The US computer security firm McAfee outlines a cyber attack that struck the United Nations as well as several European companies. Researchers suggest China may be behind the new cyber-spying operation called Shady RAT.
The United Nations Office at Geneva, a British defense contractor, a German accounting firm and a Danish communications satellite company were among the European targets in a massive cyber-espionage operation detailed in a 14-page report released on August2, 2011 by McAfee, an American computer security firm.
In addition, a significant number of government servers, including ones in the United States, India, Taiwan, Vietnam and Canada were also targeted in "Operation Shady RAT."
RAT, or Remote Administration Tool, is a program that can be used by computer professionals to access other computers remotely.
Now the question: How India is prepared to counter cyber security threats?
Government of India has confirmed that as many as 117 government websites were defaced during the period of January to June of this year with an average of more than 19 websites were being hacked per month.
Mr. Sachin Pilot, Minister of State for Communications and Information Technology, Government of India, informed the Lok Sabha (Lower House of the Parliament of India) that as many as 117 government websites were hacked during the period of January to June of this year. He has informed the Parliament of India in a written reply on August 3, 2011.
In his written reply to a question, he mentioned that all the affected organizations and departments were requested to provide web server logs of hacked websites for analysis and identifying nature and type of attack and vulnerabilities exploited by the hacker. Based on the analysis the organizations were advised to take specific steps to strengthen the security of websites. The analysis report alongwith countermeasures to plug the exploited vulnerabilities was provided to the affected organizations by Indian Computer Emergency Response Team (CERT-In).
The reply further stated that the information on the website of National Investigation Agency (NIA) is temporarily disabled. Since the website of National Investigation Agency was not hacked, no inquiry in this regard has been conducted.
Meanwhile, Government of India has taken some specific steps to ensure cyber security.
All the new Government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications will be conducted on a regular basis after hosting also.
National Informatics Centre (NIC) has been directed not to host web sites which are not audited with respect to cyber security.
National Informatics Centre (NIC) which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure.
All the Ministries/ Departments of Central Government and State Governments are implementing the Crisis Management Plan to counter cyber attacks and cyber terrorism.
The Indian Computer Emergency Response Team (CERT-In) and other agencies India’s preparedness to fight/ward off various cyber security threats including security and issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis.
Meanwhile, the Government of India has also set up a Committee to look into the aspects of interception of encrypted communications comprehensively for all types of services so as to address the needs of security agencies.
The Minister further stated that several service providers are providing services all over the world like Gmail, Blackberry email, Nokia messaging , Hush mail, Skype, Video chats and other services across the globe for sharing audio, video, image, email, data and accessing other web services any time and everywhere by everyone in a secure manner. The security of these services is achieved through encryption technology. These services are mostly availed by the citizens world over either in their individual capacity or as part of commercial activities. There are multifarious aspects involved in dealing with the issues relating to such communication services such as technical and international relationship, legal and regulatory policy, commercial and security requirements etc.
The Committee has analysed all the above issues to work out a focused and practical proposal which balance the requirements of security agencies and secure communication needs of trade, commerce and industry. The above complexities involved in the issue resulted in the Committee being unable to come out with unanimous conclusive recommendations.
Telecom service providers are of the view that they are able to provide the interception facility for encrypted services but decryption of the intercepted communications / services is not their responsibility. Security agencies, however, desire the intercepted communication in readable format. Government of India regularly interacts with all stakeholders to solve the issues arising from time to time and implement solutions to the extent feasible.
No comments:
Post a Comment