In an interview with Shivani Shinde, he talks about the changing technology landscape. Edited excerpts:
How serious is the threat from increasing access to the internet through mobile phones? How can CERT-In address this?
Mobile phones are a concern because of the number of users.
Besides, users download applications for free; even hackers know you are downloading apps for free.
A computer system has more resources and more storage, and you can use security software to protect it.
But this is not the case with mobile phones.
These have limited storage and, therefore, limited capacity for security software.
We have started developing a security covering around operating systems like Android and Windows.
We hope we would be able to bring out a secured system and, perhaps, mandate the people of the country to use this solution.
What are CERT-In's key areas of concern?
Cyberspace is a huge area, and the penetration would only increase.
The challenge is how do I secure Indian cyber users to ensure they surf safely?
How do we create or increase awareness?
In conjunction, how do we face the capacity challenge, in terms of capable manpower?
Today, the manpower addressing the cyber security issue is limited.
We need 4,00,000 skilled people to address this; currently, we have just about 32,000 skilled people.
We need people to address aspects like technology procurement and legal issues, and train the police and the judiciary in understanding the cyber segment.
The number of attacks on government website has increased.
That attacks on government websites have increased is true.
The nature of these attacks has also changed.
They are targeted towards stealing information and installing malicious software.
Another dangerous trend is hackers install software on the hacked website and use it as a platform to launch other attacks. This allows them to camouflage their routes.
This is not specific to India; it is happening worldwide.
The government is aware of these incidents.
We track sites that are hacked and try to get in touch with all the parties that report to us.
According to our mandate we try to help them, study the logs, look into the vulnerabilities that have been exploited and consider what needs to be done.
We have started an intensive auditing process, for which we have also empanelled auditors.
They would carry out audits, including vulnerability assessment, and penetration tests of systems of government organisations.
We also carry out security drills with industries, government
SC refuses to stay Kudankulam, will examine safety aspect
CBI likely to chargesheet Bharti, Vodafone
We cannot jeopardise our business: Infosys
Udayakumar will not surrender, says Kejriwal
Let's agree on Internet block tools, says government