DNA Micro Edit: Cyber security awareness a challenge for state admin

In May 2015, the Maharashtra government was served a rude reminder about chinks in its cyber security perimetre, when around 150 computers in its administrative headquarters were infected by the ‘Locky’ ransomware.

However, the damage was limited considering the 5,280 machines on the Mantralaya local area network (LAN). A subsequent check by the state information technology (IT) department detected that around 2,000 computers had no anti-virus, creating the possibility of a catastrophe in case of such virus attacks.

The department then took measures like a central anti-virus console and banning use of private email services like Gmail for official communication to prevent virus attacks, and transmission and storage of information on private servers outside India. This may have ensured that the system escaped unscathed by the recent WannaCry ransomware, which could have affected sensitive government data.

Sources admit that there are instances of employees disconnecting their computers from the Mantralaya LAN and using personal dongles and hotspots to access private email services, thus compromising security.

At a time when the state government is planning a quantum jump towards a less-cash economy and digital delivery of government to citizen (G2C) services, there is a need to create an ecosystem to strengthen network security. Though the government is working on a cyber security policy, the real challenge lies in creation of a security consciousness.