Indian Railways is ready to conduct a through cyber audit even as it recognized the vulnerabity of its online service network.
The ministry has ordered a compressive zone wise audit for its online system. This includes the Passenger Reservation System (PRS), the communication network of the Indian Railways as well as online freight system which have been recognized as sensitive areas
The Minister of Railways had ordered a complete cyber audit of the total online network connected to the operation of railways in India. This audit is set be implemented in all sixteen zones of the Indian Railways and efforts will be undertaken so that the audit is fool proof and effective.
The idea of a cyber audit had been triggered off after hacking of a website in March, of the Bhusawal division’s personnel department of Central Railways, apparently by the Al Qaeda. The website content was changed by the hackers into a message exhorting every Indian Muslim to undertake Jihad to fight America. Thus, the system is at the threat of criminals like terrorists.
Official sources revealed that hackers were defacing 2000 to 3000 government websites every month. Senior officials were quick to note that the complete reservation system of the Railways was being conducted online and any interference in the network would completely mess up the system like disabling PNR Status Enquiry, besides causing enormous monetary losses.
Especially, internal communication between train operators is crucial for train services along with controlling of operations between stations. Officials pressed claims that recently an audit had been conducted on various IT related services of the railways, but it is the first time that there were plans afoot to conducts a cyber audit of the entire railway system. It is expected that auditors will detect systemic flaws and suggest remedial action.
The agencies deputed for the cyber audit are experts in the field of cyber-security. They will work in tandem with the CRIS (Centre for Railways Information System), which is an agency responsible for ticket booking in the Indian railways.
In addition, functional and security audits will be conducted, of the entire online operations of ticket booking services via the IRCTC (Indian Railways Catering and Tourism Corporation). Some time back, the IRCTC had conducted an audit of its system to curb misuse by touts of its ticket booking website.
The Railways began computer operations, almost 30 years back with setting up of CRIS (Centre for Railways Information System) which is responsible for developing and maintaining crucial information systems of the Indian Railways.
But ever since, majority of railway zones have failed to have a potent cyber policy set up to boost immunity of railways against cyber attacks.
Officials of the IT department noted that IT security covers the following areas: understanding and managing risks involved; managing network security and traffic; protecting IT data, assets and applications; protecting personnel and infrastructure; Selecting and making operable effective controls to put in place integrity and confidentiality of communication systems, which transmit, store and process data.