Regular audits, policies and a crisis management plan to secure our cyber space, but is it enough?
The government plans to spend a whopping Rs 10,000 crore, or three per cent of its annual plan budget, on e-governance projects in 2010-11, said an official from the Ministry of Information and Technology.
Despite this and the new amendment to the Information Technology (IT) Act that gives more teeth to the police if you sell sensitive data from your office, hack someone*s Orkut profile or browse unauthorised porn sites, when it comes to securing cyber space, experts are still critical of India*s efforts. The latest example is hacking of the Central Bureau of Investigation*s (CBI)website.
"India would feature in the bottom five if countries were rated on their budget for defending cyber space. The corporate sector spends just as little on cyber security. I used to be on the board of the Bombay Stock Exchange and I know first hand," rues Vijay Mukhi, Consultant Cyber Law - DSK Legal.
However, senior officials with the Union Communication and IT department counter that with, "The government has taken several measures to prevent attacks and espionage. As per existing computer security guidelines, no sensitive information is to be stored on the systems connected to Internet. A Crisis Management Plan to counter cyber attacks and terrorism is to be implemented by all ministries, departments and critical sectors." All organisations operating on critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001.
They have also been instructed to conduct regular system audits to ensure a robust system. The Indian Computer Emergency Response Team (CERT-In) has already empanelled penetration-testing professionals to carry out audits.
The National Informatics Centre (NIC) is strengthening the network security operated by them and its services by enforcing regular security audits and deploying technology to defend them against newer techniques being adopted by hackers from time to time.
Biswaji Behera, Research Director, Information Sharing and Analysis Centre, a government of India supported body, agrees, "The government is taking measures to protect the critical infrastructure of the country by R&D on cyber safety, security awareness programmes."