As most Central government offices are expected to go fully digital by the end of February 2023, several security measures have been put in place to avoid any cybersecurity incidents such as the recent cyber and ransomware attack at the All India Institute of Medical Sciences (AIIMS) in Delhi.
ADVERTISEMENT
Cabinet Secretary Rajiv Gauba has directed all Central government ministries and departments to migrate to e-office 7.0, an in-house system developed by the National Informatics Centre (NIC), by February 2023.
The half-yearly report of the Computer Emergency Response System (CERT-IN) published in August said ransomware incidents continue to grow in the year 2022 with attacks across multiple sectors, including critical infrastructure. It said, “post-COVID accelerated digitalisation and hybrid work culture are also aiding this threat emergence”, adding that ransomware attacks jumped 51% during the first half of 2022, from the previous year.
ADVERTISEMENT
V. Srinivas, Secretary, Department of Administrative Reforms and Public Grievances, said e-office was a highly secure system with timely security audits and adequate firewalls.
Unclassified files
“It is important to note that e-office is for unclassified files, with two-factor authentication and is not available on the Internet, but on NICNET. It has mandatory features of authentication of documents with digitally signed certificates and e-signatures,” Mr. Srinivas said.
So far, 74 ministries and departments have migrated to e-office version 7.0.
ADVERTISEMENT
At least 13 offices that are yet to migrate to the updated system are the Comptroller and Auditor General, the Election Commission of India, the Department of Commerce, Ministries of Cooperation, External Affairs, New and Renewable Energy, Parliamentary Affairs, Petroleum and Natural Gas, Power, Transport and Highways, Textiles and Tribal Affairs.
Data show that the number of e-files generated in the past two years had seen a massive increase. In 2020, the total number of e-files generated across ministries stood at 14.27 lakh, which increased to 27.02 lakh e-files till September 30, 2022. The number of such files are projected to go up to 31.65 lakh files by March 31, 2023.
According to present norms, the e-office does not cater to the requirements of “secret, top secret, classified communications” and such files are only handled on physical mode.
ADVERTISEMENT
Regularly audited
The e-office application is regularly audited for known vulnerabilities by third party agencies on the panel of CERT-IN, the officer said. He said the infrastructure was also audited annually by the third party agencies. The servers were hosted in National Data Centre.
On December 20, the government informed the Lok Sabha that the November 23 cyberattack at the AIIMS, Delhi took place as “unknown threat elements” tampered with the Information Technology servers at the hospital due to “improper network segmentation.” It added that the IT system in the hospital was managed in-house and post-attack, CERT-IN and other agencies have suggested measures to protect the system.
CERT-IN said that 12,67,564 cybersecurity incidents were reported from January-November 2022, while the years 2018, 2019, 2020 and 2021 reported 2,08,456, 3,94,499, 11,58,208 and 14,02,809 incidents respectively.