Ministry of Communications & Information Technology
Hacking of Government Website
The Minister of State for Communications and Information Technology, Shri Sachin Pilot today informed the Lok Sabha in written reply to a question that a total of 117 Government websites were defaced during the period January – June, 2011. All the affected organizations and departments were requested to provide web server logs of hacked websites for analysis and identifying nature and type of attack and vulnerabilities exploited by the hacker. Based on the analysis the organizations were advised to take specific steps to strengthen the security of websites. The analysis report alongwith countermeasures to plug the exploited vulnerabilities was provided to the affected organizations by Indian Computer Emergency Response Team (CERT-In).
The reply further stated that the information on the website of National Investigation Agency (NIA) is temporarily disabled. Since the website of National Investigation Agency was not hacked, no inquiry in this regard has been conducted.
The specific steps taken by Government towards ensuring cyber security are:
i. All the new Government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications will be conducted on a regular basis after hosting also.
ii. National Informatics Centre (NIC) has been directed not to host web sites which are not audited with respect to cyber security.
iii. National Informatics Centre (NIC) which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure.
iv. All the Ministries/ Departments of Central Government and State Governments are implementing the Crisis Management Plan to counter cyber attacks and cyber terrorism.
v. The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis.
The existing Government websites are periodically audited from security perspective and vulnerabilities found are plugged.