In the wake of cyberattacks, the Centre has set up a secure e-mail set-up for 10,000 users in critical ministries and departments, a senior government official said.
The e-mail system that works on Zero Trust Authentication (ZTA) has been designed by the National Informatics Centre (NIC).
Recently, senior officials of the Ministry of Home Affairs (MHA) held a meeting to discuss the provisions of the secure e-mail set-up. The 10,000 emails span across 17 union ministries and departments.
Another official said that for the past three months at least, additional features had been deployed to access the government emails.
“User name and passwords are not enough, now a two-factor authentication has been activated. Other than passwords, facial recognition or biometrics is required. The log-in and log-out times are recorded and monitored,” said the official.
The measures to strengthen cybersecurity come in the wake of multiple cyberattack attempts to target critical installations and government websites such as the November 23, 2022 cyberattack at the All India Institute of Medical Sciences (AIIMS) in Delhi. The attack crippled the servers and e-hospital services at the country’s premier public healthcare for more than a month.
Bids invited
However, in February this year, Digital India Corporation (DIC), a not-for-profit company set up by the Ministry of Electronics and Information Technology (MeitY), invited bids from private players to select cloud service provider to “operate, manage and migrate existing projects as well as future projects.” The DIC is currently working on various national importance projects such as Digilocker, Poshan Tracker, MyScheme, Umang, APISetu, NCW, Kisan Sarathi, Academic Bank of Credits etc which run on cloud services provided by Amazon Web Services.
The scope of the bid also included migrating the e-mail services of government employees to a private player, currently handled by the NIC. Though the government never announced, the Hindustan Times reported on September 12 that the government has selected Chennai-based business solutions provider Zoho to handle the email services. There are over 33 lakh Central government employees.
Zoho Founder Sridhar Vembu was appointed to the National Security Advisory Board (NSAB) led by the National Security Adviser on February 3, 2021.
Additionally, the government, for the first time, admitted in Parliament on December 8 that the Indian Computer Emergency Response Team (CERTIn) probed the alleged data leak of over 81 crore Indians’ Aadhaar and passport information along with names, phone numbers and addresses with the Indian Council of Medical Research (ICMR).
Rajeev Chandrashekhar, Minister of State, MeITY, while responding to a question by Trinamool Congress member Sukhendu Sekhar Ray in the Rajya Sabha about the claims made by a U.S.-based cybersecurity firm Resecurity regarding sale of personal data of Indians on dark web, said: “CERT-In received threat intelligence reports in October 2023 regarding personal data with samples claiming to be of ICMR and notified ICMR of the same and suggested remedial measures. CERT-In coordinated incident analysis and provided inputs to law enforcement agencies.”
165 data breach incidents
In another reply, the Minister said 165 data breach incidents involving citizen data were observed from January 2018 till October 2023.
At the recently concluded G-20 leaders’ summit, the MHA had set up a 24/7 coordination control room to manage cyberattacks.
The NIC has also developed and implemented e-office with government offices being encouraged to go fully digital. Out of the 84 ministries and departments, e-office has been adopted fully in 75 ministries. Ministries such as Home, Environment, Information and Broadcasting, Civil Aviation are still using paper files and are yet to fully migrate to digital mode. E-office does not cater to the requirements of “secret, top secret, classified communications” and such files are only handled on physical mode.
The MHA has issued National Information Security Policy and Guidelines (NISPG) to the Central ministries as well as State governments and union territories with the aim of preventing information security breaches and cyber intrusions in the information and communication technology infrastructure.