Information Security has gained immense significance during recent years in view of the exponential growth in cyber threats arising not just from organised groups but also at an individual level. In order to address this in Haryana, a dedicated organisational structure known as the Information Security Management Office (ISMO) along with the scope/charters has been established, writes Munish Chandan, Head of State eGovernance Mission Team and Chief Information Security Officer for Elets News Network (ENN).
The prime job of ISMO is to address the security concerns in an ongoing manner rather than doing this as a onetime effort not only for the IT department but also for all other Departments/ boards/corporations and agencies of the Government. ISMO has been initiating proactive measures to build a robust ecosystem for safe and secure cyber space in Haryana.
Cyber Security challenges are common to all States Governments and Haryana is not an exception. Everyday, athe Government is countering issues pertaining to ransomware, viruses, web defacements, Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks with protection system not robust enough to counter such attacks. Secondly, the organisational setup in the Government is not strong enough to handle such threats/attacks because the stakeholders in the Government are not that sensitised and keen on handling cyber threats/ information security matters. Besides this, no dedicated officer at State Departments / Boards/ Corporations level looks after and implement the information security initiatives/directions from Government of India and its agencies. Moreover, majority of the security infrastructure is either obsolete/outdated or with limited support/ even if some of the infrastructure is new, it is working in conjunction with old one, posing challenges to digital security. In the current scenario, the approach is to deal with cyber/information security threats in a reactive manner rather than proactive. Further, mostly all government websites are not regularly audited for information security and the vulnerabilities are generally identified subsequent to a cyber-attack which is a cause of concern and embarrassment.
Proactive approach – “Prevention is better than cure”
This old saying is very relevant to information security and preventive action must be taken with this perspective, as the threats can damage/ delete/ modify whole database in a fraction of the second, resulting in loss of critical data of the public.
The approach of Government of Haryana is aligned towards proactive response to cyber threats, and mentioned below are some of the key steps taken by the State Government for building a secure and resilient cyberspace:
- The Cyber Security Policy, 2017, of Government of Haryana which was launched by Union IT Minister Ravi Shankar Prasad and Chief Minister of Haryana on 15th September, 2017.
- Various other policies were implemented to streamline the processes and enforce information security measures including email policy, password policy and IT resource policy, ISMS Policy, Data backup, Log management, Application Sec. Audit, and IT Act Compliance guidelines.
- Strengthening of IT Infrastructure and deployment of required tools to enable protection against cyber threats
- In-house team under ISMO handles and support issues related to information security and also proactively conducts security audits of websites and applications of various departments, boards and corporations of the State Government. The team acts as a dedicated pool of resources to handle the activities related to information security.
- Regular coordination with concerned public entities like CDAC, NIELIT, NCIIPC, CERTIN and many private organisations is done on a regular basis
- A defined organisational structure is established to handle cyber security matters including Information Security Steering Committee (ISSC), Security Committee, ISOs at SDC level, department/district/board/ corporation level order. Provisions are being made to ensure that the ISO is the senior most IT officer and is not frequently changed and proper guidelines are followed in case of a change/replacement due to unforeseen circumstances. ISMO encourages all ISOs to coordinate and work in tandem with Chief Information Security Officer (CISO) and ISMO for joint cyber security efforts. The role of ISOs is very crucial in driving implementation of cyber security initiatives at their respective departments, boards and corporations. ISOs are frequently updated by ISMO/CISO on latest trends and practises in the domain of cyber security and also the State/ National level interventions by the E&IT Department on an ongoing basis.
- Capacity building programmes for Government stakeholders and students are conducted and plans are in place for conducting such programmes for Police and Law Enforcement Agencies.
- Advisories to handle cyber security threats for students and public at large have been prepared and shared at appropriate forums
- IEC activities such as videos, films etc, are also being considered to spread mass awareness. Plans are in place to educate mobile users on cyber threats through mass publicity in cinemas, via outdoor hoardings etc.
An interactive portal for ISMO (http:// haryanaismo.gov.in/) with e-learning modules on information security topic has been developed. The portal provides courses on cyber security, with primary focus on students such that they can adopt best practices to deal with cyber threats. After completion of the course, candidates have to go through a quiz. There are courses under two categories for students from ‘5 to 8 Standard’ and ‘9 to 12 Standard. For students of class 1to 5 Standard, easy to understand pictorial content is being developed which shall be launched in phase II of the implementation. The overall objective of the portal/e-learning module is to build cybersecurity ecosystem in the State.
Apart from the above, there are many more initiatives taken by the ISMO, Haryana to build safe and resilient cyber space in Haryana.
In light of the above, many achievements have been accomplished by the State Government, these include training and sensitisation of approximately 900 government officers /ISOs across various departments, boards and corporations on the concepts of information security. The process of declaring Critical Information Infrastructure (CII) has been initiated and Cyber Security Crisis Management Plan (CCMP) has also been developed. Moreover, ISMS and various other information security policies are notified and ISMO is in process of engaging partners under PPP mode to enhance the awareness levels of ISO and other government stakeholders not only by training but by providing suitable certification based programme. It will contribute towards building/upgradating their skills in the domain of cyber security. Apart from this, many awards and recognitions at various levels and forums for the cyber security initiatives have also been received by ISMO.
Other marquee initiatives of E&IT Department, Government of Haryana
- Haryana moving towards less cash economy in alignment to the mission of Government of India to promote digital payments. The E&IT department has developed a Haryana Cashless Consolidation Portal integrated with RAS. The platform is effectively being utilised to improve the services delivery based on the feedback shared by the citizens. As a next step, it is proposed to include IVRS as the SMS based response is low.
- Digi-Locker, another key initiative key under the Digital India programme is also being implemented successfully in the State. Presently, 3.83 Cr document (approx.) of various departments of Haryana are available in Digi locker (State and Central Government Services).
- There are 16,141 Atal Sewa Kendra (CSC) almost all the Gram Panchayats (HCCP)’ (https://cashlessharyana.gov. in/), that has been appreciated at various levels/forums. With continuous efforts, the last year’s target of Rs 72 crore cashless transactions was surpassed and Rs 96 crore was achieved. As per data collected till 31 Dec 2018, Rs 66.5 crore cashless transactions have been registered in view of the target of Rs 75 crore with one quarter to remain. We have internal target to touch Rs 100 crore this year. Moreover, the portal in its current shape has been replicated in other States.
- The Rapid Assessment System (RAS) under the Digital India programme is also very successfully implemented in Haryana. Presently, 380 services of 32 Departments have been in the State have been covered with at least one CSC for providing more than 281 citizen services.
- Presently 204 out of 330 & 221 out of 236 schemes are launched on the SARAL platform providing a single window access to all citizen services.
As CISO and Head SeMT are facilitating the rollout of critical IT initiatives, it takes exemplary leadership skills to manage everything and delivering results in a time bound manner. The precedence being set by the State of Haryana for implementation of cyber security and digital initiatives is really praiseworthy and can be leveraged by other States.