Since not many details related to the investigation into the CoWIN data leak of hundreds of millions of registrants on a Telegram bot have come out, Rajya Sabha members raised questions about the issue on July 21. In response, Rajeev Chandrasekhar, minister of state for electronics and IT, shared a status report.
Rajya Sabha members Syed Naseer Hussain, Amee Yajnik, and Vivek Tankha from the Congress asked the ministry of electronics and IT whether the government has a tangible plan to contain the leaked information from the CoWIN portal, as well as whether the Indian Computer Emergency Response Team (CERT-In) has started an investigation and identified those responsible for the breach.
In response to both questions, MoS Chandrasekhar said in Parliament that the Government of India has taken a number of steps to enhance cybersecurity after the recent data breach of the CoWIN portal. These measures include:
- Providing enhanced security measures to the CoWIN portal. The CoWIN portal has been equipped with additional security measures, such as web application firewall (WAF), anti-distributed denial-of-service (DDoS) protection, and secure sockets layer (SSL)/transport layer security (TLS) encryption.
- Investigating the data breach. The Indian Computer Emergency Response Team (CERT-In) is investigating the data breach and has registered a first information report (FIR) with the police.
- Taking steps to prevent future data breaches. The government has also taken steps to prevent future data breaches, such as issuing advisories on cyber security best practices and conducting training programs for government and private sector organisations.
The response highlighted that the government is committed to protecting the privacy and security of Indian citizens’ data and the measures are part of the government’s ongoing efforts to strengthen India’s cybersecurity infrastructure.
Explaining more about the steps taken by the government to enhance the cybersecurity situation and prevent data breaches, Chandrasekhar shared more than 10 notes in the Rajya Sabha.
These include establishing the National Cyber Coordination Centre (NCCC) by CERT-In. It is a central repository of information on cyber threats and vulnerabilities. It works with law enforcement agencies, government organisations, and private sector companies to coordinate the response to cyber incidents.
Secondly, setting up the National Critical Information Infrastructure Protection Centre (NCIIPC), which is responsible for protecting India’s critical information infrastructure from cyberattacks. It provides threat intelligence and incident response services to critical infrastructure organisations.
The response also included formulating the Cyber Crisis Management Plan, which is a comprehensive strategy for responding to cyber incidents and outlines the roles and responsibilities of different stakeholders in responding to a cyberattack.
The minister also noted that the government conducts regular cybersecurity mock drills to test the preparedness of government and private sector organisations to respond to cyberattacks and provides training on cybersecurity to government and private sector organisations.
“CERT-In conducts regular training programmes for network/system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyberattacks. A total of 42 training programmes have been conducted, covering 11,486 participants, during the years 2021 and 2022. In 2023, up to June, a total of 627 officials from Government, critical sectors, public and private sectors were trained in 6 training programs in the area of cyber security,” the response added.
Additionally, he said that the government disseminates information on cybersecurity through its website, social media platforms, and other channels. This information helps citizens to understand cyber threats and protect themselves from them.
However, in terms of taking measures for cyber safety, here it should be noted that this week CERT-In issued a warning about Akira ransomware which takes sensitive information and encrypts data and attacks on Windows and Linux-based computers.
In its advisory, CERT-In stated: “This group first steals the information from the victims, then encrypts data on their systems and conducts double extortion to force the victim into paying the ransom. In case the victim does not pay, they release their victim’s data on their dark web blog. The group is known to access victim environments via VPN services, particularly where users have not enabled multi-factor authentication. The group has also utilised tools such as AnyDesk, WinRAR and PCHunter during intrusions. These tools are often found in the victim’s environment, and their misuse typically goes unnoticed.”
Comments
0 comment