Cyberattacks triple in last three years in India, but security funds underutilised
The number of cyberattacks in the country has witnessed three-fold increase over as many years, however, the funds meant for cybersecurity have been underutilised with only Rs 98.31 crore used of the total Rs 213 crore sanctioned.
According to government data, in 2019, total number of cybersecurity incidents tracked by Indian Computer Emergency Response Team (CERT-In) was 3,94,499. The number spiked to 11,58,208 in the year 2020 and further increased to 14,02,809 in 2021. This year, as many as 6,74,021 cybersecurity incidents were reported till June.
Cyber attack which has put All India Institute of Medical Sciences (AIIMS), Delhi’s servers out of order on November 23 is yet to be resolved completely.
Multiple agencies have been looking into the cyber attack at the crucial installation of the country.
While a case has been registered, the CERT-IN, Delhi Police and other investigating agencies are probing the incident.
On December 1, cyber attackers briefly hacked the Ministry of Jal Shakti’s Twitter handle, the second major cyberattack on a government site.
With the borderless cyberspace coupled with the anonymity, along with rapid growth of the Internet, rise in cybersecurity incidents is a global phenomenon.
A Parliamentary standing committee in its report this year observed that there is a significant surge in cyber incidents and cybersecurity breaches and it is imperative that capabilities and resilience of the country to deal with imminent dangers on cyber space are enhanced proportionately.
“Cybersecurity has to remain at the forefront of agenda/priority items for the Ministry and no fund crunch should come in the way of ensuring a safe ecosystem as far as the cyberworld is concerned. In fact the Committee feels that the Ministry must dovetail their efforts to achieve a more secured cyberworld especially in the wake of renewed challenges in this space.
“The Committee, therefore, recommend that funds for cybersecurity may be increased on a year on basis to forestall any failures in this domain for sheer lack of funds,” it said.
The report also cited lower fund utilisation with respect to CERT-in, National Cyber Coordination Centre (NCCC) and data governance.
“So, far as the underutilisation of funds under the head is concerned, an amount of Rs 216 crore had been allocated in BE (Budget Estimate) stage during 2021-22, which was reduced to Rs 213 crore at RE (Revised Estimate) stage and actual utilisation till January, 2022 has been 98.31 crore only,” said the report.
As per Information Technology Ministry, the government is operating an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them.
The Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
Besides, all the government websites and applications are audited with respect to cyber security prior to their hosting.
The auditing of the websites and applications is conducted on a regular basis after hosting also. Moreover, the government has empanelled 97 security auditing organisations to support and audit implementation of information security best practices.