Two agencies are quarrelling over whose job it is to fix the problem even as India boasts of being an IT powerhouse
On 3rd December, the Indian media called it a "major embarrassment" that the Central Bureau of Investigation (CBI) website has been hacked by "Pakistani Cyber Army". What could be a bigger embarrassment than the fact that the website is still down and inaccessible nearly 10 days later? In a message on the CBI home page, the "Pakistani" hackers had warned the 'Indian cyber Army" not to attack their websites… well, they needn't have worried. Sources in the know say that the premier investigation agency can do nothing about the embarrassing situation because the National Informatics Centre (NIC) which hosts all government websites and CERT - the bombastically titled Computer Emergency Response Team, are quarreling about whose responsibility it is to set things right.
The government also called some cyber security experts including NASSCOM, but until the turf battles between government agencies are sorted out there is nothing that outside experts can do. "Don't be surprised if the website remains down for another month, if nobody intervenes to resolve the turf war", says one expert sarcastically. This is an outrageous state of affairs in a country that dreams of being an economic superpower and boasts of IT prowess.
Surely someone in the government, such as Minister for Information Technology ought to be held accountable. However, with former minister A Raja making headlines for corruption and the new minister Kapil Sibal fire-fighting to save government's face in the telecom scam, the CBI website is a minor embarrassment that nobody has the time to deal with. But this sort of callousness is alarming in a country that is steadily pushing all citizens to post their Tax information and biometrics online.
It is all very well for the government to appoint IT honcho Nandan Nilekani to head the Unique Identification Authority of India (UIDAI) but there is no will to ensure security. PTI had reported on 3rd December that, "Intelligence agencies have been often warning the government that proper cyber security was not being ensured in government offices and that no security audit was being carried out". It also reported the Pakistani hackers referring to "the filtering controls provided by the National Informatics Centre (NIC), a body which mans computer servers across the country.
Vickram Crisna, an IT expert says, "It is astonishing that bureaucrats will quarrel over turf when the country's reputation is at stake, and that even for a relatively trivial or non-critical (bannerware) showcase site. No wait, that's the normal response". The question is, if this is the situation with CBI website, what will happens to the rest of us, especially after Mr Nilekani "finishes" his UID job and moves on?
In connection with the security of other databases, including the UID project, Crisna says, "The point about UID is, if this is typically how government machinery works today, it is not surprising at all that beneficial services sought to be provided by the government either leak copiously or utterly fail to achieve their objectives due to systemic design faults that never get corrected or even seriously reviewed. And certainly do not invite public participation to resolve. Perhaps if this were tried, and inefficiency was properly accounted and corrected via suitably designed feedback channels, such instances would be minimized".
The biggest irony is that if you search the internet, there will be endless seminars, workshops and presentations by the very same organizations preaching multi-stakeholder coordination and capacity building on an international level to ensure cyber security. But on the group, national interest will always be compromised in the in-fighting and ego battles between government agencies.
Inside story of the National Stock Exchange’s amazing success, leading to hubris, regulatory capture and algo scam