(844) 627-8267
(844) 627-8267

AIIMS ransomware attack led to new SOP on cyber breaches: Ex-cybersecurity chief Pant | Latest News India | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The ransomware attack on the All-India Institute of Medical Sciences prompted the government to formulate a national cybersecurity response framework (NCRF), India’s former national cybersecurity coordinator has said.

Former cybersecurity chief says the ransomware attack on AIIMS prompted government to make cyber response framework. (Hindustan Times)

Speaking to HT, Lt Gen Rajesh Pant, who took over in 2019 and held the top cybersecurity job till June 30, said the attack was shone a spotlight on the need to protect critical infrastructure.

“It was realised that critical sectors need to have a uniform framework to respond to cybersecurity,” said Pant. “So, the NCRF was conceptualised. It will be put in the public domain for critical infrastructure, such as those in the power and health sectors to implement.”

The framework outlines an architecture of a cyber defence system, the former NCRF chief said, and specifies trusted companies and supply chain mechanisms.

On the morning of November 23, the systems at AIIMS and its centres were corrupted by the cyberattack, which wiped outpatient and research data from its primary and backup servers.

The Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) cell filed an FIR invoking sections of cyber terrorism against unknown people, even as teams from the National Informatics Centre and Computer Emergency Response Team (CERT-In) launched an investigation into the incident.

According to Pant, the AIIMS attack exposed loopholes in the cyber defence systems and several lessons have been drawn from it to better prepare the critical information infrastructure and address vulnerabilities. “The manner in which the network was architected, was not done by professionals but by a team of doctors. There were too many loopholes in the network, and it was easy to get into the network,” he said. “A lot of lessons have come out from the incident from a government point of view, and these will, hopefully be implemented.”

Pant added that the framework would address crucial gaps in response mechanisms. “There is a need for standard operating procedures to handle such incidents to that steps for mitigation are taken with immediate effect,” he said.

Pant also stressed on the need for inter-ministerial cooperation and setting up of a nodal ministry to address cybersecurity threats as the cybersecurity is continuously changing. “According to the business allocation rules, no ministry is solely dedicated to addressing such incidents. The concept of peace has changed today, there is no peace in cyber space,” he said, adding that the government’s cybersecurity strategy was in the advance stages.

The cybersecurity strategy of the government, which has been in the works since 2020, proposes several mitigation measures to combat data breaches. The strategy was drawn up during Pant’s tenure as cybersecurity coordinator.


Click Here For The Original Source.

National Cyber Security