Let's Build a Responsible Cyber Society




Information Security for IPL games

In what must be considered as an alarming development, it is reported that some computers have been stolen from the custody of the Joint Commissioner of Police in Delhi who was in charge of the security of the next year’s Common wealth Games.

While at first glance this appears to be a simple theft case not worth a second glance, the situation appears far more serious since the said computers appear to have contained security plans for the Games. If this information falls into the hands of the terrorists then it may be used to launch a terrorist attack on the Games.

In the light of recent attack against Sri Lankan cricketers, the threat to sportsmen needs to be taken very seriously.

We may point out that the custodians of these computers did not perhaps appreciate a “Security Risk” in the loss of comptuers. So they might not have encrypted the data. The persons who access the comptuer may not only get all the details contained there in, they may also get some passwords of some of the officials who may continue to use them when new comptuers are supplied to them.

There is therefore a need for a proper assessment of the potential damage that the breach might have caused and adequate precautions are taken to ensure that new security plans are developed which render the lost information useless.

While this incident may be salvaged since there is some more time for the event, the information security agencies must now focus on the IPL (Indian Premier League which is a major international cricket tournament starting next month) where also security has become the focus. There must be some computer or computers in which details of where the team members are staying , how they travel etc are being stored.  Now we must recognize that these systems become “Critical Infrastructure Systems” whose security may be of interest to the nation.

The Government may therefore consider declaring the designated comptuer with IPL where the security sensitive information is stored as “Protected System” under Section 70 of ITA 2000 and prescribe appropriate security measures.  While such notification is made, Government can prescribe the manner in which information in that system is accessed and impose security measures including encryption of the data etc.

We hope Mr Lalit Modi will consider this as top priority and an obligation to the country. The Home Minister may in consultation with CERT and other Information Security experts order an immediate audit of information security and initiate further steps to prevent the recurrence of the Delhi incident.


March 10, 2009