A whopping 36.29 lakh cyber security incidents were observed in the country since 2019 till last month and the government has taken a number of steps to check such designs, Union minister Ajay Kumar Mishra said on Tuesday. "As per information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total of 3,94,499, 11,58,208, 14,02,809 and 67,4021 cyber security incidents were observed during 2019, 2020, 2021 and 2022 (upto June), respectively," he said in Lok Sabha while replying to a written question.
The minister said the government has taken a number of measures to enhance the cyber security posture and prevent cyber attacks that include issuing alerts and advisories regarding latest cyber threats and vulnerabilities and counter measures to protect computers and networks on a regular basis.
The government is operating an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them, he said.
The minister of state for home said the government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications and infrastructure and compliance.
All the government websites and applications are audited with respect to cyber security prior to their hosting, the auditing of the websites and the applications is conducted on a regular basis after hosting, he said.
The government has also empanelled 97 security auditing organisations to support and audit implementation of Information Security Best Practices, he said.
Back in May, 11 international bodies having tech giants like Google, Facebook and HP as members said in a joint letter to the government that India's new directive mandating reporting of cyberattack incidents within six hours and storing users' logs for 5 years will make it difficult for companies to do business in the country.
The international bodies have expressed concerned that the directive, as written, will have a detrimental impact on cybersecurity for organisations that operate in India, and create a disjointed approach to cybersecurity across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe and beyond.
The new directive, issued on April 28, mandates companies to report any cyber breach to CERT-In within six hours of noticing it. The international bodies have raised concern over the 6-hour timeline provided for cyber incident reporting and demanded that it should be increased to 72 hours.