Nearly 6 lakh cyberattacks target govt entities in 5 years; Defence units not spared, too

Photo of author

By admin

Hack

Reuters

Government departments, including defence units, experienced nearly six lakh cyber attacks during the last five years, and the number of these attacks has increased during the last couple of years. Sharing details in the Rajya Sabha Minister of State for Electronics and Information Technology, Jitin Prasada, on Friday informed that 5,85,669 cyber attacks were reported in many government entities and departments, including defence units, during the last five years.

Sharing year-wise details, the Minister said that as per the information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), in 2019, 85,797 were reported. The number of attacks was 54,314 in 2020. In 2021, 48,285 attacks were experienced, and thus the number jumped to 1,92,439 in 2022. In 2023, 2,04,844 cyberattacks were reported.

The Minister, however, assured that the policies of the government were aimed at ensuring an open, safe, trusted, and accountable internet for its users.

cyber attacks

Rajya Sabha

“The Indian Computer Emergency Response Team (CERT-In) is designated as the national agency for responding to cybersecurity incidents under the provisions of section 70B of the Information Technology Act, 2000.

Steps taken by the government to face challenge of cybersecurity threats

The Minister said that the government is fully cognizant and aware of various cybersecurity threats and has taken many measures to enhance the cyber security posture and prevent cyber-attacks. The government has given directions to all Central Ministries/Departments and States/UTs to appoint Chief Information Security Officers (CISOs) to deal with cyber security matters.

The government has established the National Critical Information Infrastructure Protection Centre (NCIIPC) for the protection of critical information infrastructure in the country under the provisions of section 70A of the Information Technology (IT) Act, 2000.

NCIIPC provides threat intelligence, situational awareness, alerts & advisories, and information on vulnerabilities to organizations having Critical Information Infrastructure (Clls)/Protected Systems (PSs) for taking preventive measures from cyber attacks and cyber terrorism.

The National Cyber Coordination Centre (NCCC) implemented by the CERT-In serves as the control room to scan the cyberspace in the country and detect cyber security threats. The NCCC facilitates coordination among different agencies by sharing with them the metadata from cyberspace for taking actions to mitigate cyber security threats.

CERT-In has formulated a Cyber Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/Departments of Central Government, State Governments, and their organizations and critical sectors.

Cyber Swachhta Kendra (CSK) is a citizen-centric service provided by CERT-In that extends the vision of Swachh Bharat to the cyberspace. Cyber Swachhta Kendra is the Botnet Cleaning and Malware Analysis Centre and helps to detect malicious programs, provides free tools to remove the same, and also provides cyber security tips and best practices for citizens and organizations.

The Computer Security Incident Response Team-Finance Sector (CSIRT-Fin) has been set for responding to containing and mitigating cyber security incidents reported from the financial sector under the umbrella and guidance of CERT-In.

CERT-In issued Cyber Security Directions in April 2022 under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedures, prevention, response, and reporting of cyber incidents for safe and trusted Internet.

CERT-In issued guidelines on information security practices for government entities in June 2023, covering domains such as data security, network security, identity and access management, application security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security auditing.

Cybersecurity

Google Workspace bug allows untraceable data theft from Drive files.IANS

CERT-In issued Guidelines for Secure Application Design, Development, and Implementation and Operations in September 2023. CERT-In has also released the Software Bill of Materials (SBOM) guidelines for entities, particularly those in the public sector, government, essential services, organizations involved in software export and software services industry in October 2024 to help organizations know exactly what components are in their software or assets, making it easier to identify and fix vulnerabilities.

Advisory issued to various ministries

The Minister said that the CERT-In issued an advisory to various ministries in November 2023 outlining the measures to be taken for strengthening the cyber security of all entities that are processing digital personal data or information, including sensitive personal data or information.

“CERT-In issues alerts and advisories regarding the latest cyber threats/vulnerabilities and countermeasures to protect computers, mobile phones, networks, and data on an ongoing basis”, he said, adding, “CERT-In operates an automated cyber threat intelligence exchange platform for proactively collecting, analyzing and sharing tailored alerts with organizations across sectors for proactive threat mitigation actions by them”.

CERT-In has empaneled 155 security auditing organizations to support and audit the implementation of Information Security Best Practices.

CERT-In coordinates incident response measures with international CERTs, service providers as well as Law Enforcement Agencies (LEAs).

The Minister further informed that cyber security mock drills are conducted regularly to enable the assessment of cyber security posture and preparedness of organizations and enhance resilience in Government and critical sectors.

The National Informatics Centre (NIC) provides Information Technology (IT) support to ministries, departments, and agencies of the Central Government, State Governments, and district administrators for various e-governance solutions and follows information security policies and practices in line with industry standards and practices, aimed at preventing cyber-attacks and safeguarding data.

Leave a Comment