GOVERNMENT OF INDIA
Ministry of Communications and Information Technology
(DEPARTMENT OF ELECTRONICS & INFORMATION TECHNOLOGY)
UNSTARRED QUESTION NO. 689
ANSWERED ON NOVEMBER 28, 2014
Cyber Security Violations
689: SHRI RAJEEV CHANDRASEKHAR:
Will the Minister of COMMUNICATIONS AND INFORMATION TECHNOLOGY be pleased to state:
(a) the number of cyber security violations recorded in the country over the last ten years;
(b) whether there has been a sharp increase in the number of cyber security violations, if so, thedetails thereof;
(c) the steps being taken by the ministry to address this issue; and
(d) whether the Ministry has conducted an assessment of the skill resource available to implementthe cybersecurity policy, if so, the details thereof and if not, the reasons therefor ?
MINISTER FOR COMMUNICATIONS AND INFORMATION TECHNOLOGY
(SHRI RAVI SHANKAR PRASAD)
(a) and (b): With the increase in the proliferation ofinformation Technology and related servicesthere is a risein number of cyber security violations. The trend in increase in cyber security violations is similar to thatworldwide. As per the cyber-crime data maintained by National Crime Records Bureau (NCRB), a total of 68,179, 142, 217, 288, 420, 966, 1791, 2876 and 4356 Cyber Crime cases were registered under InformationTechnology Act during the years 2004 to 2013 respectively. A total of 279, 302, 311, 339, 176, 276, 356, 422, 601 and 1337 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during theyears 2004 to 2013 respectively. In addition, a total no. of 23, 254, 552, 1237, 2565, 8266, 10315, 13301,22060, 71780 and 96383 security incidents including phishing, scanning, spam, malicious code, websiteintrusions etc. were reported to the Indian Computer Emergency Response Team (CERT-In) during the years2004 to 2014 (till September) respectively. During the years 2009 to 2014 (till September) a total no. of 11831,20701, 21699, 27605, 28481 and 14151 Indian websites were also hacked by various hacker groups spreadacross worldwide.
(c): The cyber space is anonymous and borderless and has become very sophisticated and complex with thetechnological innovations and inclusion of different type of devices and services. The Government has takenseveral steps to tackle cyber security violations and cyber-crimes in the country. The important steps are:
(i) In order to address the issues of cyber security in a holistic manner, the Government has releasedthe"National Cyber Security Policy-2013" on 02.07.2013, for public use and implementation by all relevantstakeholders. This policy aims at facilitating creation of secure computing environment and enabling adequatetrust and confidence in electronic transactions and also guiding stakeholders' actions for protection of cyberspace. Several steps have been taken to implement the Policy.
(ii) Government has setup National Critical Information Infrastructure Protection Centre (NCIIPC) toprotectthe critical information infrastructure in the country.
(iii) Action has been initiated to set up a centre for tracking all the compromised systems connectedon theInternet in the country and clean them on online basis so that the infection does not carry forward. Theprototype of such centre is functioning. The centre will also collect and analyze malicious software so as toinstall appropriate software to prevent malicious activities.
(iv) All government websites are to be hosted on infrastructure of National Informatics Centre (NIC), ERNETIndia or any other secure infrastructure service provider in the country.
(v) All major websites are being monitored regularly to detect malicious activities.
(vi) All Central Government Ministries / Departments and State / Union Territory Governments have beenadvised to conduct security auditing of entire Information Technology infrastructure. All the new governmentwebsites and applications are to be audited with respect to cyber security prior to their hosting. The auditing ofthe websites and applications is to be conducted on a regular basis after hosting also. CERT-In providesnecessary expertise to audit IT infrastructure of critical and other ICT sectors.
(vii) Indian Computer Emergency Response (CERT-In) has empanelled a total no. of 45 security auditors tocarry out security audit of the IT infrastructure of Government, Public and Private sector organizations.
(viii) Close watch is kept to scan malicious activities on the important networks in the Government,Public andService Providers.
(ix) All the Ministries/ Departments of Central Government and State Governments have been asked toimplement the Crisis Management Plan (CMP) to counter cyber-attacks and cyber terrorism.
(x) The National Watch and Alert System - Indian Computer Emergency Response (CERT-In) team isworking 24/7 and scanning the cyber space in the country. The team works with Government, ServiceProviders, private sector and citizens both on pro-active and reactive basis and help in mitigating cyberincidents. The team also disseminate information and advise on the steps for strengthening the security of thesystems. They work with the service providers to identify the computer systems which are compromised and are participating in launching attacks, isolate them and create corrective steps to clean them. The system isbeing strengthened regularly in terms of the resources to address all incidents.
(xi) Cyber Security mock drills are being regularly conducted to prepare the organizations to detect,mitigateand prevent cyber incidence.
(xii) Sectoral CERTs have been functioning in the areas of Defence and Finance for catering to criticaldomains. They are equipped to handle and respond to domain specific threats emerging from the cyber systems.
(xiii) Information Sharing and Analysis Centres (ISACs) for financial services has been set up at InstituteforDevelopment and Research in Banking Technology (IDRBT). Such a centre exchanges information on cyberincidents in financial sector and advises them for appropriate mitigation. Action has been initiated to set upsimilar ISACs in power and petroleum sector.
(xiv) India has been recognized as Certificate Issuing Nation in the area of cyber security under CommonCriteria Recognition Arrangement (CCRA). Under this arrangement, the certificates issued by India will berecognized internationally. This recognition will help country to setup chain of test centres for testing ofInformation Technology (IT) products with respect to cyber security.
(d): Based on the current availability of Information Technology (IT) Professionals and taking into account thegrowth of the IT sector, the National Cyber Security Policy envisages creation of a pool of 500000 CyberSecurity Professionals in five years.
Government has initiated Information Security Education and Awareness (ISEA) project with the aim todevelop human resource in the area of Information Security at various levels (Certificate level to B.Tech,M.Tech and Ph.D level). Phase I of the programme has been completed. Domain specific trainingprogrammes, seminars and workshops as well as capacity building for carrying out research & development infour technology areas leading to development of indigenous security products and solutions are organizedthrough the ISEA programme, Academic Institutions and Industry. The project targets to train 1, 14,038persons through various formal and non-formal courses, faculty training etc.
In one of the efforts towards achieving that target, National Skill Development Agency (NSDA) has initiatedcertificate I vocational level training courses related to Cyber Security under Skill Development InitiativeScheme (SDIS) by including a Cyber Security Modules into existing courses run by Directorate General ofEmployment & Training (DGET), Ministry of Labour. 10 courses have been included under ModularEmployability Scheme (MES) and Craftsman Training Scheme (CTS). Through these courses, around 1.09Lakhs professionals will be imparted training in Cyber Security. Further, Government has set up R.C. BoseCentre for Cryptology and Information Security at Indian Statistical Institute (ISI), Kolkata at a cost of Rs. 115Crores with the aim to promote inter disciplinary research, teaching as well as training and development incryptology and cyber security.