Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:
(a) whether the Government has taken adequate steps to counter both the cyber-attacks and cyber terrorism and if so, the details thereof; and
(b) whether the incidents of cyber-attacks and hacking of Indian websites from hackers of foreign countries are on the rise and if so, the details thereof and the requisite steps taken by the Government in this regard?
(a) and (b) :Government is fully cognizant and aware of various cyber security threats including cyber terrorism; and has taken following measures to enhance the cyber security posture and prevent cyber-attacks:
i. Government has formulated a Cyber Crisis Management Plan for countering cyber-attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
ii. The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on regular basis.
iii. Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
iv. All the government websites and applications are audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is conducted on a regular basis after hosting also.
v. Government has empanelled security auditing organisations to support and audit implementation of Information Security Best Practices.
vi. Cyber security mock drills are conducted regularly in Government and critical sectors. 61 such drills have so far been conducted by CERT-In where 600 organisations from different States and sectors participated.
vii. CERT-In conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber-attacks. 15 and 17 training programs were conducted covering 708 and 4801 participants during the year 2020 and 2021 (till October 2021) respectively.
viii. Government is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
ix. Government has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats. Phase-I of NCCC is operational.
x. CERT-In co-operates, works and coordinates incident response measures with international CERTs, overseas organisations and service providers as well as Law Enforcement Agencies.
xi. Ministry of Home Affairs (MHA) has issued National Information Security Policy and Guidelines (NISPG) to all Ministries and Government Departments for implementation.
Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in India. CERT-In has reported that a total number of 17560, 24768, 26121 and 25870 Indian websites were hacked during the year 2018, 2019, 2020 and 2021 (upto October) respectively.
There have been attempts from time to time to launch cyber-attacks on Indian cyber space. It has been observed that attackers are compromising computer systems located in different parts of the world and use masquerading techniques and hidden servers to hide the identity of actual systems from which the attacks are being launched.
According to the logs analyzed and made available to CERT-In, the Internet Protocol (IP) addresses of the computers from where the attacks appear to be originated belong to various countries including Algeria, Brazil, China, France, Germany, Hong Kong, Indonesia, Netherlands, North Korea, Pakistan, Russia, Serbia, South Korea, Taiwan, Thailand, Tunisia, Turkey, USA, Vietnam etc.
********