Following instances of cyber attacks during the ongoing pandemic across its network, the Ministry of Railways has roped in the Centre for Development of Advanced Computing (C-DAC) to educate its officials on Internet ethics, cyber hygiene and best practices in the use of IT equipment, including mobile phones. This is as part of its National Cyber Security Strategy.
In a note to the General Managers, production units and other major establishments recently, the Railway Board said a number of incidents had come to notice regarding breaches in various IT applications as electronic working has got further proliferated. A majority of them were applications related. Incidents occurred due to “improper handling of the IT assets by the personnel”.
Periodical alerts on vulnerabilities
According to sources, the IT Wing of the Computerisation & Information System Directorate sends out periodical alerts on cyber security vulnerabilities and threats to the staff directly handling IT-based systems. One of the major IT functions is the Passenger Reservation System (PRS).
In January 2019 alone, 6.61 crore passengers booked from 10,394 PRS terminals in 3,440 locations and the IRCTC website resulting in a revenue of ₹3,962.27 crore. While 9.38 lakh passengers made bookings on January 10, 2019, 671 bookings were made per second nine days later. The PRS involves passengers disclosing their identities along with proof of address, mobile phone number and netbanking/card payment details.
The railways also uses its IT infrastructure for Unreserved Ticketing System which served 2.11 crore passengers in January 2019 earning ₹58.83 crore each day. E-payment is provided as part of the Freight Operations Information System (FOIS) leading to ₹8,666.60 crore revenue in January 2019.
The Board said in the note the pandemic had introduced a greater reliance on electronic modes of communication in official working. Hence, it was necessary that all officials took responsibility and followed adequate procedures when using IT infrastructure for ensuring confidentiality, privacy etc in dealing with official information.
“This can be achieved to a great extent by following Internet ethics, cyber hygiene and following best practices on the use of IT equipment like desktops, laptops, mobile devices etc. While many officials are aware of these and other related practices, there are still a number of officials who are unaware of the same,” the note said.