NEW DELHI: Railways Minister Suresh Prabhu is a worried man. Recent attempts by hackers to break into the Railways’ online system involving train operations and the reservation system is giving him sleepless nights. The organisation, which sees half of its total tickets booked online, has held meetings with National Technical Research Organisation (NTRO), a cyber security agency under the National Security Advisor, to come up with systems that will ensure its sites are not hacked.
NTRO has held meetings with Indian Railway Catering and Tourism Corporation (IRCTC), Centre for Railway Information Systems (CRIS), the IT arm of the Railways, and members of the IT directorate in the Railway Board and is devising a firewall.
“NTRO has been provided with information related to existing cyber security checks and measures taken. We have asked them come up with systems that can help secure data. If hackers breach into our system, the entire railway operations can be badly affected,” said an official in the board.
IRCTC, a subsidiary of the Railways, has a database of lakh of passengers who book tickets online. It is worried that hackers may also attain access to passengers’ data like credit/debit card details. Besides, a cyber attack can halt the entire working of the Railways, including the crew management system consisting of automated day-to-day business functioning of drivers and guards and other services.
The Railways came up with an IT security policy in 2008, which was last reviewed in 2012. After recent reports of cyber attacks, which the Railways denied, it held a meeting of all IT security managers of railway units this week to assess the action taken and the status of IT security.
Experts in intelligent transportation system say the Railways’ portals are still running on unsecured protocols; they don’t use any security certificates and thus fall prey to hackers easily. Concerns related to weak cyber security measures by the Railways were raised by a CAG report in 2015. The report, which also reviewed IT security in the Railways, found that almost 90-100 per cent employees use the same password, thus violating the IT policy that calls for role-based access management.