Delhi Government to Conduct Comprehensive Cybersecurity Audit of Its IT System

Mar 10 / Nayanika
In a proactive move to identify vulnerabilities and plug potential loopholes that may lead to security breaches and data theft, the Delhi government has announced a comprehensive cybersecurity audit of its Information Technology (IT) systems. A CERT-in (Indian Computer Emergency Response Team) empanelled agency will soon be engaged to conduct the audit and establish a robust firewall to prevent cyber attacks over the next three years.
With the Delhi government shifting to a fully online system for most public services, including an electronic filing system for day-to-day paperless operations, and dedicated portals for public dealings, digitizing all government records and public databases has become crucial. However, this shift has also increased the risk of cyber threats, particularly through hypertext transfer protocols (HTTPS), which have become the easiest path for cyber attackers to intrude on networks.

"The in-house and outsourced applications often prioritize speedy development and convenience over security, leading to vulnerabilities such as authentication bypass, SQL injection, and cross-site scripting," said an official.

The IT department of the Delhi government has invited bids from eligible vendors to conduct the audit. The project will involve preparing an audit report detailing all discovered vulnerabilities categorized as critical, high, medium, and low severity. The security audit report for any website or application will be made available within 10 working days from the date the request is formally communicated by the department.

The selected agency will also submit a comprehensive report after addressing the vulnerabilities and will issue a 'safe to host' certificate once all identified vulnerabilities are resolved and validated according to the security audit requirements. Follow-up tests will ensure that all originally identified vulnerabilities are fixed.

Additionally, the security audit will evaluate the effectiveness of existing security controls in departments, local bodies, and corporations under the Delhi government. The audit report will provide remedial advice for identified vulnerabilities along with detailed explanations and resolutions.
Officials noted that the Delhi government departments, boards, corporations, and agencies collectively have nearly 180 websites, which were redesigned nearly two years ago to improve access speed, load time, and user experience.

Read more: Link
Created with