Cyber security tips for external affairs ministry officials

By Devirupa Mitra, IANS,

New Delhi : An e-mail is not just a digital message, it is a potential spying instrument – this, and other lessons are being drilled into the minds of officials of ministry of external affairs (MEA) through a series of internal workshops that started last month.

Support TwoCircles

It was in late 2008 that the attacks against the MEA’s computer network were first detected – most of them were tracked to Chengdu in China, which led to an overhaul of the hardware and the establishment of a unified threat management system, with multiple layers of firewalls.

A recent report by American and Canadian researchers found that China-based hackers had penetrated and retrieved information from computers of India’s ministry of defence and other defence-related installations. It also said that several Indian embassies abroad had also been targeted.

While the South Block headquarters of MEA did not figure in the report, officials said that the ministry was still waging a daily cyber war.

“Since we are monitoring the system all the time, we notice that there are almost daily efforts to try and find holes in the system. So far, we think they have been unsuccessful,” said an official, who deals with network security in the government.

It has since been realized that the weakest link in combating cyber attacks was not the hardware, but the bureaucrats sitting in front of the 600-odd computers in the Lutyen-designed colonial building.

So, from last month, the MEA’s e-governance and information technology division began a “sensitization” process.

The first batch consisted of lower division and upper division clerks, followed by personal secretaries. The last batch consisted under secretaries, with more senior officials to be called for these classes in the coming days.

To drive home the message, live demonstrations of potentially hazardous practices were shown – for example, a “suspicious” mail was sent to an inbox, which contained a link to another site which asked for the user’s password.

“We were told not to click on any strange mails with attachments or outside links,” said an official, who attended the workshop.

“There were reminders to take basic steps like changing password for the official mail on a monthly basis,” added another official.

The officials were also told how to read the “header” of such suspicious mails, so that by checking their Internet Protocol (IP) addresses, the geographical location of the sender can be tracked. “Of course, if the sender was from certain countries, then the mail had to be carefully handled,” he said.

The cyber experts strictly told the ministry officials not to send attachments, especially of Microsoft word documents and Adobe PDF files, with their e-mails. “As far as possible, all the contents should be part of the main body of the mail,” he said.

Most ministry employees are provided with two computers – one which is internet-enabled, and the other which is a stand-alone device, with no network links.

“The problem arises, when we want to send an encrypted mail. Since the encryption software is in the stand-alone computer, we have to transfer data using pen drives which makes the other computer vulnerable to infection,” he said.

The ministry is considering installing another operating system, like Linux in the stand-alone computers. “We know that trojans or viruses may be targeting windows, but these become totally inoperative when introduced in another operating system based on Linux,” said the official.