The government wants to firewall hackers. The ministry of home affairs has alerted Union ministries and departments not to host their official websites on servers owned by private companies. They have been barred from hosting their websites on servers outside India.
According to the communication from the office of MHA's joint secretary (internal security), no government website should be hosted particularly on servers not located in India "as it poses a severe threat to the website".
The MHA has specifically asked ministries and departments to put up their websites on National Informatics Centre (NIC), Education and Research Network (ERNET) or any other server owned by the Union or state governments.
There have been incidents of hackers breaking into government websites hosted on private servers in the past. Recent cases of leakage of sensitive information from the National Security Council Secretariat have alerted the MHA to the risks of sensitive information being leaked through websites.
Intelligence agencies fear that hackers may break into websites hosted on private servers or servers located abroad much more easily, for these servers at times do not spend much on upgrading their firewalls. The systems administrator may also have little interest in going the extra mile to protect leakage of information. In case of information leak from a server hosted abroad, there are difficulties in investigating the case.
Hackers are known not only to deface websites, which can hurt the image of an organization, but also steal valuable data or even manipulate data or insert malicious content.
The ministry has asked all departments to consult the guidelines issued by the CERT-In. The guidelines detail how organisations can frustrate hackers by installing routers, firewalls, intrusion detection and prevention system and adopt advanced security coding practices.
The guidelines also advise about precautions to be taken in case of third party hosting -- the server should be located in India, hosting organisation should have a security policy, which is regularly audited by CERT-In experts.