Govt gets real on cyber terror
- GMR pilots skip medical tests before flying Rahul Gandhi, to be grounded
- Supreme Court recognises third gender, glimmer of hope for gays
- Karnataka: At least six burnt to death, 12 injured as bus catches fire
- Train derails in Assam, at least 50 passengers injured
- Elections 2014 LIVE: Sonia Gandhi to address first poll rally in Telangana today
The Indian Government seems to have finally woken up to the threat of cyber terrorism, and is putting together a full-fledged Crisis Management Plan for countering cyber attacks like the recent one on Indian embassies.
Having identified critical sectors that could be vulnerable to cyber attacks, the Ministry of Communications & Information Technology has issued security guidelines to all ministries and government departments asking them to set up 24x7 cyber control rooms, implement information security best practices, deploy information security experts, formulate their own information security policies and ensure background checks of all personnel employed in IT divisions. Henceforth, the National Crisis Management Committee (NCMC) headed by the Cabinet Secretary will also be monitoring all national-level cyber crises.
The Armed Forces, defence production and research, power, oil and gas, stock exchanges, depositories, banks and financial institutions, space research installations, Internet services, telecom and data centers, broadcasting services, railways, civil aviation, shipping and surface transport, public utilities and law enforcement agencies have been identified as critical sectors, with both public and private installation marked as vulnerable.
The plan mandates that central administrative departments under each critical sector will set up 24-hour control rooms which will get activated immediately after a crisis situation is reported and also prepare detailed contingency plans. Each organisation has also been directed to screen and do background checks of all employees engaged in implementing and monitoring cyber security and crisis management plans including contractors and third party users. This screening entails that each employee be checked for satisfactory character references, accuracy of CVs, claimed academic and professional qualifications, credit checks, criminal record checks and independent identity checks in the form of passport or similar documents.
Organisations have also been directed to implement periodic IT security risk assessments, back up of files critical to mission accomplishment, security awareness training of personnel and periodic testing and evaluation of technical security measures.