Safety cover for Delhi airport: 8 key systems notified as ‘protected’

In a significant move to boost the security of India’s Capital, the Ministry of Electronics and Information Technology has declared the computer resources of Delhi International Airport Ltd (DIAL) as “Protected Systems” under the Information Technology Act, 2000.

An official notification, published on Wednesday, designates several key airport operational systems as critical information infrastructure, making any unauthorised access a serious offence.

The eight systems now under enhanced protection include vital functions such as airfield ground lighting, airport operation control centre, access control system, baggage handling systems, CCTV monitoring network, airport operation database, common use terminal equipment and the master clock system.

This decision is a proactive measure to safeguard the airport from cyber threats and ensure the uninterrupted flow of services, said sources. They said, “To enforce this, the government has strictly defined who can access these sensitive systems, limiting access to designated DIAL employees, authorised contractual vendors and specific government or regulatory personnel on a case-by-case basis.”

By placing these critical digital systems under a protected status, the government is taking a firm stance against potential cyber attacks, ensuring the safety and security of passengers and the operational integrity of one of the nation’s most crucial transportation hubs.

The notification says only the following can access protected systems - designated employee of DIAL authorised in writing; any member of the contractual managed service provider or third party vendor who have been authorised in writing by DIAL for need-based access and any consultant, regulator, government official, auditor or stakeholder authorised in writing by DIAL on a case-to-case basis.

Violation can invite up to 10-yr jail, fine

The notification has been issued under Section 70 of the Information Technology (IT) Act, 2000, which deals with protected systems. The Section empowers the Centre to declare any computer resource that impacts critical information infrastructure as a protected system. The declaration is made through a notification in the official gazette. The Section outlines penalties for unauthorised access to such protected systems. Unauthorised access to a protected system is a punishable offence, with imprisonment up to 10 years and a fine.