Important government websites “highly vulnerable” to attacks

The recent hacking of the Central Bureau of Investigation's website by the so-called “Pak cyber army” has exposed gaping holes in the hosting of some important government websites. It is now official that at least 280 government websites, including that of the Navy, Supreme Court, High Courts of Bombay, Punjab and Haryana, Planning Commission, are “highly vulnerable” to such cyber attacks.

Government sources told The Hindu that the National Informatics Centre (NIC) under the Department of Information Technology has found that around 280 websites of Central and State government agencies and organisations, hosted by it, are highly vulnerable to cyber attacks as they lack proper cyber security protocols. The NIC is reviewing security aspects of over 5,000 websites and portals.

Websites of other important government departments and organisations on the vulnerability list include that of National Archives, which is the repository of all non-current records of the Indian Government, the Jammu and Kashmir government, Orissa government's Right to Information portal, and Manipur government's Home Ministry. The websites of two important organisations – Food Corporation of India and National Fertilizers Ltd – are also under threat of cyber attacks.

Department of Information Technology Secretary S.K. Sharma has directed NIC Director-General B.K. Gairola not to host any website which does not possess a security audit certificate from IT security auditors. These 280 government organisations have been asked to get their websites audited by December 31, 2010; else the hosting of their websites would be stopped.

Notably, the CBI website, which was hacked on December 3, 2010, and is still not online, had not conducted security audit since 2007, making it a soft target for hackers.

When contacted, Minister of State for Communications and IT Sachin Pilot said: “We have now made security certificate mandatory for all websites being hosted by NIC. Government departments or agencies can get their website certified by 50 auditors empanelled by NIC. We have asked all ministries, departments and public sector enterprises at both Central and State government levels to step up their cyber security efforts to avert any kind of hacking or attacks.”

Mr. Pilot — who recently held a meeting with officers of the Department of Information Technology, Ministry of Home Affairs, Indian Computer Emergency Response Team (CERT-In) and NIC — further said they have decided to hold regular audits of all websites with respect to quality and security, prior to the hosting.

“I have stressed the need to enhance the security of the websites in particular and cyber space in general. There has been a quantum jump in the number of Indian websites, from 1.7-lakh in 2005 to about 1 crore now. This has necessitated that all government agencies should pay close attention to cyber security guidelines followed by them. We are ready with comprehensive crisis management plan prescribed by CERT-In to prevent and deal with attacks on websites,” Mr. Pilot added.