With the emergence of new technology and rise in the usage of the internet, the growing risk to digital data in cyberspace is a global phenomenon, Ministry of electronics and information technology informed parliament in written reply. The Government said that it was fully cognizant of the same.
There is need for a strong defence mechanism to safeguard the digital data from the danger of being hacked, attacked and hijacked.
As per the government the Indian Computer Emergency Response Team (CERT-In) coordinates incident response measures with affected organisations, service providers, respective sector regulators and law enforcement agencies, and notifies the affected organisations regarding cyber incidents, along with remedial actions to be taken.
CERT-In also issues alerts and advisories on an ongoing basis regarding the latest cyberthreats, vulnerabilities and countermeasures to protect computers and networks. CERT-In, the ministry says, has set up the National Cyber Coordination Centre to generate situational awareness regarding existing and potential cyber security threats. It operates an automated cyber-threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them.
Besides, the CERT-In has also formulated a Cyber Crisis Management Plan for countering cyberattacks etc.
To a question regarding the vulnerability of the Aadhar data and the special defence mechanism to protect that data, the ministry has said the Unique Identification Authority of India (UIDAI) has deployed extensive security defense mechanisms and safeguards to protect its digital data.
Among others, there is a multi-layered security infrastructure is in place to protect the Central Identities Data Repository (CIDR) database of the Authority. It is protected through strong data encryption, sharding to prevent data leak, IP address obfuscation, web application firewalls, database activity monitoring tools, sophisticated security management devices, encrypted connectivity with agencies in the Aadhaar ecosystem and a demilitarised zone for external access to applications.
A security operation centre continuously assesses and monitors CIDR for security risks, threats and cyber-attack indicators, the Ministry says. Besides, the CIDR is notified as a “protected system” and complies with the security requirements and advisories issued by the National Critical Information Infrastructure Protection Centre. While these measures appear reassuring, there is need for independent auditing agency periodic cyber security audits and risk assessments in addition to external information security audits by various other agencies concerned with cybersecurity matters. All other measures required to ensure safeguards should be taken without fail.
