No using unapproved AI tools for official work: Modi government
What's the story
In a bid to bolster cyber security, the Indian government has issued internal directives urging its departments to steer clear of unapproved external artificial intelligence (AI) platforms. The move comes in the wake of an advisory from the Indian Computer Emergency Response Team (CERT-In), which flagged new cyber risks posed by advanced AI models. The advisory also recommended strengthening cybersecurity measures across government organizations.
Directive
Internal communication highlights measures
Internal communications accessed by Moneycontrol show that government offices have been directed to limit the use of unapproved external AI tools for processing official data. The directive also calls for a wider range of cyber security measures. It clearly states, "Restriction on use of unapproved external AI platforms/tools for processing or sharing official/confidential/sensitive data." However, it stops short of a complete ban on generative AI services in government work.
Cyber threat
CERT-In's advisory on advanced AI threats
The advisory from CERT-In comes amid the rise of advanced AI models like Claude Mythos, which can automate complex cyber attacks. These capabilities, according to CERT-In, could drastically reduce the time available to fix system vulnerabilities. The agency has advised organizations to patch critical vulnerabilities within 12-24 hours in light of this development.
Security enhancements
Comprehensive measures for enhanced cybersecurity
Along with restricting external AI platforms, the internal communication also urges government organizations to strengthen multi-factor authentication for critical systems, install security patches, conduct regular vulnerability assessments and audits. It also stresses on monitoring internet-facing infrastructure and maintaining secure offline backups. The communication further asks organizations to report cyber security incidents to CERT-In as per existing protocols, and appoint nodal officers for overseeing cybersecurity preparedness and compliance.