Cyber Security Violations

The Minister for Communication & Information Technology, Sh. Ravi Shankar Prasad has in an written reply in Rajya Sabha informed that the cyber space is anonymous and borderless and has become very sophisticated and complex with the technological innovations and inclusion of different type of devices and services. The Government has taken several steps to tackle cyber security violations and cyber crimes in the country. The important steps taken include-

(i) In order to address the issues of cyber security in a holistic manner, the Government has released the National Cyber Security Policy-2013 on 02.07.2013, for public use and implementation by all relevant stakeholders. This policy aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space. Several steps have been taken to implement the Policy.

(ii) Government has setup National Critical Information Infrastructure Protection Centre (NCIIPC) to protect the critical information infrastructure in the country.

(iii) Action has been initiated to set up a centre for tracking all the compromised systems connected on the Internet in the country and clean them on online basis so that the infection does not carry forward. The prototype of such centre is functioning. The centre will also collect and analyze malicious software so as to install appropriate software to prevent malicious activities.

(iv) All government websites are to be hosted on infrastructure of National Informatics Centre (NIC), ERNET India or any other secure infrastructure service provider in the country.

(v) All major websites are being monitored regularly to detect malicious activities.

(vi) All Central Government Ministries / Departments and State / Union Territory Governments have been advised to conduct security auditing of entire Information Technology infrastructure. All the new government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is to be conducted on a regular basis after hosting also. CERT-In provides necessary expertise to audit IT infrastructure of critical and other ICT sectors.

(vii) Indian Computer Emergency Response (CERT-In) has empanelled a total no. of 45 security auditors to carry out security audit of the IT infrastructure of Government, Public and Private sector organizations.

(viii) Close watch is kept to scan malicious activities on the important networks in the Government, Public and Service Providers.

(ix) All the Ministries/ Departments of Central Government and State Governments have been asked to implement the Crisis Management Plan (CMP) to counter cyber attacks and cyber terrorism.

(x) The National Watch and Alert System - Indian Computer Emergency Response (CERT-In) team is working 24/7 and scanning the cyber space in the country. The team works with Government, Service Providers, private sector and citizens both on pro-active and reactive basis and help in mitigating cyber incidents. The team also disseminate information and advise on the steps for strengthening the security of the systems. They work with the service providers to identify the computer systems which are compromised and are participating in launching attacks, isolate them and create corrective steps to clean them.. The system is being strengthened regularly in terms of the resources to address all incidents.

(xi) Cyber Security mock drills are being regularly conducted to prepare the organizations to detect, mitigate and prevent cyber incidence.

(xii) Sectoral CERTs have been functioning in the areas of Defence and Finance for catering to critical domains. They are equipped to handle and respond to domain specific threats emerging from the cyber systems.

(xiii) Information Sharing and Analysis Centres (ISACs) for financial services has been set up at Institute for Development and Research in Banking Technology (IDRBT). Such a centre exchanges information on cyber incidents in financial sector and advises them for appropriate mitigation. Action has been initiated to set up similar ISACs in power and petroleum sector.

(xiv) India has been recognized as Certificate Issuing Nation in the area of cyber security under Common Criteria Recognition Arrangement (CCRA). Under this arrangement, the certificates issued by India will be recognized internationally. This recognition will help country to setup chain of test centres for testing of Information Technology (IT) products with respect to cyber security. He said that on the basis of current availability of Information Technology (IT) Professionals and taking into account the growth of the IT sector, the National Cyber Security Policy envisages creation of a pool of 500000 Cyber Security Professionals in five years.

Government has initiated Information Security Education and Awareness (ISEA) project with the aim to develop human resource in the area of Information Security at various levels (Certificate level to B.Tech, M.Tech and Ph.D level). Phase I of the programme has been completed. Domain specific training programmes, seminars and workshops as well as capacity building for carrying out research & development in four technology areas leading to development of indigenous security products and solutions are organized through the ISEA programme, Academic Institutions and Industry. The project targets to train 1,14,038 persons through various formal and non-formal courses, faculty training etc.

In one of the efforts towards achieving that target, National Skill Development Agency (NSDA) has initiated certificate / vocational level training courses related to Cyber Security under Skill Development Initiative Scheme (SDIS) by including a Cyber Security Modules into existing courses run by Directorate General of Employment & Training (DGET), Ministry of Labour. 10 courses have been included under Modular Employability Scheme (MES) and Craftsman Training Scheme (CTS). Through these courses, around 1.09 Lakhs professionals will be imparted training in Cyber Security. Further, Government has set up R.C. Bose Centre for Cryptology and Information Security at Indian Statistical Institute (ISI), Kolkata at a cost of Rs. 115 Crores with the aim to promote inter disciplinary research, teaching as well as training and development in cryptology and cyber security.

With the increase in the proliferation of Information Technology and related services there is a rise in number of cyber security violations. The trend in increase in cyber security violations is similar to that worldwide. As per the cyber crime data maintained by National Crime Records Bureau (NCRB), a total of 68, 179, 142, 217, 288, 420, 966, 1791, 2876 and 4356 Cyber Crime cases were registered under Information Technology Act during the years 2004 to 2013 respectively. A total of 279, 302, 311, 339, 176, 276, 356, 422, 601 and 1337 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during the years 2004 to 2013 respectively. In addition, a total no. of 23, 254, 552, 1237, 2565, 8266, 10315, 13301, 22060, 71780 and 96383 security incidents including phishing, scanning, spam, malicious code, website intrusions etc. were reported to the Indian Computer Emergency Response Team (CERT-In) during the years 2004 to 2014 (till September) respectively. During the years 2009 to 2014 (till September) a total no. of 11831, 20701, 21699, 27605, 28481 and 14151 Indian websites were also hacked by various hacker groups spread across worldwide.