CHENNAI: In a bid to protect critical information of State government from cyber attack and threats, the State e-governance agency (TNeGA) is conducting a security audit of government websites and IT applications.
The audit is being undertaken to protect the websites from vulnerabilities such as loss, inaccessibility, alteration or wrongful disclosure.
This comes after Union Minister of State for Electronics and IT K J Alphons has informed the Parliament that government websites and applications will be audited with respect to cyber security prior to their hosting, along with audit on a regular basis after hosting.
According to Indian Computer Emergency Response Team (CERT-In), a total of 22,207 Indian websites including 114 government websites were hacked from April 2017 to January 2018. A total number of 493 affected websites were used for malware propagation. It is also learnt that a total of 301 security alerts regarding potential vulnerabilities and threats to multiple systems and applications were issued by CERT-In during this period.
State government sources said the audit will systematically identify all security vulnerabilities and specific recommendations will be provided to address identified security vulnerabilities.
“Already a few departments have approached the TNeGA for the first time security audit. However, some departments are yet to carry out the security audit for their websites or web applications,” sources added. It is learnt that the application security audit will be performed on an annual basis or where there is major upgradation or change in the application by the department through its own funds.
The audit is also happening two years after the National Critical Information Infrastructure Protection Centre (NCIIPC), which is under the administrative control of the National Technical Research Organisation (NTRO), sought a report on the presence of Critical Information Infrastructure (CII) in the State whose destruction could have a debilitating impact on the economy and security of the nation. It had then asked the State government departments to send details of hardware, software along with make, model and version of its critical assets.