In recent reports, the NHAI, NHIDCL, and its other branches have been alerted by the Ministry of Road Transport and Highways to tighten their IT security measures as a result of the cyber threats of probable cyberattacks targeted at the Indian transport division.

CERT-In implicates threat to NHAI and other organizations:

The Indian Computer Emergency Response Team (CERT-IN) had reportedly notified the Indian Ministry of Road Transport and Highways of the possibility of potential cyber-attacks.

“The Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards Indian Transport sector with possible malicious intentions. The Ministry has advised departments and organizations under the transport sector to strengthen the security posture of their infrastructure,” the Ministry issued in a statement.

Crucial cybersecurity measures:

Due to the potential threat that these cyberattacks could pose to the NHAI and other agencies, multiple Transport agencies and Automobile manufacturers have been instructed to carry out security audits of all the internal networks and IT systems. These include agencies like the NIC, National Highways Authority of India (NHAI), National Highways and Infrastructure Development Corporation (NHIDCL), Indian Road Congress (IRC), Indian Academy of Highway Engineers (IAHE), State PWDs, and several other Testing agencies and Automobile manufacturers.

Also read,

Security audits and critical monitoring of all IT and network systems, especially the ones that are directly linked to the official and large-scale institutions should be conducted on a regular basis as well as properly implemented cybersecurity measures that have been emphasized by the Road Transport and Highways Ministry should be followed.

The Ministry has also notified that security and network audit reports should be submitted to the Ministry as well for a detailed analysis. 

Previous cyberattack on NHAI:

Back in June 2020, NHAI had also reported a security attack impacting the agency’s email server however, a prompt reaction against the cyberattack led to inconsequential data loss, as is stated by the agency. The servers, however, had to be temporarily taken down.