(a) and (b): The Government is committed to ensure that the Internet in India is Open, Safe & Trusted and Accountable for all users. Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in India. CERT-In has reported that a total number of 14,02809 & 21,2485 cyber security incidents are observed during the year 2021 & 2022 (upto February) respectively.
(c) and (d): Government has taken following training programme initiatives which, inter alia, include:
i. Ministry of Electronics and Information Technology (MeitY) has implemented ''Information Security Education and Awareness’ (ISEA) programme with the objective of capacity building in the area of Information Security, training of Government personnel and creation of mass Information Security awareness. The project is implemented with 52 academic and training institutions across the country through formal and non-formal courses.
Specific books, videos and online materials are developed for children, parents and general users about information security which are disseminated through portals like “www.infosecawareness.in”, and “www.cyberswachhtakendra.gov.in”.
ii. MeitYoffers generic training (awareness level) and foundation training (advanced level) online in Cyber Security for officers of Central Government Ministries/Departments. A total number of 10177 officers/staff from various Ministries/Departments have attended generic training (awareness level) and 605 officers/staff have successfully completed foundation training (advanced level).
iii. MeitY conducts deep dive training on cyber security for Chief Information Security Officers (CISOs) and frontline IT officials from Central/State Governments, Public Sector Undertakings (PSUs), PSU Banks and Government organisations in collaboration with industry consortium in Public Private Partnership (PPP) mode to enable them to deal with challenges of cyber security.
iv. Indian Computer Emergency Response Team (CERT-In) conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks. 15 and 19 training programs were conducted covering 708 and 5169 participants during the year 2020 and 2021 respectively.
v. Cyber security exercises and drills are conducted regularly by CERT-In for capacity building and to enable assessment of cyber security posture and preparedness of organisations in Government and critical sectors. 64 such drills have so far been conducted by CERT-In where 820 organizations from different States and sectors participated.
vi. CERT-In conducts workshops for Ministries, Departments, States & UTs and organizations to sensitise them about the cyber security threat landscape and enable them to prepare and implement the Cyber Crisis Management Plan (CCMP). 128 CCMP workshops were conducted till February 2022 by CERT-In. Out of these, 31 CCMP workshops conducted during the year 2021.
vii. The cyber-security training programmes for employees of Government and Private Sector Utilities in the Power Sector are conducted through the designated Institutes like National Power Training Institute (NPTI).
viii. Cyber security training besides awareness programs and sessions are conducted regularly for all Information Technology (IT) / Operational Technology (OT) personnel of Power Sector Utilities and other stake holders.
(e): Government is fully cognizant and aware of various cyber security threats; and has taken following other measures to enhance the cyber security posture and prevent cyber-attacks:
i. Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis to ensure safe usage of digital technologies. CERT-In has issued 68 advisories for data security and mitigating fraudulent activities.
ii. Security tips are published by CERT-In for users to secure their desktops, mobile/smart phones and preventing phishing attacks.
iii. CERT-In operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
iv. CERT-In operates an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them.
v. Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
vi. CERT-In has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats. Phase-I of NCCC is operational.
vii. CERT-In also co-operates, works and coordinates incident response measures with international CERTs, overseas organisations and service providers as well as Law Enforcement Agencies
viii. The analytic centre at National Critical Information Infrastructure Protection Center (NCIIPC) provides near real time threat intelligence and situational awareness based on which regular alerts and tailored advisories are sent to Critical Information Infrastructure/ Protected System entities .
*******
Download PDF Files
