Interview/ Ravi Shankar Prasad, Union IT minister
How big is the cybersecurity challenge? How is the government dealing with it?
Our government has taken up cybersecurity on priority basis. As the prime minister has rightly said, it [cyber war] is a bloodless war…. Cybersecurity has become the core of India’s engagement [with other countries] and the prime minister is taking proactive steps to sensitise the world to this imminent threat.
What is the digital profile of India?
India’s population is 1.25 billion. We have 1.2 billion cellphones, 1.1 billion Aadhaar [cards] and so on. Digital India is designed to bridge the digital divide and make India a knowledge economy. That being the scenario, the threat to cybersecurity naturally plays an important role.
Indian IT companies are present in 200 cities across 18 countries. India’s IT export is about $108 billion. In the past two years, we have added mobile phones equal to the population of Italy and France.
Today, IT is used for delivery of services. For example, we use Aadhaar for direct benefit transfer, and the Jan-Dhan Yojana has 22 crore accounts. With the digital profile available, the money goes directly into bank accounts. We have saved Rs 36,500 crore in the past two years from going into fictitious accounts.
How secure is the Aadhaar database?
We have made foolproof security arrangements. The entire data centre is in India—in Bangalore and Delhi. The law that we have passed is that even the owner of the iris and fingerprints cannot give it to others even with his consent.
What steps are being taken to counter cyberthreats and make systems more secure in the digital era?
First, we have CERT-IN, which focuses on cybersecurity threat perceptions, threats to critical information infrastructure and national security, adoption of relevant technologies, enabling legal architecture and spreading awareness about information security. CERT-IN forecasts cybersecurity threats, collects data and works 24x7. As many as 54,483 security incidents have been handled by CERT-IN over the years.
We also have a well-defined national cybersecurity policy and we are also setting up a National Cyber Coordination Centre. The NCCC will help secure cyberspace and strengthen the ecosystem. This will be a coordinated effort between the home ministry, security agencies, police establishment, national security response teams, DeiTY [department of electronics and information technology] and state governments.
Malwares are increasingly getting sophisticated. What are the latest initiatives to tackle this?
Many systems remain compromised even today. We are implementing a project called Cyber Swachchta Kendra, which will do botnet cleaning and will act as a malware analysis centre for detection of compromised systems…. If a system is compromised, go to this centre to know whether it has been compromised and get it cleaned.
What is the coordination between various stakeholders to deal with cyberthreats?
There is a high level of cooperation. We have MoUs with the US, Japan, South Korea, Australia, Malaysia and Singapore. CERT-IN regularly coordinates with various service providers the world over.
We also empanelled 57 security organisations to undertake security audits, including vulnerability assessments. We have formulated a crisis management plan [for] Central ministries, critical sectors and state governments. We also undertake cybersecurity drills frequently and are improving the systems.
CERT-IN, till date, has conducted nine cybersecurity drills covering 198 organisations relating to sectors like defence, space, atomic energy, telecommunication, finance, power, oil and natural gas, transportation and IT.
We are also doing skill development. In 2015-16, CERT-IN conducted 18 workshops, including training in various specialised topics. About 580 officers have been trained. We have also organised cybercrime awareness workshops at police academies in Kerala and Odisha, where about 300 police officers have been trained…. About 6,000 officers have been trained in cybercrime investigation. A cyber lab has been set up at National Law School of India in Pune.
Are there areas that need special focus?
Improving human resources in the field of cybersecurity remains a challenge. We are focusing on an information security awareness and information project, which aims to generate 1.14 lakh qualified professionals in five years. Fifty-one institutions in various categories are participating in this project coordinated by DeiTY.