A total of 12,13,784 cybersecurity incidents were reported to CERT-In up till October this year, according to a response by the Minister of State for Information Technology Rajeev Chandrasekhar. Rajya Sabha MP Shreyams Kumar asked the question during the ongoing winter session of the Parliament. The data on cybersecurity incidents for 2021 without the last two months is still higher than the total number of cases—11,58,208—in 2020.
Government organisations were the target in 32,736 incidents up till October 2021, whereas the figure stood at 54,314 last year. The Ministry of Electronics and Information Technology (MeitY) did not reveal whether critical infrastructure was a target in these incidents.
What is CERT-In? Indian Computer Emergency Response Team is responsible for tracking and monitoring cybersecurity incidents in India.
Why it matters: The figures revealed by CERT-In are a good indicator of the overall cybersecurity situation of the country, and as it stands, the situation looks grim with 2021 on track to be the biggest year in terms of cybersecurity incidents reported in India.
How much is India spending on cybersecurity?
The MeitY had revealed in response to a parliamentary question that it allocated Rs. 416 crore this year toward strengthening India’s cybersecurity. The answer was a response to questions posed by BJP Lok Sabha MPs Arjun Lal Meena and Sunil Kumar Singh during the monsoon session of the Parliament this year.
The stipulated amount constitutes nearly four percent of the total budget allocation of the ministry. However, it is more than Rs. 310 crore allocated in the financial year 2020-21 and Rs.162 crore in 2019-20.
India’s pending cybersecurity policy
The Ministry of Defence had informed the lower house of the Parliament in August that the government was in the final stages of approving the National Cyber Security Strategy that has been in the pipeline since 2019.
The new policy will cover several aspects of cyberspace including:
- Governance and data as a national resource
- Building indigenous capabilities
- Cyber audit
- Decentralisation of cybersecurity responsibilities
- Cyber insurance
- Internet of Things
Currently, India adheres to the National Cyber Security Policy 2013 but the policy is considered to be outdated given the pace of change that has taken place in cyberspace over the last eight years.
Full text of the question and answer
Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:-
(a) whether the Ministry has noted certain cyberattacks in the country on organisations including
Government and Non-Government organisations;
(b) if so, the details thereof including conspiracy involved; and
(c) the steps taken to avoid such attacks in future?
MINISTER OF STATE FOR ELECTRONICS AND INFORMATION TECHNOLOGY (SHRI RAJEEV CHANDRASEKHAR)
(a) and (b): The Government is well aware of cyber security threats as the Internet expands and more & more Indians get connected and use Internet. Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in India. CERT-In has reported that a total number of 1158208 and 1213784 cyber security incidents are observed during the year 2020 and 2021 (upto October) respectively. Out of this, a total number of 54314 and 32736 cyber security incidents were related to Government organizations during the year 2020 and 2021 (upto October) respectively.
(c): Government is fully cognizant and aware of various cyber security threats; and has taken following measures to enhance the cyber security posture and prevent cyber-attacks:
- The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on regular basis.
- Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
- All the government websites and applications are audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is conducted on a regular basis after hosting also.
- CERT-In conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber-attacks. 15 and 17 training programs were
conducted covering 708 and 4801 participants during the year 2020 and 2021 (till October 2021) respectively.
- Government has formulated a Cyber Crisis Management Plan for countering cyber-attacks and cyberterrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
- Cyber security mock drills are conducted regularly in Government and critical sectors. 61 such drills have so far been conducted by CERT-In where 600 organisations from different States and sectors participated.
- Government is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
- Government has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats. Phase-I of NCCC is
- CERT-In co-operates, works and coordinates incident response measures with international CERTs, overseas organisations and service providers as well as Law Enforcement Agencies.
- National Critical Information Infrastructure Protection Centre (NCIIPC) provides near real time threat intelligence and situational awareness based on which regular alerts and advisories are sent to Critical Information Infrastructure (CII) / Protected System (PS) entities.
- Ministry of Home Affairs (MHA) has issued National Information Security Policy and Guidelines (NISPG) to all Ministries and Government Departments for implementation.
- To deal with cybercrimes in a coordinated & comprehensive manner, Government has launched the online National Cyber Crime Reporting Portal, ‘www.cybercrime.gov.in’ to enable citizens to report complaints pertaining to all types of cyber crimes with special focus on cyber crimes against women and children.
- UN Cyber Stability Conference: Understanding threats in cyberspace
- Finance Ministry identifies weak link in CDSL that put sensitive data of investors at risk
- A closer look at Biden’s cybersecurity policies since becoming US President in 2021
- Telangana to come up with a cyber crime law with deliberations currently underway