AIIMS Cyberattack Pushes Govt to Formally Declare Health as 7th Critical Sector After Banking Among Others

The government is considering making health India’s seventh ‘thrust sector’, sources have confirmed to News18. Other key sectors such as banking, financial services and insurance, telecom and transport are also awaiting final approval to be formally declared as ‘critical sectors’.

According to a senior government official, the proposal was prepared last year but got shelved. Sources said after the cyber attack on AIIMS servers that exposed the security infrastructure of the healthcare system, the proposal has been moved once again for the approval of the Cabinet Committee on Security headed by Prime Minister Narendra Modi. It is expected that the proposal made by the National Security Council Secretariat is likely to be approved.

The AIIMS cyber attack, which took place last December, has brought to the fore an urgent need to officially declare health as a critical sector to enhance security of assets from cyber threats.

This move will help the ministry or department to get adequate support from various cyber security establishments. In addition, funds will be allocated for this purpose.

The present proposal is seeking the approval of the Cabinet Committee on Security (CCS) for the formal declaration of the nation’s seven sectors, namely, Banking, Financial Services and Insurance, (BFSI), Telecom, Power and Energy (P&E), strategic. and public enterprises (S&PE), transport, government and health as ‘critical sectors’.

The official said that if the proposal is approved, it will help the concerned ministry or department to prioritize the allocation of resources, including finance, to promote cyber security in their jurisdiction.

Last year, it was unanimously recommended that seven sectors (six have been mentioned earlier) and health be treated as ‘critical areas’. The National Critical Information Infrastructure Protection Center (NCIIPC) moved to the NSA to declare these areas “critical”. The approval of the CCS is required to formally declare the above seven sectors as ‘critical’.

NCIIPC has been designated as the National/Nodal Agency with respect to Critical Information Infrastructure Protection since 2014. NCIIPC is responsible for identifying all Critical Information Infrastructure (CII) elements in the country for approval by the appropriate government authority. , It is responsible for providing strategic leadership and coordination across government to respond to cyber security threats against identified CII.

The COVID-19 pandemic has led to increased digitization in almost all sectors of the country, but there has also been an increase in threats to cyber security. Therefore, in order to secure the Indian cyber space from the growing trend of complex cyber incidents/attacks, it was necessary to identify and declare ‘critical areas’ where the focus is on improving the cyber security situation and cyber defence, officials said. he said.

how will it help

Once health is declared as the seventh critical infrastructure, the ministry or department will get the right impetus and direction to identify critical assets, information infrastructure, processes, which should be protected with ‘privacy, integrity and availability’. context will need to be preserved. This, in turn, will lead to prioritization and allocation of resources, including human resources and finance, by the concerned Ministry/Department to protect its computer systems and networks.

IT Act defines Critical Infrastructure

The IT Act 2000 defines critical infrastructure: “The appropriate government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects a critical information infrastructure facility to be a protected system.” Is.” It means computer resources, the incapacitation or destruction of which would have a debilitating effect on national security, the economy, public health or safety.

read all latest india news Here