Govt gets real on cyber terror

The Indian Government seems to have finally woken up to the threat of cyber terrorism, and is putting together a full-fledged Crisis Management Plan for countering cyber attacks like the recent one on Indian embassies.

Having identified critical sectors that could be vulnerable to cyber attacks, the Ministry of Communications & Information Technology has issued security guidelines to all ministries and government departments asking them to set up 24x7 cyber control rooms, implement information security best practices, deploy information security experts, formulate their own information security policies and ensure background checks of all personnel employed in IT divisions. Henceforth, the National Crisis Management Committee (NCMC) headed by the Cabinet Secretary will also be monitoring all national-level cyber crises.

The Armed Forces, defence production and research, power, oil and gas, stock exchanges, depositories, banks and financial institutions, space research installations, Internet services, telecom and data centers, broadcasting services, railways, civil aviation, shipping and surface transport, public utilities and law enforcement agencies have been identified as critical sectors, with both public and private installation marked as vulnerable.

The plan mandates that central administrative departments under each critical sector will set up 24-hour control rooms which will get activated immediately after a crisis situation is reported and also prepare detailed contingency plans. Each organisation has also been directed to screen and do background checks of all employees engaged in implementing and monitoring cyber security and crisis management plans including contractors and third party users. This screening entails that each employee be checked for satisfactory character references, accuracy of CVs, claimed academic and professional qualifications, credit checks, criminal record checks and independent identity checks in the form of passport or similar documents.

Organisations have also been directed to implement periodic IT security risk assessments, back up of files critical to mission accomplishment, security awareness training of personnel and periodic testing and evaluation of technical security measures.

... contd.

Please read our terms of use before posting comments
TERMS OF USE: The views expressed in comments published on are those of the comment writer's alone. They do not represent the views or opinions of The Indian Express Group or its staff. Comments are automatically posted live; however, reserves the right to take it down at any time. We also reserve the right not to publish comments that are abusive, obscene, inflammatory, derogatory or defamatory.