India Insights with Suparna Goswami

Critical Infrastructure Security , Endpoint Security , Fraud Management & Cybercrime

Ministry of Home Affairs Needs to Go Beyond Security Basics

Best Practices Tips Helpful, But More Needs to Be Done
Ministry of Home Affairs Needs to Go Beyond Security Basics

The Ministry of Home Affairs recently released a document on information security best practices for government officials.

The document discusses how to avoid social engineering attacks. It covers such topics as password management, general internet browsing and email communication.

But clearly, it's important to make sure that government officials follow basic cybersecurity principals as well as move on to more sophisticated steps. 

Some critics are blasting MHA for focusing on very basic material. For example, it advises government officials to only click on links that have "https" in the browser. It also suggests avoiding sharing passwords or storing them in a readable format.

While the MHA is instructing public officials on cybersecurity basics, everyone else is talking about far more advanced topics, including DevSecOps, and the role of blockchain in security.

But clearly, it's important to make sure that government officials follow basic cybersecurity principals as well as move on to more sophisticated steps. And over the past five years, the MHA, under the leadership of Rajnath Singh, has been instrumental in setting up a number of cyber cells plus a cyber portal for women and children as well as a national cybersecurity coordination center.

Tackling the Vulnerabilities

As India pursues greater levels of digitization, many government websites continue to be vulnerable to hacking and cyberattacks because they have basic vulnerabilities.

Recently, the Uttar Pradesh State Road Transport Corporation based in Uttar Pradesh exposed a database of millions as it was built on weak and old framework. The application did not use a firewall, and there was no rate limiting to control the amount of incoming and outgoing traffic to or from a network.

Many government websites continue to suffer from SQL injection vulnerabilities. More often than not, data does not get stored in an encrypted format.

About 105 government websites were hacked during the first 11 months of 2018, CERT-In reported. Earlier this year, over 90 Indian government websites and critical systems were attacked by self-proclaimed Pakistani hackers within hours of the Pulwama suicide strike in which 40 soldiers of India's Central Reserve Police Force were killed.

All these incidents led French researcher Robert Baptiste to say that government websites in India are among the most vulnerable he's come across. "Usually, government websites in other countries are secure, but in India it is a different story," he says.

The Challenges Ahead

The challenge ahead for MHA is to ensure that its recommendations on cybersecurity basics are implemented - and that many other more sophisticated steps are taken to enhance the security of government websites and citizens' data.

MHA needs to make sure that CERT-In conducts regular checks and audits to ensure that the recommended practices are followed. Cyber education is the need of the hour, and the training must be conducted on a regular basis. The only way the recommendations will be carried out is through persistence.



About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Suparna Goswami is Associate Editor at ISMG Asia and has more than 10 years of experience in the field of journalism. She has covered a variety of beats ranging from global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine, and leading Indian newspapers like DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.