In wake of increased attacks, govt trains 4,000 officials in cybersecurity
The ministry of electronics and information technology (MeitY) has virtually trained over 4,000 government officials in cyber safety in the last three months, in the wake of an increase in such attacks, officials familiar with the matter told Hindustan Times.
The course, which started in December last, offers two variants — a one-day basic training to avoid cases of cyber breaches and digital sanitisation, and a five-day deep dive into the technical aspects of the same. Centre for Development of Advanced Computing (CDAC), Hyderabad is the implementing agency for both the training programmes. “More government officials are increasingly applying for the course,” an official said on the condition of anonymity. “We aim to try and train all government employees in the course of six months.”
HT, last month, reported several instances in which government domain email addresses were used to launch cyber attacks.The discovery of critical vulnerabilities in several government servers, which could have given attackers access to sensitive networks, underscores the need for the country’s digital infrastructure to be made more secure.
The training includes information security at the organisational level, cyber ethics and details of cyber offences, data, passwords and email security, mobile security, mobile app security and social engineering attacks. The initial six to eight hours, which constitute the basic training, also cover social networking security and secured financial transactions. A 1,000 participants can be trained during the webinar, according to the course document accessed by HT.
The advanced session, officials said, had fewer takers. Over 500 people signed up and completed the programme that addresses cyber security basics for IT/ICT environment, information security policies, procedures and guidelines and system and network security concepts. The programme includes information security audit and assessments including various cyber security threats and incident response. This session is more focused and has 10 participants during one course.
The country has seen a sharp spike in the number of cyber incidents across different sectors. As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), 17,560, 24,768 and 26,121 Indian websites were hacked during the year 2018, 2019 and 2020, respectively, the ministry told the Rajya Sabha on March 18 in response to an unstarred question.
“According to the logs analysed and made available to CERT-In, the Internet Protocol (IP) addresses of the computers from where the attacks appear to be originated belong to various countries including Algeria, Brazil, China, France, Indonesia,Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey,USA, Vietnam, etc,” the ministry had said.
Union minister of state for MeitY Sanjay Dhotre also told the Parliament that in the last six months, during the Covid-19 pandemic, there has been a rise in scanning and malware infections across sectors.
A total of 110, 54, and 59 websites of Central ministries, departments, and state governments were hacked in 2018, 2019, and 2020, respectively, the minister said in a written reply to the Rajya Sabha.
HT, on March 5 reported that cyber operations by state actors and the abuse of social media for “narrative warfare” are some of the particular threats likely to be recognised by the government in the National Cyber Security Strategy, 2021 (NCSS 2021), a policy paper that could also make it mandatory for any business or government department with a significant IT interface to set up a cyber safety cell.
This will be part of a long-awaited overhaul in how India sees and approaches dangers in the digital domain. India’s current posture stems from the National Cyber Security Policy of 2013, which officials and experts say has become outdated in the face of a threat landscape that affects national security, governance and critical infrastructure, communications, and business more deeply than ever.
Over the last couple of years, India has also faced several high-profile cyber attacks, including those purportedly originating in North Korea that targeted the Kudankulam Nuclear Power Plant and the Indian Space Research Organisation (Isro) in 2019. Earlier this week, security consultants reported finding a China-backed operation to target India’s electricity grid.
Subimal Bhattacharjee, an independent consultant on defence and cyber issues, said that the online cyber security training for government employees is desirable and should be pursued with more vigour. “This is a good step by the government to sensitise basics to all employees and also have a special course of technical staff of every ministry/department,” he said. “At the same time, the employees also should be trained about they should keep their official and government online platforms separately and have well defined access control to official networks. More number of employees should be motivated to undertake these courses and keep on updating themselves after the courses periodically.”