HomeRailways

Security of Government and military computers, Expenditure on security of Government websites & Security cover for railway websites

Security of Government and military computers

GOVERNMENT OF INDIA

MINISTRY OF  COMMUNICATION AND INFORMATION TECHNOLOGY
RAJYA SABHA

UNSTARRED QUESTION NO-4096

ANSWERED ON-03.05.2013
Security of Government and military computers

4096 . SHRI PRAKASH KESHAV JAVADKAR

(a) the details of number of hacking incidents on Government and military computers;
(b) whether it is a fact that recently DRDO computers were hacked;
(c) whether Government has carried out any investigations into the origin of the hacking;
(d) if so, the details thereof; and
(e) the steps the Government intends to take to make its computers more secure?

ANSWER

(a): There have been attempts from time to time to launch cyber attacks on Indian cyber space. As reported to and tracked by Indian Computer Emergency Response Team (CERT-in), a total number of 308, 371 and 40 incidents of hacking of Government websites were observed during the years 2011, 2012 and 2013 (up to February) respectively.

(b): No DRDO computer has been hacked. One computer used for accessing Internet was compromised owing to a malware infection. A part of the directory structure was accessed by the malware. The infected computer was isolated from the network.

(c) and (d): The incident has been investigated by a team of experts and no leakage of contents of the computer could be traced.

(e): The Government has adopted an integrated, multi pronged strategy covering aspects such as technical, administrative, legal and people steps to make computers more secure. The government has taken the following specific measures for preventing cyber attacks:

i) Department of Electronics and Information Technology (DeitY) has circulated Computer Security Guidelines and Cyber Security Policy to all the Ministries / Departments on taking steps to prevent detect and mitigate cyber attacks.
ii) All Central Government Ministries / Departments and State / Union Territory Governments have been advised to conduct security auditing of entire Information Technology infrastructure including websites periodically to discover gaps with respect to security practices and take appropriate corrective actions.
iii) The Indian Computer Emergency Response Team (CERT-In) tracks latest cyber threats and issues advisories and alerts to organizations suggesting measures to prevent and respond to the cyber security incidents. CERT-In regularly publishes Security Guidelines and advisories for safeguarding computer systems including Websites from hacking and these are widely circulated.
iv) The “Crisis Management Plan for countering cyber attacks and cyber terrorism” was prepared and circulated for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
v) The Information Technology Act, 2000 as amended by the Information Technology (Amendment) Act, 2008 has been enforced on 27.10.2009. The Act provides legal framework to address the issues connected with security breaches of information technology infrastructure.
vi) National Informatics Centre (NIC) managing Govt. websites and providing e-mail services is implementing measures to secure the Govt. IT infrastructure from cyber attacks.
vii) National Informatics Centre (NIC) has been directed not to host web sites, which are not audited with respect to cyber security.

*******

Expenditure on security of Government websites

GOVERNMENT OF INDIA
MINISTRY OF  COMMUNICATION AND INFORMATION TECHNOLOGY
RAJYA SABHA

UNSTARRED QUESTION NO-4095

ANSWERED ON-03.05.2013
Expenditure on security of Government websites

4095 . SHRI MOTILAL VORA

(a) whether Government is aware of the fact that incidents of hacking of some sensitive Government websites by foreigners have occurred;
(b) if so, the steps taken by Government to enhance the security of various Government websites; and
(c) the expenditure incurred by Government under this head in the last two yeas and the expenditure to be incurred in 2013-2014 and 2014-15?

ANSWER

(a) and (b): The Government websites host information for public dissemination. No sensitive information is hosted on Government websites. As per the guidelines of the Government, the Computer systems with sensitive information are isolated from Internet. Various measures have been taken by the Government to detect and prevent cyber attacks on websites and enhance the security of Government websites. These are:
i) All the new government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is conducted on a regular basis after hosting also.
ii) It has been mandated that all government websites to be hosted on infrastructure of National Informatics Centre (NIC), Education and Research Network (ERNET) or any other secure infrastructure service provider in the country.
iii) National Informatics Centre (NIC) which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure.
iv) National Informatics Centre (NIC) has been directed not to host web sites, which are not audited with respect to cyber security.
v) Legal Framework in the form of Information Technology Act, 2000. The Act provides legal framework to address the issues connected with cyber attacks and security breaches of information technology infrastructure.
vi) All the Ministries/ Departments of Central Government and State Governments have been asked to implement the Crisis Management Plan to counter cyber attacks and cyber terrorism.
vii) The Government has circulated Computer Security Policy and Guidelines to all the Ministries/Departments on taking steps to prevent, detect and mitigate cyber attacks. In addition, all State governments and UTs have been advised to implement appropriate security measures to prevent hacking of websites.
viii) The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis. CERT-In has published guidelines for securing the websites, which are available in its website (www.cert-in.org.in). CERT-In also conducts regular training programmes to make the system administrators aware about secure hosting of the websites.
(c): Rs. 126.1 Crores have been utilized by the Department of Electronics and Information Technology (DeitY) for the last 2 years on cyber security including website security related Information infrastructure. Rs. 500 Crores have been allocated for Department of Electronics and Information Technology (DeitY) in the 12th plan period (2012-17) for Cyber Security programme and Rs. 54.37 Crores have been allocated for the period 2013 – 14 for cyber security.
*******

Security cover for railway websites

GOVERNMENT OF INDIA
MINISTRY OF  RAILWAYS
RAJYA SABHA

UNSTARRED QUESTION NO-589

ANSWERED ON-01.03.2013
Security cover for railway websites

589 . DR. JANARDHAN WAGHMARE
N.K. SINGH

(a) whether websites of Railway zones and railway departments are controlled by independent web domains which have low security cover compared to most other Government websites which run on a common platform managed by the National Informatics Centre and are controlled by respectrive organizations and State Governments;

(b) if so, the reasons therefor;
(c) whether there are adequate measures for strict safety protocols and multiple layers of security to prevent mimicking of the website;
(d) if so, details thereof; and
(e) if not , the reasons therefor?

ANSWER

MINISTER OF STATE IN THE MINISTRY OF RAILWAYS ( SHRI KOTLA JAYA SURYA PRAKASH REDDY )

(a) & (b) : No, Sir. Websites of Railway zones and railway departments are hosted in a secured manner at Centre for Railway Information Systems (CRIS). Out of 21 Railway Recruitment Boards (RRBs) websites, 16 are hosted on National Informatics Centre (NIC) servers and remaining 5 are in the process of transfer to NIC servers.

(c) & (d) : Yes, Sir. For websites hosted at CRIS, applicable security procedures have been implemented as advised by Department of Information Technology, Government of India.

(e) : Does not arise.

***
Source: Rajyasabha.nic.in

Stay connected with us via Facebook, Google+ or Email Subscription.

Subscribe to Central Government Employee News & Tools by Email [Click Here]
Follow us: Twitter [click here] | Facebook [click here] Google+ [click here]
Admin

COMMENTS

WORDPRESS: 0