Government’s e-dependence outreach requires supporting systems to protect digital citizens
Published Date – Thursday 15 June 23 at 12:30pm
Government’s e-dependence outreach requires supporting systems to protect digital citizens
Privacy concerns have been reignited by reports of a major data breach on Covid-19 vaccine tracking platform CoWIN that exposed sensitive personal information of millions of vaccinators. The Center’s response to developments raises more questions than it answers. Now is the time to revisit security regimes and address doubts about the security aspects of electronic platforms. People’s personally identifiable information (PII) could be at risk because the data appears to include identification documents and details of people registered for vaccinations, which can only be booked through digital services. The leaks have sparked conflicting signals from the government, underscoring once again the urgent need for strong data protection policies. Accessed by a bot on messaging app platform Telegram, the data includes details such as Aadhaar, passport and PAN card numbers, and the vaccination centers where users were vaccinated. However, the information can still be accessed if the user uses a mobile number instead of an Aadhaar number. In addition to this, the passport numbers of individuals who updated the CoWIN portal for international travel were also exposed. This may be the possibility of previously stolen data adding to growing concerns. Despite frequent incidents of hacking and leaking of sensitive public data, there has been little effort on the part of the government to develop national cybersecurity principles, or even workable policies. Every citizen who contributes information to a database expects regular risk assessments and built-in security regulations to be monitored with mandatory policies.
The hack exposed vulnerabilities in the platform. Last November, the AIIMS cyber attack triggered a series of remedial measures. A key input is that organizations should ensure network segmentation, whereby a computer network is divided into subnets to improve security and isolate vulnerabilities. The practicality of having a security information and event management solution that helps in collecting data from various sources to provide real-time visibility of security incidents is also highlighted. Formalize an incident response plan to minimize damage and emphasize mandatory cybersecurity training for employees. Tracking cybercrime to detect the latest tactics employed by hackers becomes imperative to protect systems and ensure the confidentiality of sensitive information. Government e-dependence outreach requires supporting systems that protect digital citizens. The CoWIN breach is the latest in a series of similar incidents that have occurred in the past. Unfortunately, they were ignored. For example, the 2017 Hitachi data breach became a teaser for the 2019 Kudankulam nuclear reactor attack, which was followed by the detection of cobalt attack malware. As India’s internet base continues to grow exponentially, the parallel growth of cyber threats is cause for concern. As digital technology advances, so does the sophistication of cybercrime.
