In the last few weeks, there has been lot of attacks and attempts to hack various private companies, government servers and other important website globally. From the latest Wannacry Ransomware to the recent hacking of India Based Online restaurant search & discovery service Zomato where Data of 17 million users was hacked. With PM Narendra Modi’s vision of Digital India and fast approaching digitization of functioning in our daily lives it’s important to look into one Major aspect of this and that is Online Security of Data. Someone rightly said that ‘Data is the new Oil’.
Aadhaar which is at the core of this digital movement & also one of the most important concerns of many individuals has to be looked at from a more objective point of view when it comes to security of our digital data. There are close to 120 socio-eco schemes which are being run by government at various levels, PM Modi wants to link all these schemes with Aadhaar by 2019. It is imperative that our biometric data remains safe and secure.
But it doesn’t look like the case. I heard a first hand account of how the Government hired a company to test Aadhaar authentication device as the government has given some companies permission to make fingerprint scanner that can authenticate Aadhaar and an API (Application Program Interface) will generate Aadhaar data. But the government also gave them Aadhaar biomatric data to test those devices & other modules which was stored by the private vendors which puts it all at risk.
Now the government is trying to troubleshoot this issue but already lot of companies have data saved for lot of individuals those who have made fingerprint scanners for the government. GoI should make a centralized repository or data warehouse for all the data and address concerns for privacy by using algorithms and hiring a security agency, or build one like NSA.
Government is now expanding its digital footprint in digital payments after BHIM app by bringing a new E-Wallet app based on Aadhaar, so it will be crucial for them to give assurance of data safety.
Important thing to note here is that neither RBI or Ministry of Finance have laid down any guidelines on online data protection by E-wallet companies, meaning companies like Paytm & Mobikwik don’t have to provide any assurance of data protection to the government and it’s all based on their own personal preference of the security levels they want to keep. So if the security of a certain company is weak company and it gets hacked whom to blame? Government or the company? This needs to be addressed by ministry of IT as soon as possible as it’s not very assuring knowing that there is no law protecting millions of financial data after huge growth in E-Wallet usage.
Ultimately, the Bureaucracy is not equipped to handle the challenges thrown by the new digital world hence even the big companies like Microsoft or Google cut corners when it comes to government tenders as they know that no one from the government’s side will understand the difference between what was asked and what was delivered. Like last year, HRD ministry enrolled help of Microsoft to develop an education app called ‘SWAYAM’. The app is not upto the standard what one would expect from a company like Microsoft. On Andriod app store it has only 10 thousand downloads which was said to be a step towards digital education but at the moment the lack of good UI or regular updates makes this app not the perfect tool one had hoped for. Is the fault with Microsoft or with the bureaucrat who was handling this project from the government side and didn’t utilize the resources at hand?
If Prime Minister’s vision for Digital India needs to take shape all these loops holes need to be looked at with more serious outlook. Government can’t do this without enrolling expertise of the IT field and not relying on Ministers or Bureaucrats who don’t understand the fast changing technology and the need to be updated on the latest developments. We have seen how countries have suffered drastically when lot of crucial online data was stolen or hacked by either enemy countries or hacker groups. The intent is there but with intent there needs to be steps to ensure this intent is implemented in the best of the manner.
Second Level of Cyber Security professionals are needed at the moment in India who are hands-on experts who are skilled in the five major functional areas of cyber security as defined by NIST (National Institute of Standards & Technology) – Identify, Protect, Detect, Respond and Recover. An estimation by NASSCOM’s Cybersecurity Task Force, India needs 1 million trained such Cyber security professionals by 2020. The current estimate in India is around 50,000. All government websites should be SSL compliant and since many are not there should be a regular security audits. Security Patch updates of underlying operating system and system software must be done for all government data.
Aadhaar is an important step in ensuring that there is no corruption and also a way to curb black money and many important government initiatives but is government doing enough to ensure its safe? I hope as a citizen our personal data remains secure otherwise even this initiative will fail with rogue elements using loopholes for their benefits.