“Incorporate security interventions at lowest layers”
As technologies have advanced and as civilisations have adopted new forms of lives, new threats are coming. In case of a security breach, the essence of the attack should be searched for. Is there one person involved? Or is there a group behind the attack? If yes, how did they communicate? What level of sophistication was involved in communication?
e-Governance has evolved in India in the last five years. We are now creating a repository of data which needs to be protected. Our data has thus become critical. Eighty percent of the incidents amount for inside attack. People within an organisation or those who have left the organisation leak the data. We have seen the cases from ministry of home affairs. So, we need a holistic security system which can secure our data from outside, as well as inside threats. In case of the national population register (NPR), the government is creating a database, encrypting it and then securing it. But it is said that the data will be put in public domain in future. So there is no point creating a secured database which has to be compromised later on. It is a sheer wastage of money.
Prevention of data leakage is another aspect which needs attention. There should be security intervention which should start right at the lowest layer. Access to critical systems should be given only after clearing series of authentication processes.
There isn’t any lack of information or awareness in the government. It is just that a more holistic approach is needed. Although I do believe that there is a need of sensitisation towards internal security.