E-Security • Background • IT Infrastructure in Sikkim • Current Status of Cyber Security& Cyber Crime in SIkkim • Strategic Approach undertaken by IT Department, Govt. of Sikkim • Future Plan of Action Background • There is no doubt that e-Governance will making life easier for the citizens. However this involves putting important and critical information on the cyber space and exposes the IT infrastructure to hackers But this not make us complacent. With the State Data Centre (SDC) has been operationalised, the State Wide Area Network (SWAN) is functional and preliminary work on State Service Delivery Gateway (SSDG) also taking place, a lot of information is going to be available in cyber space. • We have already started taking preemptive measures to minimize the incidence of cyber attacks on our IT infrastructure. IT Infrastructure in Sikkim • State Data Centre (SDC) • State Wide Area Network (SWAN) • Common Service Centers (CSC) – 45 CSCs all across state – Basically an internet café www.sikkim.gov.in Current Status of Cyber Security& Cyber Crime in SIkkim • Fortunately Sikkim has not had many cases of cyber crime. • Till date a total of 2 (two) government website have been reported to be hacked in Sikkim. As of now the Cyber Security threats are related to defacement of websites. • Only 1 case has been registered under IT Amendment Act 2008, 66A, 67 with the Crime branch- cyber cell. The case relates to hacking of the facebook account of complainant, a resident of Gangtok. The hacker (unknown) hacked his facebook account and posted obscene pictures and abusive languages to all the friends listed in his account. The motive judged was to defame the complainant. The case has been registered with the Cyber cell, Crime branch, Police HQ. Strategic Approach undertaken by IT Department, Govt. of Sikkim 1. 2. 3. 4. 5. Formulation of Cyber Security Policy Notification of Cyber Café Rules Capacity Building & Training Awareness & Advocacy Coordination with Govt. of India for Technological Support CYBER SECURITY POLICY • As per the guidelines of the Government of India, the State Government has formulated the Cyber Security Policy • The Cyber Security Policy will define a set of minimum information security requirements that shall be met by all the departments; formation of Cyber Security Task Force Committee and each department is headed by Information Security Officer • This includes a physical visit by the Cyber Task force to all Departments to inspect the computer systems and check for vulnerability. CYBER CAFÉ RULES • The department has notified the Cyber Café Rules (2009) which aims to regulate, govern and control the use of the Cyber Café centers in the State. • The rules impose a social responsibility on Cyber Café owners and authorizes them to keep a record of the usage of the cyber café in a log book. Users are required to show a proof of identity before they can use the facility in the cyber café. Further it empowers the Cyber Cell of the Crime Branch to inspect the Cyber Cafes and ensure that they are complying with the provisions of these rules. • Recently a team from Cyber Cell, Crime Branch visited all the cyber cafes in Gangtok to ensure the compliance of the rules. These measures it is hoped will go a long way in preventing the use of Cyber cafes by unsocial and anti-national elements. WORKSHOPS AND TRAININGS ON CYBER SECURITY 1. Conducted a workshop for Cyber Café Owners in the year 2006 related to the security issues. 2. CERT-In conducted a workshop on Cyber Security during SIKITEX-2009 for Cyber Café owners and public. 3. Information Technology, Government of Sikkim conducted a workshop on Cyber Café Rules in association with the Crime Branch, Sikkim Police during IT Exhibition and Conference SIKITEX 2010 at Gangtok which was attended by the Cyber Café owners and the Police officers. 4. A Seminar related to Hacking was organized in the Department of IT, Government of Sikkim by the IL&FS 5. Three candidates were sponsored for attending a six months training on Ethical Hacking and thereafter a three days workshop at Guwahati. Their services are requisitioned for Cyber Security whenever the requirement arises. Other Important Activities • STANDING COMMITTEE ON INFORMATION TECHNOLOGY – The main discussion during the Standing Committee on Information Technology held from 4th July to 7th July 2011 at Gangtok on the subject of Cyber Crime , Cyber Security and Right to Privacy. • Awareness in the Investing Agencies – The officers of the Investigating agencies have been attending various programmes and workshops organized by the Government of India related to Cyber Security and related issues. As a result the level of awareness is fairly good. TECHNICAL SUPPORT FROM GOVERNMENT OF INDIA • CERT-In sends us advisories monthly alerting the department of the attacks taken place and measures to secure web applications and web servers. CERT-In has been engaged for conducting seminars and workshops during Annual IT Exhibition and conference SIKITEX at Gangtok, organized by the Department of IT, Government of Sikkim. Participants in the workshop have been the general public, Cyber Café owners and the state government employees including the Police. FUTURE PLAN OF ACTION • Proposal to conduct many more short courses on Cyber Security for all Government employees & Internet Safety courses for School Students • Mock drills planned • Sikkim Police will be establishing a Cyber Forensic Lab for the State shortly. • ISO 27001 Certification for the State Data Centre • Strict Implementation of IPv6 as per Government of India Guidelines. Thank you www.sikkim.gov.in T. Samdup Jt. Director, IT Department, Government of Sikkim t.samdup@nic.in 9647853159(mobile)