IT Security management from public sector perspective

Abstract

Recognizing the importance of the internet, Government is employing e-government to improve delivery of public services to the public. But, this high reliance on the internet has also exposed public sector to great risks, hence the importance of Information security management. Attacks no longer are confined to the private sector or Public sector departments but have become more advanced and target focused. They extend to the supply chain that keeps the public sector in business – ‘utilities, telecoms, banks – and the critical national infrastructure supporting that supply chain’ 1 . Digitization of government bodies led to far bigger tasks of protection and privacy than the private sector. The reason is simple, government organizations are interconnected and handles the vast amount of confidential personal data. Having access to such data also exposes it to cyber security crimes. It is not just large-scale cyber-attack that possess threat but the large volume of small scale IT frauds and exploitation of loopholes in the public sector departments. Thus, the Public sector must include a devoted Department for cyber-security, IT security management to counter the cyber-threat being faced by the Public sector. Awareness needs to be raised, and more importantly government needs to step up to curb such crimes. Unless a proper system is put in place to overcome the challenges, dream of digital India can’t be realized. In our research, we have focused on the Oil industry, to recognize the nature of cyber threat faced by Oil industry and measures employed by industry leaders in IT security. The Oil Company we chose to understand the It security management in the Public sector is ‘Indian Oil Corporation Ltd.’ The most vulnerable infrastructure in the Oil industry is the Industrial control systems (ICs) and Operational Technologies (OTs), as they are responsible for the efficient, reliable & safe processing of the extraction, refinement, and distribution of huge volume of fuel. So, to protect such critical infrastructure of the industry all over the globe, officials have been upgrading IT systems to build better defense mechanism to cyber-attacks, for example, firewalls, antivirus, intrusion-detection & prevention systems are being employed. It shows the importance given to IT security management in the industry but, what’s more, alarming is the fact that these measures still fall short on delivering, i.e., protecting ICs & OTs from potential intrusion.