In response to a parliamentary question, the Ministry of Home Affairs (MHA) revealed that the Indian Computer Emergency Response Team (CERT-In) tracked 11,58,208 cybersecurity incidents in 2020. This is a sharp rise from the 3,94,499 incidents that occurred in 2019. In a different answer to a Lok Sabha query, the government said that CERT-in received 26,121 reports of Indian websites being hacked last year, of which 59 websites belonged to central and state governments.
For more info on some of the major cyberattacks that occurred in 2020, read our earlier story: 2020 was a good year for cyber criminals, a bad one for financial and payments security
MHA did not provide any further details on the cyberattacks but lists several initiatives taken by the government to prevent cyber attacks:
- CERT-In issues alerts and advisories to concerned entities on the latest cyber threats
- The government has issued guidelines for Chief Information Security Officers (CISOs) regarding their responsibility for securing government applications and infrastructure.
- A Cyber Crisis Management Plan (CCMP) has been formulated for implementation in all government entities.
- All government websites and applications are audited with respect to cybersecurity, both before and after hosting.
- The government is operating Cyber Swachhta Kendra, a botnet cleaning and malware analysis centre that provides tools to detect malicious programs and remove them.
- The National Cyber Coordination Centre (NCCC) has been set up to generate awareness of existing and potential cybersecurity threats.
The government was responding to a Lok Sabha query by BJP MP Pratima Bhoumik.
Full question and answer
Will the Minister of HOME AFFAIRS be pleased to state:
(a) whether there has been an increase in cyber attacks in the country;
(b) if so, the details of cyber attacks reported during the last two years;
(c) whether there are reports of cyber attack into systems of the companies which manage power supply and also into the system of a company which is supplying COVID-19 Vaccine across the country; and
(d) if so, the details thereof along with the action taken by the Government in this regard?
MINISTER OF STATE IN THE MINISTRY OF HOME AFFAIRS (SHRI G. KISHAN REDDY)
(a) & (b): As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), 3,94,499 and 11,58,208 cyber security incidents have been observed during the years 2019 and 2020 respectively.
(c) & (d): The Indian Computer Emergency Response Team (CERT-In) is serving as national agency for responding to cyber security incidents as per provisions of Section 70B of Information Technology Act, 2000. CERT-In receives inputs from its situational awareness systems and threat intelligence sources about malware infections in networks of entities across sectors. Whenever any incident comes to the notice of CERT-In, it issues alerts and advisories to the entities concerned and sectoral Computer Emergency Response Teams (CERTs) for remedial measures.
Government has taken following measures to enhance the cyber security posture and prevent cyber attacks:
- CERT-In issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on regular basis.
- Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications/ infrastructure and compliance.
- All the government websites and applications are audited with respect to cyber security prior to their hosting. The auditing of the websites and applications are conducted on a regular basis after hosting also.
- Government has empanelled security auditing organisations to support and audit implementation of Information Security Best Practices.
- Government has formulated Cyber Crisis Management Plan (CCMP) for countering cyber attacks for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
- Government is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
- Government has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats. Phase-I of NCCC is operational.