On May 12, the National Center for Information Science (NIC) learned that all ministries and government departments were warned that “more threatening in cyberspace” and security measures needed to protect all government communications.
On May 10, in view of “cyber threats and incidents across the country, the secretaries of all ministries requested “internal cybersecurity preparation”. It was observed that the rapid development of technology “expands the surface of attacks and strengthens the complexity of cyber risks.”
On April 24, a highly “severe” “emergency security alert” was issued to protect all government websites, applications and ICT infrastructure, with all “critical” government applications placed behind a professional firewall.
Since the terrorist attack on April 22, computer emergency response teams in NIC and India, computer emergency response teams such as CERT-IN have been fighting major cyber attacks. ET first reported on how to block more than 30-40 major cyber attacks in government interfaces every day, with finance and power sectors and data centers being the main targets.
Most of the cyber attacks have aimed at definition, data breach and rendering the website dysfunctional by flooding it with artistic traffic.Pointing to the “prevailing geo-political situation and increased threat perception in cyberspace”, all were advised to be alert and to ensure proper cyber security hygiene and best practices were followed both at personal desktop/laptop level as well as at application, database, server, data centre and network has asked all organizations to ensure immediate implementation of best practices for network security, including regular password changes, use of powerful and unique passwords, avoid suspicious or spam emails to ensure unmanaged LAN network devices are removed from the network, and upgrade all PCs/devices’ operating systems to the latest version/patch/patch and disassemble all computers/devices.
Each department is directed to conduct internal cybersecurity preparation exercises through its deputy chief information security officer to “stay ahead of evolving cyber threats and build a proactive adaptive security culture at all levels”.
NIC and CERT-IN also highlighted the critical nature of electronic services that host all government communications and avoided the use of public computers and devices, etc. by strictly following several recommendations of VPN access protocols. It is emphasized that government personnel are not allowed to store certificates on phones/computers, or exchange any sensitive information through third-party messaging applications/emails or social media.
Specific security instructions have been sent to all people involved in testing, auditing, operations and troubleshooting, any government website, application or database or ICT infrastructure/services.
