime data maintained by National Crime Records Bureau (NCRB), a total
of 68, 179, 142, 217, 288, 420, 966, 1791, 2876 and 4356 Cyber Crime
cases were registered under Information Technology Act during the years
2004 to 2013 respectively. A total of 279, 302, 311, 339, 176, 276, 356,
422, 601 and 1337 cases were registered under Cyber Crime related
Sections of Indian Penal Code (IPC) during the years 2004 to 2013
respectively. In addition, a total no. of 23, 254, 552, 1237, 2565,
8266, 10315, 13301, 22060, 71780 and 96383 security incidents including
phishing, scanning, spam, malicious code, website intrusions etc. were
reported to the Indian Computer Emergency Response Team (CERT-In) during
the years 2004 to 2014 (till September) respectively. During the years
2009 to 2014 (till September) a total no. of 11831, 20701, 21699, 27605,
28481 and 14151 Indian websites were also hacked by various hacker
groups spread across worldwide.