...
...
Next Story

Security gaps in ICMR system as per Cert-In, reveals House panel report

In the Tuesday report, the committee said that it wants to be informed about the security practices adopted by ministry of electronics and information technology (Meity).

Published on: Mar 12, 2025 08:18 AM IST
Advertisement

The Indian Council of Medical Research (ICMR) had multiple security gaps including insecure application design and inadequate security controls, the Indian Computer Emergency Response Team (Cert-In) found after it received threat intelligence reports about the sale of personal data from ICMR in October 2023, the IT ministry had informed the parliamentary standing committee on communications and information technology in its Action Taken Notes submitted on January 7, according to the report tabled by the committee on Tuesday.

Security gaps in ICMR system as per Cert-In, reveals House panel report
Security gaps in ICMR system as per Cert-In, reveals House panel report

The committee, in turn, wants to know about the analysis report shared with law enforcement agency for investigation, and if the security gaps have been addressed and the number of data breaches have reduced.

The Cert-In had recommended to ICMR that it should, among other things, have a clear and documented security policy, adopt a risk-based approach to security, conduct regular risk assessments, ensure security by design for application development and operations, and conduct a security audit of the entire ICMR ecosystem.

In the Tuesday report, the committee said that it wants to be informed about the security practices adopted by ministry of electronics and information technology (Meity) to ensure “fool proof security measures during the entire data life cycle and steps taken for its effective monitoring and enforcement”.

Meity had also informed the committee in the January 7 Action Taken Notes that more than 250 Android and banking related malware, that are usually sideloaded (that is, not downloaded from the official Google Play Store) have been blocked at the recommendation of the Indian Cyber Crime Coordination Centre (I4C). I4C had also recommended that more that 130 suspicious loan apps be suspended for violating Google’s policy.

The committee now sought to know if the information about such malware is only shared with Big Tech companies such as Google or if it has been shared with “local and indigenous search engines, if any, or with the agencies working for Digital Connectivity in rural areas of the Country”.

I4C has also requested RBI to whitelist all mobile apps for instant loans. I4C has also asked RBI to identify all non-active, defunct and non-compliant NBFCs as they are used to commit cyber frauds by unregistered entities. The committee now wants to know about the action taken by RBI and of any delays. It also wants to know about the action taken by law enforcement agencies under MHA related to fraudulent lending apps.

 
ABOUT THE AUTHOR
Aditi Agrawal

Aditi covers technology policy, online free speech, privacy, cybersecurity, and surveillance.

Check India news real-time updates, latest news on Hindustan Times and more across India.
Check India news real-time updates, latest news on Hindustan Times and more across India.
SHARE THIS ARTICLE ON