There are different views on how should India respond to the incident of exposure by Dan egarstad. Naavi.org at this point of time takes the view that Dan egarstad is only a security buff who wanted to expose the security weakness in the system and did not have malicious intentions. We therefore would like to focus attention on what lessons can be learnt from the incident.

At present it appears that the GOI is not ready to come up with any public explanation about its response. We urge the GOI to hold a press conference to assure the public the safety of confidential communication in the Government sector and in particular answer thefollowing queries.

Does CERT-In or NIC express regret for the incident?.

Does MCIT which conducts many security related certificate courses explain if they have ever conducted information security drills for the embassy officials?

..If so how is that some of them are still using passwords such as 1234 etc?

What is the Controller of Certifying Authorities doing?. Has he educated the embassy officials about the use of digital signatures and encryption of communication?

GOI  has made use of digital signatures compulsory for filing corporate returns and IT returns. But why did not the same Government consider it necessary to mandate use of secured digital signatures and encryption for inter ministerial correspondence?

If any employee in an IT organization does not practice security culture and endangers the information of the company, the IS manager and CEO will be considered responsible. Similarly the lack of security culture amongst embassy officials which has endangered the national security needs an explanation from the highest authorities in the political system.Will they respond?

When Mr Avnish Bajaj, CEO of baazee.com was arrested under Section 67 of ITA 2000, our political leaders expressed the concern that the Indian Cyber Law was too stringent and moved to dilute the same with amendments. Now Dan egarstad has shown that our Country’s information is not safe in the hands of our embassy officials. Will the Government now think of making the law more stringent while debating on the proposed amendments which are in the parliament at this point of time?

We wish we will get answers to these from the Government representatives rather than a circular to all embassy officials to stop using e-mails for confidential communication ! (As reported by some news channels)

Naavi

September 03, 07

www.naavi.org

Be Sociable, Share!