Security of Government and military computers
GOVERNMENT OF INDIA
UNSTARRED QUESTION NO-4096
4096 . SHRI PRAKASH KESHAV JAVADKAR
(a) the details of number of hacking incidents on Government and military computers;
(b) whether it is a fact that recently DRDO computers were hacked;
(c) whether Government has carried out any investigations into the origin of the hacking;
(d) if so, the details thereof; and
(e) the steps the Government intends to take to make its computers more secure?
(a): There have been attempts from time to time to launch cyber attacks on Indian cyber space. As reported to and tracked by Indian Computer Emergency Response Team (CERT-in), a total number of 308, 371 and 40 incidents of hacking of Government websites were observed during the years 2011, 2012 and 2013 (up to February) respectively.
(b): No DRDO computer has been hacked. One computer used for accessing Internet was compromised owing to a malware infection. A part of the directory structure was accessed by the malware. The infected computer was isolated from the network.
(c) and (d): The incident has been investigated by a team of experts and no leakage of contents of the computer could be traced.
(e): The Government has adopted an integrated, multi pronged strategy covering aspects such as technical, administrative, legal and people steps to make computers more secure. The government has taken the following specific measures for preventing cyber attacks:
i) Department of Electronics and Information Technology (DeitY) has circulated Computer Security Guidelines and Cyber Security Policy to all the Ministries / Departments on taking steps to prevent detect and mitigate cyber attacks.
ii) All Central Government Ministries / Departments and State / Union Territory Governments have been advised to conduct security auditing of entire Information Technology infrastructure including websites periodically to discover gaps with respect to security practices and take appropriate corrective actions.
iii) The Indian Computer Emergency Response Team (CERT-In) tracks latest cyber threats and issues advisories and alerts to organizations suggesting measures to prevent and respond to the cyber security incidents. CERT-In regularly publishes Security Guidelines and advisories for safeguarding computer systems including Websites from hacking and these are widely circulated.
iv) The “Crisis Management Plan for countering cyber attacks and cyber terrorism” was prepared and circulated for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
v) The Information Technology Act, 2000 as amended by the Information Technology (Amendment) Act, 2008 has been enforced on 27.10.2009. The Act provides legal framework to address the issues connected with security breaches of information technology infrastructure.
vi) National Informatics Centre (NIC) managing Govt. websites and providing e-mail services is implementing measures to secure the Govt. IT infrastructure from cyber attacks.
vii) National Informatics Centre (NIC) has been directed not to host web sites, which are not audited with respect to cyber security.
Expenditure on security of Government websites
UNSTARRED QUESTION NO-4095
4095 . SHRI MOTILAL VORA
(a) whether Government is aware of the fact that incidents of hacking of some sensitive Government websites by foreigners have occurred;
(b) if so, the steps taken by Government to enhance the security of various Government websites; and
(c) the expenditure incurred by Government under this head in the last two yeas and the expenditure to be incurred in 2013-2014 and 2014-15?
Security cover for railway websites
UNSTARRED QUESTION NO-589
589 . DR. JANARDHAN WAGHMARE
(b) if so, the reasons therefor;
(c) whether there are adequate measures for strict safety protocols and multiple layers of security to prevent mimicking of the website;
(d) if so, details thereof; and
(e) if not , the reasons therefor?
MINISTER OF STATE IN THE MINISTRY OF RAILWAYS ( SHRI KOTLA JAYA SURYA PRAKASH REDDY )
(a) & (b) : No, Sir. Websites of Railway zones and railway departments are hosted in a secured manner at Centre for Railway Information Systems (CRIS). Out of 21 Railway Recruitment Boards (RRBs) websites, 16 are hosted on National Informatics Centre (NIC) servers and remaining 5 are in the process of transfer to NIC servers.
(c) & (d) : Yes, Sir. For websites hosted at CRIS, applicable security procedures have been implemented as advised by Department of Information Technology, Government of India.
(e) : Does not arise.
Stay connected with us via Facebook, Google+ or Email Subscription.