Newdelhi:21/7/17:Minister of Railways Shri Suresh Prabhakar Prabhu inaugurated Round Table Conference on “Ensuring Cyber Security on Indian Railways”. Chairman, Railway Board, Shri A. K. Mital and other Railway Board Members and senior officials were also present on the occasion.
Speaking on the occasion, Minister of Railways Shri Suresh Prabhakar Prabhu said that Indian Railways is striding ahead on its mission of transformation. A lot of upgradation, modernisation & maintenance of Railways has been taken up in last three years & these processes involve use of technologies. Indian Railways has recently launched Rail Cloud Server, Rail Saarthi App, work for developing E.R.P. is also underway. With the exhaustive use of technologies, there are high chances of vulnerability. Indian Railways keeps conducting audits to ensure safety checks. Cyber Security is one of the top priorities. Therefore, idea of this roundtable is to bring all stakeholders on one platform to ensure that these discussions becomes effective results for cyber security.
During the discussions, ideas were exchanged on Cyber threats, Security incidents and Advanced solutions. The discussions helped in understanding the issues involved and create better awareness among all stakeholders. It also helped to provide effective solutions to deal with the Cyber Security threats to IT Systems on Indian Railways.
Computerisation on Indian Railways started about 3 decades ago and major activities like Ticketing, Freight operations, Train operations and Asset management now rely heavily on IT Systems. Cyber Security on Indian Railway has now been identified as the focus area. Auditing of IT Systems by Standardisation Testing and Quality Certification (STQC) and close coordination with CERT-In are some of the steps taken by Indian railways.
Cyber Security measures must be implemented as per acceptable standards in the IT industry. This would entail creating best practices for protection of key infrastructure from cyber attacks, an emergency response system to cyber-attacks to reduce the application’s vulnerability to such threats, formulation of the policy / mechanism for ensuring adequate measures in the main areas of the Mission Critical IT application’s security, such as Access control, Confidentiality – denial of access to unauthorized person, pen / flash drives etc., Data loss / theft, Integrity – protection against unauthorized changes, Authentication – establishing the identity of actual user among other things.
In an increasingly digitized mode of working, there are many such applications that are accessed through personal devices like the mobile phone. Security features of such applications need to be strengthened. Apart from this,