Hacking of Government Meeting Raises Security ConcernsWhat Must India Do to Beef Up Its Cyber Defenses?
In the aftermath of the hacking of a secret Indian government meeting, some security experts are calling on the nation to ramp up its defenses against cyberattacks.
Chinese hackers are suspected of recently hacking into an Indian government network, intruding into a secret government meeting that involved a video chat via satellite, according to a report by The New Indian Express. The hackers controlled the video link for several minutes before a counter-offensive was launched to neutralize it, the report states.
Government sources aware of the development informed Information Security Media Group that the attack took place three weeks ago. The IP address of the link has been traced back to China by a cyber patrolling team, one source says.
It's unclear whether a state actor or an independent gang of cybercriminals was responsible for the attack, the source says.
Commenting on India's vulnerability, Dinesh O. Bareja, COO at Open Security Alliance, says: "I have always maintained that the structure for national cybersecurity needs greater attention and thought. We seem to be blindly led by the thought that whatever is done in the West is gospel."
He says the nation is having a tough time keeping up with the evolving cyber threats posed by nation-states and others.
The Indian government recently asked smartphone manufacturers, mostly based in China, to outline their procedures and processes to ensure the security and privacy of users' data.
Also, the Indian government is now leveraging domestically developed security solutions to protect telecom networks.
Over the past decade or so, the Chinese People's Liberation Army, or PLA, apparently has made significant strides in using information technologies to support its military objectives.
Training for cyberattack operations is of primary importance to the PLA, some Indian security experts claim. According to reports available online, PLA's cyber warfare training centers are the Communications Command Academy in Wuhan, the Information Engineering University in Zhengzhou, the Science and Engineering University, and the National Defense Science and Technology University in Changsha.
Building Right Cyber Defenses
In contrast, India has only recently realized the importance of a cyber warfare strategy. The government plans to devise a cyber defense unit to defend its networks, but an official announcement has yet to be made.
"Merely creating cybersecurity agencies every year won't work," says one Indian security practitioner, who asked not to be named. "We have started training our defense staff, but the maturity is yet to be achieved."
The government, too, is aware of this. "Security threats are becoming more organized and targeted, and state and non-state actors are reaping benefits of data compromises. The departments handling these websites and even our security architecture are not ready to effectively counter targeted attacks," an unnamed government official told the New Indian Express.
Meanwhile, the Ministry of Electronics & Information Technology has directed government agencies to prepare detailed contingency plans for dealing with crises arising out of cyberattacks and hire auditors to review infrastructure, web applications and websites.
"I haven't come across any effective investment either on offensive or defensive cybersecurity by the Indian establishment," says Rakshit Tandon, director at the Council of Information Security. "There are big announcements regularly but nothing concrete emerges out of them."
Rakesh Goyal, director-general at Centre for Research and Prevention of Computer Crimes, notes: "India lacks a comprehensive and dynamic cyber defense and offense doctrine, strategy and capabilities. We need a dedicated ministry for cyber security but not on bureaucratic lines."
A strong capacity-building program is necessary to develop cyber warriors, says C.N. Shashidhar, founder at SecurIT Consultancy. "Also, offensive capabilities need to be significantly enhanced so that when attribution for an attack takes place, a counter attack can be launched and the attackers' critical assets can be destroyed or degraded."
Some security practitioners contend that a new agency should be created as a unified cyber command directing all cyber offensive and defensive capabilities of the government.
"This will inevitably involve turf wars, as around 50 different agencies are handling cyber issues now," Shashidhar says. "But a strong political will and clear roadmap should be put in place to achieve a unified cyber command."