Tamil Nadu government is working on preparing cybersecurity infrastructure to ensure safety of government and public interests and recovery of data and services if information security is breached. This comes after the state unveiled its cybersecurity policy, the first such policy by the state in the country, earlier this month. The move would provide more powers to the information technology department which will be the nodal department for IT security of Tamil Nadu.
The Cyber Security Architecture of Tamil Nadu (CSA-TN) is being executed by ELCOT in association with the Centre for Development of Advanced Computing (C-DAC), Chennai. It was on June 1, 2018, Chief Minister Edapaddi K Palaniswami announced a Cyber Security Architecture for the state at a cost of Rs 21.39 crore.
An Official source told Express that the launch of the policy had paved the way for establishing and operating a cybersecurity architecture for Tamil Nadu, which will have components like Security Architecture Framework, Security Operations Centre, Cyber Crisis Management Plan and Computer Emergency Response Team (CERT-TN), the essential Nodal Agency for implementation of the cybersecurity architecture framework. As per the cybersecurity policy, vulnerabilities in the affected e-Governance Service offered by the state government will be reported only to CERT-TN or to the respective Department.CERT-TN in compliance with National and State Law shall act as a statutory body issuing directives, guidelines and advisories to enforce cybersecurity practices to the Departments. It is learnt that CERT -TN will regularly assess the government's Critical Information Infrastructure (CII) for Security and resilience maturity. The state is also coming up with Cyber Crisis Management Plan (CCMP) for countering Cyber Attacks. Under the CCMP, there will be Crisis Management Group (CMG)for each Department which will coordinate with CERT-TN during a crisis situation.
Meanwhile, the state government will come out with a Social Media Policy which will highlight how the Government departments and its employees should conduct themselves via the Web. It helps to protect the online reputation of the Department. Meanwhile, the new cybersecurity policy stresses that a separate Work Profile may be created in departments or organisations which can then be linked to a general e-Mail Address and made accessible to anyone in the team, enabling them to administer the Social Networks without compromising individual privacy.
Meanwhile, new password policy is also on cards. The policy will determine how long, the users must keep a password before they can change it. The Minimum Password Age will prevent a user from dodging the Password System by using a new password and then changing it back to the old one. To prevent this, a specific minimum age should be set, making sure that users are less prone to switching back to an old password, but are still able to change it in a reasonable amount of time.
