National InforÂmatics Center (NIC), Indian government's face of anything to
do with IT and networking, has been repeatedly attacked and penetrated over the
last two years. It happened again last month. And not just that, the Indian
embassy computers in several countries were hacked too.
This was not a small incident by any standard, but nothing seems to be
changing. While there has been so much hue and cry and some action after the
Mumbai terrorist attack, we are not really seriously bothered about our
information technology security. Perhaps the TV channels need to beam this
inside every bedroom for the government to wake up and take meaningful action.
Alleged to be the handiwork of GhostNet, this China-based cyber espionage
network not only downloads data from infected computers but also uses them as
virtual spies by remotely activating their cameras and voice recording software.
Clearly, if somebody in China can do this, so can anybody from Pakistan or any
other not-so-friendly nation.
While NIC has tried to downplay the incidents, the fact is that the Indian
government's IT security needs to be much stronger than it currently is. It is
the NIC which puts most of the IT plans for state and central government in
place, and also hosts and manages most of the key government websites. NIC
installations should be one of the most secure, especially when the current
generation of espionage warfare, will be IT driven.
What is quickly required are some simple things that must be put in place. A
small crack team must be set up constituting people from the industry, who must
be made responsible for the security of NIC as well as all government sites. A
complete security and safety audit of the NIC infrastructure must be done, and a
time-bound report must be laid before the experts. And then a comprehensive
security plan must be drawn up. All state governments are spending so much on IT
today, so there is no reason why their focus on security should be any less.
Having said all this, the last word on this subject has come from a senior
government official himself. “We are really not worried about security of
government sites or NIC because there is either nothing there, or whatever is
there is of not much use”. Ironical but true.
We may just smile at this irony, but computerization of various government
department is happening in a big way. As an Indian, more than the threat from
India's outside enemies, I fear my land record being bungled up, or my driving
license being misused. Government IT must be highly secure because of that, more
than anything else.