The Government has taken several measures to detect and prevent cyber attacks/espionage and has issued security guidelines that No sensitive information is to be stored on the systems that are connected to Internet. This was stated by the Minister of State for Communications & Information Technology, Sachin Pilot in a written reply to the Rajya Sabha.
The Government has also formulated crisis management plan for countering cyber attacks and cyber terrorism for implementation by all ministries/ departments of central government, state governments and their organizations and critical sectors. The organizations operating critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001.
Ministries and departments have been further advised to carry out their IT systems audit regularly to ensure robustness of their systems. The Indian Computer Emergency Response Team (CERT-In) has already empanelled a number of penetration testing professionals through a stringent mechanism of selection to carryout audits.
National Informatics Centre (NIC), providing services to ministries/departments is continuously strengthening the security of the network operated by them and its services by enforcing security policies, conducting regular security audits and deploying various technologies at different levels of the network to defend against the newer techniques being adopted by the hackers from time to time.
The Information Technology Act, 2000 as amended by the Information Technology (Amendment) Act, 2008 which came into force on 27.10.2009 provides legal framework to address the issues connected with hacking and security breaches of information technology infrastructure. Section 70 of the Act provides to declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system. Section 70B has empowered Indian Computer Emergency Response Team to serve as national nodal agency in the area of cyber security.
The Indian Computer Emergency Response Team (CERT-In) scans the Indian Cyber Space to detect traces of any untoward incident that poses a threat to the cyber space. CERT-In performs both proactive and reactive roles in computer security incidents prevention, identification of solution to security problems, analyzing product vulnerabilities, malicious codes, web defacements, open proxy servers and in carrying out relevant research and development. Sectoral CERTs have been functioning in the areas of defence and Finance for catering critical domains. They are equipped to handle and respond to domain specific threats emerging from the cyber systems. CERT-In has published several Security Guidelines for safeguarding computer systems from hacking and these have been widely circulated.
All government departments/ ministries, their subordinate offices and public sector undertakings have been advised to implement these guidelines to secure their computer systems and information technology infrastructure. CERT-In issues security alerts, advisories to prevent occurrence of cyber incidents and also conducts security workshops and training programs on regular basis to enhance user awareness.
Ministry of External Affairs has also issued a comprehensive set of IT security instructions for all users of MEA and periodically updates them on vulnerabilities. The Indian Missions abroad have been regularly sending information on safe computing practices. All personnel posted to Indian missions and posts abroad are being imparted IT security training.