DoT asks its offices, CPSEs for security audit certification

Last Updated: Mon, Nov 25, 2019 15:40 hrs
Telecommunication towers are pictured through hanging flower pots at a residential building in Kolkata

New Delhi: The Department of Telecom (DoT) has directed offices and central public sector undertakings (CPSEs) like BSNL, MTNL, BBNL and Telecom Regulatory Authority of India (Trai) under its ambit and other key wings to submit a security audit certification of their websites and web portals by November 30.

This is in the wake of the several reports of hacking into portals of government department and CPSEs by external and internal hackers leading to leakage of crucial and classified information.

Recently, large scale security breach came to light with WhatsApp reporting a breach of mobile phones of 121 private individuals in India who were targeted by the Israeli-made spyware Pegasus in the run-up to the Lok Sabha elections this year.

Of the WhatsApp breaches worldwide, the targets in India, included prominent human rights activists, journalists and lawyers.

The government is enhancing cyber security in the country and as per government data, about 25 websites of Central ministries and state governments were hacked in the first five months of 2019.

"As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 199, 172, 110 and 25 websites of Central Ministries/Departments and State Governments were hacked during the year 2016, 2017, 2018 and 2019 (till May), respectively," Electronics and IT Minister Ravi Shankar Prasad had said in a written reply to the Rajya Sabha during last Budget session in July.

On October 7, the DoT had written to all senior DDG/CVO, autonomous bodies, CPSEs under it, Trai, the Telecom Disputes Settlement and Appellate Tribunal (TDSAT), C-DoT, the Telecommunication Engineering Centre TEC, its own internal arms like NIC, wireless advisor, licensing finance and accounts to submit valid security audit certificates of their web portals and websites by October 31.

As the requisite information was not provided by all these offices even after the deadline, the DoT again asked them through an office memorandum on November 14 that "custodians of all web and websites within the ambit of DoT are to arrange to provide valid security certificates in respect of their web portals and websites".