Up against the vulnerability of its online service network, the
Indian Railways is all set for a thorough cyber audit. Identifying the
passenger reservation system (PRS), online freight system and railways'
communication network as the delicate areas, the ministry has ordered
zone-wise audit of the online system. A meeting in this regard was held
by Railway Minister Suresh Prabhu
on Friday that was attended by Secretary (IT) Aruna Sharma and the
Director General of Indian Computer Emergency Response System (CERT-IN).
"We have ordered for a cyber audit of the entire online network linked with the rail operation in India. Audit will be conducted in each of the 16 zones of Indian Railways and measures will be taken to make the system foolproof," Prabhu said.
Sources said the audit has been triggered after a web page of the Personnel department in Bhusawal Division of Central railways was hacked allegedly by terror outfit al-Qaeda in March this year. The content of the web page was replaced by a message for all Indian Muslims to join Jihad and help in defeating America. According to official sources, an average of 2,500 to 3,000 government websites are defaced by hackers every month.
A senior Rail Ministry official said the entire ticketing system of the railways is functioning online and any intrusion into the network would result in collapse of the system besides causing huge monetary losses. "Online freight booking, passenger reservation system and parcel bookings can be severely affected in case of a cyber attack. While these are mostly revenuerelated matters, an attack on the internal communication system can result in disruption of train operations," the official said. Notably, internal communication between the train operators with operation controllers on stations is crucial for train operations.
Officials claimed audit of various IT-related services in railways were conducted recently but it is for the first time that audit of the complete railway system will be conducted. The auditors will detect flaws in the system and suggest remedies, they said. The agencies conducting the audit have professional expertise in cyber security and will work in collaboration with the Centre for Railway Information Systems (CRIS), which is responsible for ticket booking at railway counters. Further, security and functional audit of the entire online ticket booking operations through Indian Railway Catering and Tourism Corporation (IRCTC) will also be conducted. Earlier, the IRCTC had also conducted audit of its system to check the misuse of the ticket booking website by touts.
Computer operations in Indian Railways started nearly 30 years ago with the setting up of the Centre for Railway Information System (CRIS), which develops and maintains most of the important information systems of Indian Railways. However, since then, most of the zonal railways have failed to have an effected cyber policy in place that makes railways immune to such attacks. Officials in the IT department said that IT Security encompasses understanding and management of risks involved; managing the network traffic and security, safeguarding IT assets, data, applications; infrastructure and personnel, selecting and implementing effective controls to ensure confidentiality, integrity and availability of the information and communication systems that store, process and transmit data.
indiatoday
"We have ordered for a cyber audit of the entire online network linked with the rail operation in India. Audit will be conducted in each of the 16 zones of Indian Railways and measures will be taken to make the system foolproof," Prabhu said.
Sources said the audit has been triggered after a web page of the Personnel department in Bhusawal Division of Central railways was hacked allegedly by terror outfit al-Qaeda in March this year. The content of the web page was replaced by a message for all Indian Muslims to join Jihad and help in defeating America. According to official sources, an average of 2,500 to 3,000 government websites are defaced by hackers every month.
A senior Rail Ministry official said the entire ticketing system of the railways is functioning online and any intrusion into the network would result in collapse of the system besides causing huge monetary losses. "Online freight booking, passenger reservation system and parcel bookings can be severely affected in case of a cyber attack. While these are mostly revenuerelated matters, an attack on the internal communication system can result in disruption of train operations," the official said. Notably, internal communication between the train operators with operation controllers on stations is crucial for train operations.
Officials claimed audit of various IT-related services in railways were conducted recently but it is for the first time that audit of the complete railway system will be conducted. The auditors will detect flaws in the system and suggest remedies, they said. The agencies conducting the audit have professional expertise in cyber security and will work in collaboration with the Centre for Railway Information Systems (CRIS), which is responsible for ticket booking at railway counters. Further, security and functional audit of the entire online ticket booking operations through Indian Railway Catering and Tourism Corporation (IRCTC) will also be conducted. Earlier, the IRCTC had also conducted audit of its system to check the misuse of the ticket booking website by touts.
Computer operations in Indian Railways started nearly 30 years ago with the setting up of the Centre for Railway Information System (CRIS), which develops and maintains most of the important information systems of Indian Railways. However, since then, most of the zonal railways have failed to have an effected cyber policy in place that makes railways immune to such attacks. Officials in the IT department said that IT Security encompasses understanding and management of risks involved; managing the network traffic and security, safeguarding IT assets, data, applications; infrastructure and personnel, selecting and implementing effective controls to ensure confidentiality, integrity and availability of the information and communication systems that store, process and transmit data.
indiatoday