eGovernance applications are primarily hosted in public domain and run on network which make them vulnerable to cyber attacks. With substantial thrust being given to electronic delivery of government services, putting in place a cyber security framework which ensures end -to-end security of eGovernance services is important. Ensuring cyber security in e-Gov delivery entails inter alia the following:
- Identification of security elements of an eGovernance services right from conceptualization to implementation and post implementation stages.
- Study of best practices on security including those worked out by STQC, DSCI and CERT-IN and adopting /modifying them into eGovernance Security Framework.
- Evolve processes and procedures for setting up the mechanism to prevent cyber attack or incidents and then implement the same.
- Creating awareness and building capacity in the area of Information security in eGovernance.
To ensure end to end security of e-Gov service delivery, detailed procedures covering technology and processes for e-Gov has been prepared. A security assurance framework has been prepared in consultation with Management Development Institute, Gurgaon. This framework is intended to help the states assess the security risk to their critical assets and put appropriate controls in place so that the assets are protected from vulnerabilities. The framework has been validated in the states of Chattisgarh and Maharashtra. Capacity building in using the security assurance framework would be undertaken. Going forward, the following activities in cyber security would be undertaken:
- Advice states in setting up new security infrastructure. For example, it is proposed to set up e-Gov security operation center (SOC) as part of NII 2.0. It is proposed to have 35 state levels SOC and one national SOC for e-Gov.
- Advice states on security enhancement of the e-Gov infrastructure that have been setup for e-Gov service delivery.
- Advice and help states in implementing the e-Gov security policy and the detailed procedure documents that have been prepared.
- Liaison with industry to understand new security products , conduct proof of concept for products that can be used in strengthening the security posture of e-Gov infrastructure and then advice the states on the same.
- Capacity building in cyber security for states. Trainings were conducted for the states of Odisha and Uttar Pradesh in their respective state capitals. This was attended by state officials as well as SeMT members. A full day workshop on cyber security was also conducted in Delhi which was attended by SeMT heads from 29 states.