Lack of security measures led to cyber attack on PDD Data Centre

Most of servers don’t have firewalls; AMC expired in 2018

No timeframe for restoration of online services

Mohinder Verma
JAMMU, July 12: Shocking it may sound but it is a fact that the recent cyber attack on the Data Centre of the Power Development Department at Bemina in Srinagar was the outcome of the non-availability of sufficient security measures for its servers. Moreover, the Data Centre is being operated without Annual Maintenance Contract (AMC) during the past nearly two years.
All this has come to the fore during the initial investigation carried out by the Cyber Police Srinagar into the hacking of the Data Centre of the Power Development Department which took place in the wee hours of June 24, 2020.
“During the initial investigation carried out by the Cyber Police Srinagar it has come to the fore that the Power Development Department had purchased computers and other allied material for its Data Centre at Srinagar from different companies and during the past quite long time there is no dedicated service provider for its Data Centre”, sources in the Cyber Police told EXCELSIOR.
In blatant violation of the cyber protocol, almost all the servers of the Data Centre were found lacking firewalls, which otherwise are imperative to ensure security of the computer system and data, sources further said, adding “it is unimaginable as to how this major aspect of computer security system can be completely ignored by the concerned authorities of the department”.
Had there been firewalls in the servers, the hackers would not have been succeeded in carrying out attack on the Data Centre so easily, they further said, adding “it has also been noticed that the Data Centre is being operated by the Power Development Department without any Annual Maintenance Contract (AMC) which otherwise is must to maintain the high efficiency of Data Centre and ensure maximum security.
Soon after its commissioning in 2013, the Data Centre was brought under AMC and a reputed Information Technology company was given the contract for five years. The contract, as per sources, expired in 2018 and since then the contract was neither extended nor given to any other company, which is not less than a major lapse on the part of the concerned authorities.
It is pertinent to mention here that through the Annual Maintenance Contract all software, hardware, security updates are properly checked in order to make the system less vulnerable.
“We are still conducting the investigation and have told the Power Development Department to ensure that severs which got compromised due to cyber attack are scanned in the presence of our experts”, Cyber Police sources said, adding “we are hopeful of concluding the investigation in shortest possible time”.
Meanwhile, the Power Development Department has engaged Wipro Infotech for scanning of all its 103 servers—57 in Kashmir and 46 in Jammu. However, no time-frame can be specified at present for completion of this exercise and resumption of services of Data Centre.
“The teams of Wipro Infotech have conveyed that they will take at least two weeks to complete the scanning process and thereafter we will talk to some more IT experts before going ahead with the operation of servers”, said Aijaz Ahmed Dar, Chief Engineer of Power Development Department Srinagar, who is also Nodal Officer for the Data Centre.
In response to a question, he said that the servers, which started behaving abnormally soon after the cyber attack will be scanned at the later stage and in the presence of experts of Cyber Police.
“The online services of the department will remain suspended till the functioning of the Data Centre is resumed”, he said, adding “the department will face difficulties in generating bills of only five lakh consumers as their data is exclusively available in the servers of the Data Centre”
The bills of other 15 lakh consumers will be prepared by the department by adopting different methods so that neither such consumers nor the department face any difficulty, the Chief Engineer further said, adding “we want to go strictly as per the cyber protocol so that our system is protected completely and no such incident takes place in future”.
In response to a question regarding Annual Maintenance Contract, he said, “the department is working on this direction and shortly necessary steps will be taken”. He, however, refused to speak much on the issue.