Hackers threaten to hit the brakes on Prabhu express

The Railways came up with an IT security policy in 2008, which was last reviewed in 2012.

Published: 12th June 2016 09:27 AM  |   Last Updated: 12th June 2016 09:27 AM   |  A+A-

PTI2_25_2016_000087A (1)

Union Minister of Railways Minister Suresh Prabhakar Prabhu | PTI

NEW DELHI: Railways Minister Suresh Prabhu is a worried man. Recent attempts by hackers to break into the Railways’ online system involving train operations and the reservation system is giving him sleepless nights. The organisation, which sees half of its total tickets booked online, has held meetings with National Technical Research Organisation (NTRO), a cyber security agency under the National Security Advisor, to come up with systems that will ensure its sites are not hacked.

NTRO has held meetings with Indian Railway Catering and Tourism Corporation (IRCTC), Centre for Railway Information Systems (CRIS), the IT arm of the Railways, and members of the IT directorate in the Railway Board and is devising a firewall.

“NTRO has been provided with information related to existing cyber security checks and measures taken. We have asked them come up with systems that can help secure data. If hackers breach into our system, the entire railway operations can be badly affected,” said an official in the board.   

IRCTC, a subsidiary of the Railways, has a database of lakh of passengers who book tickets online. It is worried that hackers may also attain access to passengers’ data like credit/debit card details. Besides, a cyber attack can halt the entire working of the Railways, including the crew management system consisting of automated day-to-day business functioning of drivers and guards and other services.

The Railways came up with an IT security policy in 2008, which was last reviewed in 2012. After recent reports of cyber attacks, which the Railways denied, it held a meeting of all IT security managers of railway units this week to assess the action taken and the status of IT security.   

Experts in intelligent transportation system say the Railways’ portals are still running on unsecured protocols; they don’t use any security certificates and thus fall prey to hackers easily. Concerns related to weak cyber security measures by the Railways were raised by a CAG report in 2015. The report, which also reviewed IT security in the Railways, found that almost 90-100 per cent employees use the same password, thus violating the IT policy that calls for role-based access management.

Stay up to date on all the latest The Sunday Standard news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp