Considering the sensitive and strategic nature of communication networks, the government is working on creating a computer emergency response team (CERT) for the telecom sector. “Department of Telecom (DoT) is working on creating a CERT. As telecom is one of the core sectors, which is strategic and acts as the backbone for communications, it was felt that there should be an emergency response team to handle cyber threats and breaches,” a DoT official said, adding that it will be on the lines of the finance ministry creating a CERT for that sector. The government has already created the Indian Computer Emergency Response Team (CERT-In), which issues alerts and advisories on the latest cyber threats and vulnerabilities as well as suggests countermeasures to protect computers on a regular basis. Besides, it has also formulated a cyber crisis management plan (CCMP) to counter cyber attacks and cyber terrorism for implementation by all ministries and departments of the central and state governments. CCMP also covers critical sectors such as power, banking, etc.
Elaborating on the need for a CERT in telecom, a senior government official said keeping in view the dynamic nature of technology, organisations and individuals have a limited response window to detect and respond to cyber attacks. Besides, there is a need for near real-time situational awareness to handle attacks. “CERT for the sector will provide stakeholders with timely information to take appropriate proactive and preventive actions against breaches.”
With proliferation of smart devices and increasing internet penetration, there has also been a growth in cyber-related crimes in the country. According to CERT-In data, around 44,679 cyber security incidents were observed in 2014. It rose to 49,455 in 2015 and to 50,362 in 2016. Till November 2017, around 40,054 cyber security-related incidents were observed. These incidents were reported to CERT-In by various organisations and individuals. These attacks include phishing, scanning/probing, website intrusions and defacements, virus/malicious code, ransomware, denial-of-service attacks, etc.
CERT-In data also show that a total number of 26 and 54 incidents involving ransomware virus were reported during 2016 and 2017 (till November), respectively. Also 155, 164, 199 and 161 government websites were hacked during 2014, 2015, 2016 and 2017 (till November), respectively.