Cyber attacks intensity continues to increase globally and this part of it is no exception. With the emergence of new technology and rise in the usage of the internet, the growing risk to digital data in cyberspace is a global phenomenon, the ministry of electronics and information technology informed parliament in a written reply earlier this year. The Government said that it was fully cognizant of the same.
There is a need for a strong defence mechanism to safeguard the digital data from the danger of being hacked, attacked and hijacked.
As per the government the Indian Computer Emergency Response Team (CERT-In), India’s cybersecurity agency, coordinates incident response measures with affected organisations, service providers, respective sector regulators and law enforcement agencies, and notifies the affected organisations regarding cyber incidents, along with remedial actions to be taken.
CERT-In has introduced a set of guidelines for organisations to comply with when connected to the digital realm. This included the mandatory obligation to report cyber attack incidents within hours of identifying them, and designating a point person with domain knowledge to interact with CERT-In. India’s draft Digital Personal Protection Bill 2022 proposes a penalty of up to Rs 500 crore for data breaches.
CERT-In also issues alerts and advisories on an ongoing basis regarding the latest cyberthreats, vulnerabilities and countermeasures to protect computers and networks. CERT-In, the ministry says, has set up the National Cyber Coordination Centre to generate situational awareness regarding existing and potential cyber security threats. It operates an automated cyber-threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them.
Besides, the CERT-In has also formulated a Cyber Crisis Management Plan for countering cyberattacks etc.
As regards the question regarding the vulnerability of the Aadhar data and the special defence mechanism to protect that data, the ministry has said the Unique Identification Authority of India (UIDAI) has deployed extensive security defense mechanisms and safeguards to protect its digital data.
Among others, a multi-layered security infrastructure is in place to protect the Central Identities Data Repository (CIDR) database of the Authority. It is protected through strong data encryption, sharding to prevent data leak, IP address obfuscation, web application firewalls, database activity monitoring tools, sophisticated security management devices, encrypted connectivity with agencies in the Aadhaar ecosystem and a demilitarised zone for external access to applications.
Many steps taken in ensuring security are proving good and appear reassuring, yet there is need for independent auditing agency periodic cyber security audits and risk assessments in addition to external information security audits by various other agencies concerned with cybersecurity matters.
