News & Analysis

Digital India: Cybersecurity and Internet Shutdowns

India’s narrative as a fastest-growing economy backed by robust digital infrastructure is taking a beating and it is time govt. walks the talk

Digital data leaks have pestered the world’s largest economies and would continue to be a threat so long as bad actors exist. However, what is a matter of concern is the manner in which India, a beacon of hope in times of economic meltdowns, is reacting to the recent data leak from its much-publicized health app CoWIN.

Instead of taking a few deep breaths, asking the relevant authorities to investigate and then come out with a statement, the federal government went into disaster management mode – only that the actual disaster was ignored and all the focus of the ministers and officials was utilized to control the narratives in the media. 

Two parallel lines that do not intersect

And three days after the reports of a data breach on the CoWIN app, most of us couldn’t care less and the few who might are no closer to understanding the reality – is citizen data safe with the government? For, what does one make of a junior minister’s statement that the breach was from old databases previously stolen that was followed by a statement from the health ministry that the Computer Emergency Response team (CERT-in) will prepare a detailed report. 

When two government departments – the ministry of electronics and information technology and the ministry of health point us in different directions, there will be a concern. If we believe what minister Rajeev Chandrasekhar says, the question is were there disclosures of earlier breaches? And if we were to believe the health ministry, how did they issue a clean chit without any supporting documents? 

The question here is not about the promptness of the response but its authenticity that can only be proven by following a process. Cyber law experts say in such cases, the government should lodge a first information report with the police, which does not appear to have been done in the case of the “earlier breach” that the minister spoke about. 

Has the due diligence process been followed?

What makes the entire governmental process dubious (to say the least) is an article that appeared in a business publication some days ago. This spoke of GST evasion to the tune of Rs.30,000 crore being carried out via stolen identities such as PAN and Aadhar numbers. If the government wants to reassure us that our data is safe, then they need to walk the talk. 

To do so, they need to identify the challenges and fix them instead of brushing stuff under the carpet with a combination of social media bluster and ill-timed media statements that often run contrary to each other. Why so? Because in the past as well the government was caught on the wrong foot during such escapades. 

This is not the first, nor will it be the last

Readers may recall the instance (in 2019) when a former analyst at the National Technical Research Organization had gone public claiming that malware was detected in the IT infrastructure at India’s nuclear facilities in Kudankulam. Government had initially refuted the claims while admitting later that it was indeed true. 

Another instance occurred in June of 2021 when reports flew around of the CoWIN portal being hacked and data of 150 million Indians being up for sale. The government once again denied these claims as was the case in January 2022 when a similar instance occurred. Now, the minister claims that the data being shared now is from an earlier breach. When did it happen?

While data breaches are a reality in the digital era, what the government must do is to simply order an investigation and then provide citizens with the outcome based on that report. Nobody expects a foolproof cybersecurity system at this juncture. What we expect is a straight answer and a modicum of authenticity to reinforce the belief that our data is safe with the government. 

Leave a Response