Centre Bolsters Email Security For 10,000 Users Across Key Ministries, Departments Amidst Cybersecurity Threats

Following a series of cyberattacks, a secure email system has been established by the Centre for 10,000 users within crucial ministries and departments.

The National Informatics Centre (NIC) has developed an e-mail system that operates on Zero Trust Authentication (ZTA), The Hindu reported.

Recently, high-ranking officials from the Ministry of Home Affairs (MHA) convened a meeting to deliberate on the specifications of the secure e-mail system. The 10,000 emails span across 17 union ministries and departments.

For the past three months at least, additional features had been deployed to access the government emails, according to another official cited in the report.

“User name and passwords are not enough, now a two-factor authentication has been activated. Other than passwords, facial recognition or biometrics is required. The log-in and log-out times are recorded and monitored,” the official was quoted as saying by The Hindu.

In response to numerous cyberattack attempts on critical facilities and government websites, including a significant cyberattack on the All India Institute of Medical Sciences (AIIMS) in Delhi on 23 November 2022, cybersecurity measures has been enhanced.

This attack severely disrupted the servers and e-hospital services at the nation's leading public healthcare facility for over a month.

In February of the current year, the Digital India Corporation (DIC), a not-for-profit organization established by the Ministry of Electronics and Information Technology (MeitY), sought proposals from private entities to select cloud service provider to “operate, manage and migrate existing projects as well as future projects.”

Presently, the DIC is involved in several nationally significant initiatives like Digilocker, Poshan Tracker, MyScheme, Umang, APISetu, NCW, Kisan Sarathi, and Academic Bank of Credits, all of which rely on the cloud services provided by Amazon Web Services.

The bid's scope also encompassed the transfer of government employees' email services to a private entity, a task presently managed by the NIC.

While the government has not made an official announcement, the Hindustan Times reported on 12 September that Zoho, a business solutions provider based in Chennai, was chosen to manage the email services. The Central government has over 3.3 million employees.

On 3 February 2021, Sridhar Vembu, the founder of Zoho, was named a member of the National Security Advisory Board (NSAB), under the leadership of the National Security Adviser.

Additionally, for the first time, the government acknowledged in Parliament on 8 December that the Indian Computer Emergency Response Team (CERTIn) investigated the purported data breach involving more than 81 crore Indians' Aadhaar and passport details. This breach also included names, phone numbers, and addresses with the Indian Council of Medical Research (ICMR).

Rajeev Chandrashekhar, Minister of State, MeITY, while responding to a question by Trinamool Congress member Sukhendu Sekhar Ray in the Rajya Sabha about the claims made by a U.S.-based cybersecurity firm Resecurity regarding sale of personal data of Indians on dark web, said: “CERT-In received threat intelligence reports in October 2023 regarding personal data with samples claiming to be of ICMR and notified ICMR of the same and suggested remedial measures. CERT-In coordinated incident analysis and provided inputs to law enforcement agencies.”

In another reply, the Minister said 165 data breach incidents involving citizen data were observed from January 2018 till October 2023.

During the recently concluded G-20 leaders' summit, the Ministry of Home Affairs established a round-the-clock coordination control room to handle cyberattacks.

The NIC has also developed and implemented e-office with government offices being encouraged to go fully digital.

Of the 84 ministries and departments, 75 have fully embraced this digital transformation.

However, several ministries, including Home, Environment, Information and Broadcasting, and Civil Aviation, continue to rely on paper files and have not yet fully transitioned to the digital platform.

The e-office system does not accommodate "secret, top secret, classified communications", and such documents are still managed in a physical format.

The Ministry of Home Affairs (MHA) has published the National Information Security Policy and Guidelines (NISPG). This policy has been disseminated to Central Ministries, State governments, and Union territories, with the objective of preventing breaches in information security and cyber intrusions within the infrastructure of information and communication technology.