In wake of data leaks, Andhra Pradesh orders audit of all government websites 

VIJAYAWADA: In the wake of the recent reports on sensitive public data being freely available on State government websites, Chief Minister N Chandrababu Naidu has directed the IT department to audit all the portals once again.

While the department, in the first week of May, had audited about 320 government websites for vulnerabilities, it will now look for breach of data related to privacy.Speaking to TNIE, principal secretary of IT, K Vijayanand, said, "We have asked the Andhra Pradesh State Cyber Security Operations Centre (APCSOC) to conduct an audit of all the departments' websites to identify if any sensitive public data is available on them. Here on, we will audit all the portals for both cyber security vulnerabilities and privacy issues. The audits will be done on a monthly basis."

For the record, there are 1200 websites belonging to the various government departments.The immediate trigger for the latest audit is the exposure of private details -- including name, phone number and purchases -- of people who bought medicines from the State-run generic medicine stores: Anna Sanjivini.

However, auditing is easier said than done. Highly-placed sources told TNIE on condition of anonymity that private data was being uploaded due to lack of awareness, and that their efforts to prevent the same were being stone-walled by government officials who are afraid of being exposed and sharing data with other departments.

The APCSOC or SOC, which had earlier audited 320 government portals, had a bitter experience. Some babus were so apprehensive that they demanded that the SOC sign a non-disclosure agreement, ostensibly for fear that their department's data could be accessed by another department.

The SOC had to finally sign the agreement, the sources revealed.The irony is that despite being a part of the government, the SOC encounters such problems. While it monitors the activity of all websites, it is the respective departments which have to initiate the rectification process as it does not have access to their servers.

The sources further said this 'reluctance' to cooperate was also observed while dealing with a department which is directly monitored by the Chief Minister himself, an administration of a temple, and a few other key departments. Though the heads of the departments may be willing, the officials lower down develop cold feet after a few queries. To resolve this, the IT department is planning to strengthen the SOC.

Stating that the department was aware of the issues, IT secretary Vijayanand explained, "We are going to give SOC access to all the servers. Therefore, the the SOC officials need not visit offices of the various departments anymore, and can monitor and take corrective steps from the SOC itself."