Since this was not the first of its kind and given the media attention that such incidents attract, the data theft case proved to be a huge blow to the Indian BPO industry and it lost several business opportunities during the period. Also, recently we had the Naval war room case where senior officers were implicated of espionage and passing vital national security information. The officers had apparently used thumb/ pen (USB) drives to extract information from the computers on the classified networks. Both, the BPO and the War Room case highlighted the ease with which employees could access vital information and pass it on to the wrong hands.
In the absence of adequate information security safeguards, and advancements in technology making dissemination and distribution of information easier, protection of vital information constitutes a major challenge.
Information security installations
In India, we have not had a case of a surreptitious programmer masquerading a malicious code, a virus or a worm programme on the Internet. In the past, destructive viruses, such as the Lovebug, Nimda Worm and the Code Red resulted in widespread disruption of the World Wide Web (WWW) and other networks connected to the Internet. Web based companies suffered huge economic losses due to these viruses. Some of the perpetrators were identified and charged under the Computer Fraud and Abuse Act while others were too clever to be nabbed.
In response to the threat and growing awareness, organizations are looking at information security (INFOSEC) more seriously than ever before and implementing appropriate strategies. These include the implementation of INFOSEC technologies, such as Firewalls, Biometrics, Intrusion Detection Systems (IDS), anti-virus programs, logging mechanisms etc. Technology is further strengthened when INFOSEC practices and policies are put in place.
Several companies are adopting the BS 779, ISO 17799 or similar information security mechanism which are standardized security policies and standards procedures. Organizations are chalking out stringent information security practices for employees, and employing dedicated security professionals to enforce these. Finally, it is very important to have up-to-date legislation. While we have the IT Act catering to information security, there are several loopholes and lacunae in the act that need to be plugged. As technology is rapidly changing, legislation must keep pace in order to punish those who breach security.
Training and coordination to meet Information Security needs
At a larger level, as far as national security is concerned, training and coordination is the key to achieve information security. There is a need for making conscious effort, maybe on the lines of what the US has done, in identifying critical information infrastructure and carrying out vulnerability assessment/s. Thereafter, suitable agencies need to be trained and tasked with relevant mandates.