New Indian cyber security framework emerges from a ransomware attack
Critical experience at AIIMS drives government to implement effective cyber defense framework in key industries
Former National Cyber Security Coordinator, Lieutenant General Rajesh Pant has revealed that the ransomware attack on the All India Institute of Medical Sciences (AIIMS) prompted the Indian government to develop a nationwide cyber security response framework. national (NCRF). The incidence has highlighted the critical need to protect the country's vital infrastructure. "It has emerged that critical industries need a uniform framework to respond to cybersecurity challenges," Pant said. Therefore, the NCRF has been designed and will be made available to the public, especially for critical infrastructure such as those in the energy and healthcare sectors.
The design of a cyber defense
Pant explained that the framework traces the architecture of a cyber defense system and defines reliable companies and supply chain mechanisms. On Nov. 23, the cyberattack infected AIIMS and its centers' systems, wiping out research and outpatient data from its primary and backup servers. Following the incident, the Intelligence Fusion and Strategic Operations (IFSO) cell of the Delhi Police opened an investigation, citing allegations of cyber terrorism against unidentified individuals.
Lessons learned from the attack
Pant highlighted that the AIIMS attack exposed gaps in cyber defense systems and that many lessons were learned from it to improve the readiness of critical information infrastructure and address vulnerabilities. "The network was not designed by professionals, but by a team of doctors. There were too many gaps in the network, and it was easy to penetrate," he commented. Pant is confident that the improvements resulting from these lessons learned will be implemented at the government level. He also stressed that the new framework will address critical gaps in response mechanisms.
The need for cooperation and an advanced strategy
According to Pant, a greater level of cooperation between ministries and the creation of a nodal ministry is needed to address cybersecurity threats, in a context where cybersecurity is constantly evolving. He underlined the absence of a ministry dedicated solely to dealing with such incidents. "The concept of peace has changed today, there is no peace in cyberspace," he said, adding that the government's cybersecurity strategy is at an advanced stage. This strategy, developed during Pant's tenure as cybersecurity coordinator, proposes a variety of mitigation measures to combat data breaches.
Follow us on Twitter for more pills like this07/02/2023 22:20
Marco Verro