138% increase in cyber attacks on govt bodies in four years

Answering a question by Congress MP Renuka Chowdhury, Minister of State in the Ministry of Electronics and Information Technology Jitin Prasada said the number of cyber-attacks on government organisations had risen from 85,797 in 2019 to 2,04,844 in 2023.

This marks more than a doubling of such attacks.

Answering the query, the minister said as per the information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), the total number of cyber security incidents pertaining to government organisations were 85,797 in 2019; 54,314 in 2020; 48,285 in 2021; 1,92,439 in 2022 and 2,04,844 in 2023.

“The government is fully aware of various cybersecurity threats. We have taken measures to enhance the cybersecurity posture and prevent cyber-attacks,” Prasada said.

The ministry claimed the government had given directions to all central ministries, departments, states and UTs to appoint chief information security officers to deal with cybersecurity matters and established the National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country under the provisions of Section 70-A of the Information Technology (IT) Act, 2000.

The NCIIPC provides threat intelligence, situational awareness, alerts and advisories and information on vulnerabilities to organisations having critical information infrastructure, protected systems for taking preventive measures from cyber-attacks and cyber-terrorism, the Minister added.

He said the National Cyber Coordination Centre implemented by the CERT-In was serving as the control room to scan cyberspace in the country and detect cybersecurity threats.

“The NCCC facilitates coordination among different agencies by sharing with them the metadata from cyberspace for taking actions to mitigate cybersecurity threats. CERT-In has also formulated a ‘Cyber-Crisis Management Plan’ for countering cyber-attacks and cyber-terrorism for implementation by all ministries and departments of the Centre, state governments and their organisations and critical sectors,” Prasada added.

He said the ‘Computer Security Incident Response Team-Finance Sector’ has also been set up for responding to and containing and mitigating cybersecurity incidents reported from the financial sector under the umbrella and guidance of CERT-In.

National agencies had successfully thwarted massive coordinated cyber-attacks on India’s G20 website at the peak of the global summit that Prime Minister Narendra Modi hosted in New Delhi on September 9 and 10, 2023.

The official summit website, at the height of the event, saw as many as 16 lakh cyber intrusions a minute by way of distributed denial of service (DDoS) attacks, which have emerged as a primary concern in internet security worldwide.

In 2020-2022, 492 instances of phishing and smishing; 35 ransomware attack instances and 151 cases of hacking of websites involving government departments and agencies were reported.

A major attack involved paralysis of servers of AIIMS-New Delhi, which disrupted health service delivery for nearly two weeks at India's top government tertiary care institute.

G20 website saw 16L intrusion attempts

• MoS in the Ministry of Electronics and IT Jitin Prasada said the number of cyber-attacks on government organisations had risen from 85,797 in 2019 to 2,04,844 in 2023.
• Notably, India’s official G20 website at the peak of the global summit in New Delhi saw 16 lakh cyber intrusions a minute by way of distributed denial of service (DDoS) attacks.