The National Informatics Centre (NIC), which hosts government web sites, has been directed not to host sites which are not audited for cybersecurity, Sachin Pilot, the country’s Minister of State for Communications and Information Technology said on Wednesday, according to India’s Press Information Bureau.
The government has been embarrassed by some high-profile hacks including two in June by an Indian offshoot of Anonymous on the websites of the Indian army and the NIC. The attack on the army website was quickly reversed after it ran into criticism from Indian supporters of the hacker group.
Last year, the website of India’s top investigative agency, Central Bureau of Investigation, took weeks to be restored after a Pakistani group reportedly hacked the site.
All new Government websites and applications are to be audited for security before they are hosted, and websites and applications will also be regularly audited once hosted, Pilot said.
Most of the hacks happen because Indian government departments and agencies do not follow the procedures set for regular audits of the sites, a security official associated with the government, said on condition of anonymity.
Pilot told Parliament in May that according to security guidelines issued by the government no sensitive information is to be stored on systems that are connected to the Internet.
Ministries and departments were also advised to audit their IT systems regularly to ensure they are robust. The Indian Computer Emergency Response Team (CERT-In) has empanelled a number of penetration testing professionals to carry out audits, Pilot said.
About 1,190 Indian websites were defaced during June, according to monthly data from CERT-In, suggesting that the private sector is also vulnerable in India. The comparable figure in May was 1,848 websites. There were other security incidents as well.