The Ministry of External Affairs feels that there is an emergence of focused conferences on cybersecurity which will help in facilitating more collaboration in this area. In a conversation with EC’s Sandhya Michu, Sanjay Kumar Verma, Additional Secretary, Administration, MEA, shares his view on how the MEA is taking steps to secure its systems
Some edited excerpts:
As more and more cyber attacks are launched from cross borders, what steps is the MEA taking to secure its systems?
We are largely responsible for securing our own IT assets. As far as other ministries are concerned, every ministry has dedicated CISOs for securing its infrastructure. The MEA works very closely with the National Cyber Security Coordinator, while coordinating with our international partners. We have been building intra-MEA applications to communicate with our stakeholders across geographies and time zones. The other focus area is improving the interface of e-services like Visa, Passport, etc. We are monitoring 200 plus websites on a regular basis and managing them as per the new tech requirements, as sometimes changes made may bring vulnerabilities into the systems.
But, we have not seen any obvious breach of security on any of these web pages. MEA services will always remain the target by those countries, which need to get information or data out of our sites. Every single day, there will be multiple attacks launched on our sites, but we have not seen any major breach of security.
How is the MEA leveraging technology to strengthen its cybersecurity posture?
We have been improving the connectivity and looking for scalable technologies. In the case of other government ministries, they have to protect the data within India, whereas our data may ride on the hostile network and we have to secure our data without compromising the national security.
How is the MEA tackling the issue of cyber for diplomacy?
Within MEA, we have a cyber diplomacy division to tackle such issues. We have been working and developing distinct cyber diplomacy policies as they attempt to mitigate threats and promote healthy cyber behavior. Still, attacks are worsening, exposing sensitive data and coercing governments, agencies and private enterprises of all sizes. MEA has been participating in bilateral forums for discussing cyber for diplomacy. The recent held Global Conference on Cyberspace (GCCS), an annual gathering of delegates and representatives, was held in Delhi to discuss better ways to protect networks, shore up data and repel attacks. There is an emergence of focused conferences on cyber security has created a sort of inroad for more collaboration. These conferences aimed to increase cybersecurity awareness and promote best practices across the geopolitical spectrum. As the scope of these attacks is getting vast, it requires a certain co-dependence between nations, and awareness at the enterprise level.
What are the key priorities of the MEA for the next year?
From a cybersecurity point of view, it has got two major components: one is the user aspect and another is technology. For user aspects, we keep holding sessions and keep training people for raising their awareness. Unless we inculcate a cyber hygiene amongst the users of these programs and software, it will be difficult to take it forward. I would say about 50 per cent of cybersecurity is user awareness and the rest is covered by technology. We look forward to evaluate new technologies to build new solutions for our systems.