Indian Govt Bans Foreign Firms from Conducting IT Security Audits

The Indian Government directs the ministries and departments responsible of India's basic infrastructure to abstain from employing foreign firms to conduct IT security audits of its frameworks and systems; this was brought to light following the cyber-attack on Kudankulam Nuclear Power Plant.

From now onwards Indian firms empanelled for inspecting will require a clearance from domestic spy agency, Intelligence Bureau (IB) to preclude any foreign link. Security reviews in every one of the ministries and critical sectors are done to guarantee that nation's information infrastructure isn't vulnerable against attacks by hackers and that every one of the systems have a protected government firewall.

As per the reports looked into by Firstpost, Computer Emergency Response Team (CERT-IN) — under the domain of the Ministry of Electronics and Information Technology — has arranged a rundown of evaluating firms in consultation with the IB.

It has been additionally observed that certain critical segments are confronting dangers from numerous sources and increasing attacks on the frameworks are organised and targeted with the assistance of criminals and state actors to thusly receive monstrous rewards out of 'information compromise or espionage'.

The cyber criminals may indulge in fraud, conduct espionage to steal state and military mysteries and disturb critical infrastructures by misusing the vulnerabilities in any framework.

The administration archives state that, “The public sector, although increasingly relying on information technology, has not fully awakened to the challenges of security. Economic stability depends on uninterrupted operations of banking, finance, critical infrastructure such as power generation and distribution, transport systems of rail, road, air, and sea which are critically reliant on information technology.

Even though the focus has been on improving systems and providing e-governance services by various institutions, the IT networks and business processes have not placed the desired emphasis on information security," Aside from this there are a couple of different directives which have been issued for critical areas for protective observing of sensitive data and risk radiating from terrorist groups or enemy state.

Workers taking care of sensitive servers will be required to unveil the phone they are carrying, its serial number, model number alongside subtleties like security abilities and vulnerabilities and the critical segments will claim all authority to control official information on the said employee's mobile, including the privilege to back up, retrieve, modify, decide access or erase the organization's information without an early notice.

Likewise, people or specialists employed for security reviews of government frameworks will have to sign a non-disclosure agreement to anticipate spillage of sensitive information.