PANAJI
Even as a nationwide cyber threat advisory has been issued in the wake of rising Indo-Pak digital hostilities, most of Goa’s government websites continue to remain exposed to cyber threats with no basic security protocols in place and overdue for compulsory audits.
More than 70 per cent of 62 departmental websites including those of the Goa Police, Goa University and the Directorate of Accounts among others, are still considered non-secured -- an alarming lapse flagged internally for nearly a year.
A statewide directive was issued this week by the Department of Information Technology, urging all departments to immediately undertake a security audit. But for now, the vast majority of official digital infrastructure remains vulnerable.
According to official records reviewed by The Goan, 45 websites have not had their mandatory security audits renewed for over 10 months, while another 17 departments had initiated the renewal process more than a year ago and the completion is still a distant dream.
Many of these websites are not even equipped with SSL (Secure Socket Layer), an encryption standard that protects online communication through authentication and data integrity.
Last week, the website of the Department of Women and Child Development was allegedly hacked, replacing departmental information with casino advertisements. The website has since been restored, but despite assurance from Minister Vishwajit Rane that a police complaint would be filed, Goa Police or the Cyber Cell are yet to receive any complaint so far. "We cannot act unless there is a formal complaint regarding breach or related offense," a police official said.
The breach was not an isolated case. The Electricity Department’s website was also hacked last year and several others including Commercial Taxes, Economic Development Corporation and even the Goa Police website itself, are without SSL certification or renewed security audits.
“A review with the IT Department took place last May to ensure cyber security infrastructure upgrades of Goa Police website. But nothing has moved since,” a Cyber Crime Cell official said.
Educational institutions such as Goa University and various government colleges in Pernem, Margao, and Sanquelim are also among the unsecured domains.
Ironically, amidst these vulnerabilities, the IT Department has directed departments to implement eight cybersecurity measures, including geo-blocking of inbound and outbound traffic to and from Pakistan and other “high-risk” countries.
“Conduct a comprehensive security audit of all websites, applications, and critical systems through CERT-In empanelled auditors Goa Electronics Limited, State-designated agency shall coordinate with the departments and ensure regulatory compliances for government websites deployed by it,” the advisory further reads.
It designated Goa Electronics Limited (GEL) as the coordinating agency to ensure regulatory compliance for state websites and portals. However, several department officials told The Goan they have not received further guidance from GEL.
