and (e): Government has taken several measures to strengthen the cyber security in the country. These. inter alia. include :
(i) Government has established National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country, as per the provisions of section 70A of the Information Technology (IT) Act, 2000
(ii) The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on regular basis
(iii) Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
(iv) All the government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications will be conducted on a regular basis after hosting also.
(v) Government has empanelled 90 security auditing organisations to support and audit implementation of Information Security Best Practices.
(vi) Government has formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
(vii) Cyber security mock drills are being conducted regularly to enable assessment of cyber security posture and preparedness of organisations in Government and critical sectors. 44 such drills have so far been conducted by CERT-In where 265 organisations from different States and sectors such as Finance, Defence, Power, Telecom, Transport, Energy, Space, IT/ITeS, etc. participated.
(viii) CERT-In conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks. 19 trainings covering 515 participants conducted in the year 2019 till October.
(ix) Government has launched the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
(x) Government has set up of National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. Phase-I of NCCC has been made operational.
(b): National security including Cyber Security is of paramount importance and reasonable restrictions on the right to privacy may be justifiable under certain circumstances, subject to the principles of proportionality. These circumstances include sovereignty or integrity of India, defence of India, security of the State, public order, etc. The Supreme Court has also observed in the Puttaswami Case that any invasion of privacy must meet the requirements of:
(i) Legality – means there must be legal backing.
(ii) Need – defined in terms of legitimate State or public purpose.
(iii) Proportionality – means correlation or rational nexus between objects and the means.
(iv) Procedural guarantees – against abuse of such interference.
(c) and (d) : As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In) a total number of 199, 172, 110 and 48websites of Central Ministries/Departments and State Governments were hacked during the year 2016, 2017, 2018 and 2019 (till October) respectively. Appropriate actions were taken by Government as per applicable laws.
*******
Download PDF Files
