The Indian government has launched a Cyber Swachhata Kendra (CSK; Cyber cleanliness Centre) website, offering free security tools for mobile and desktop devices. This appears to be a response to rising cybersecurity concerns, as the Indian government continues its push towards digital transactions and a cashless economy.
Described as Botnet Cleaning and Malware Analysis Centre, CSK is a part of the Government of India's Digital India initiative under the Ministry of Electronics and Information Technology’s (MeitY) and is operated by Indian Computer Emergency Response Team (CERT-In). The pilot project for CSK was initiated in December 2015.
It has been set up for analysing BOTs/malware characteristics and providing cybersecurity advice to citizens, helping them to remove malware from their devices. In addition, CSK aims strive to create awareness among citizens regarding cybersecurity hygiene so that they can secure their computers, mobile phones and home routers and protect their data. The website shares security best practices from CERT-In for desktop, broadband and mobile security and offers tips on avoiding phishing attacks. The website also provides alerts on the latest cybersecurity threats.
According to news reports, at the launch of the website the Minister of Electronics and Information Technology said that by the end of 2017, the IT ministry will come up with a new architecture that will allow it to work with state governments and sectoral CERTs under CERT-in to maintain stricter vigil on the country’s digital ecosystem.
Security tools available for free download
Tools available include:
1) Bot Removal Tool from an Indian IT security company, Quick Heal, for detecting and removing any botnet infection from computers (the download page also shows a free mobile security app fromQuick Heal, offered in collaboration with CERT-In and MeitY and available for download from Google Play)
2) USB Pratirodh, a desktop security solution, which controls the usage of removable storage media like pen drives, external hard drives, cell phones, and other supported USB mass storage devices
3) AppSamvid, a desktop based Application Whitelisting solution for Windows operating system, which allows only pre-approved set of executable files for execution
4) M-Kavach (for Mobile devices), a comprehensive mobile device security solution for Android devices addressing threats related to malware that steal personal data & credentials, misuse of Wi-Fi and Bluetooth resources, lost or stolen mobile devices, spam SMSs, premium-rate SMS and unwanted / unsolicited incoming calls.
5) Browser JSGuard, a browser extension which detects and defends malicious HTML & JavaScript attacks, based on Heuristics, alerts the user on visiting any malicious web pages and provides detailed analysis threat report of the web page
With the exception of the bot removal tool, the rest have been developed by the Centre for Development of Advanced Computing (C-DAC), the R&D organization under MeitY for carrying out research in IT, Electronics and associated areas.
Privacy issues
The ‘Why have I Reached this page?’ section on the homepage indicates that users would be directed to the CSK website or advised to visit it, if their computer / system / device is probably infected with malware. On the FAQs page, a section is dedicated to allaying privacy concerns. It states that CSK does not monitor or scan or collect any personal information of individuals related to their online browsing or data stored in their devices. However, Cyber security companies, Law Enforcement agencies and Computer Emergency Response Teams analyse or investigate malicious servers and trace connections from IP addresses. Once CSK has the information, it notifies the Internet Service Provider (ISP) about the issue and advises them to send a message to the owner of the potentially infected system.
