India was aware of hacking threat
NEW DELHI: Last week, Indian cyber security officials were in Toronto to meet the researchers from Munk School of Global Affairs whose year-long project, `Shadows in the Cloud', tracked cyber espionage attempts against computers and servers in some 31 countries, but overwhelmingly in India, including the national security and defence establishments. Other "entities of interest", according to the report, included private sector servers like The Times of India.
Over the past few months, after the first reports of a China-based network of cyber spies emerged, Indian officials in key departments have been on a silent overdrive to stop the attacks and monitor servers.
To this extent, sources told TOI they had even placed "ploys" on different servers that were being targeted, as bait to entice cyber warriors to track them to their source.
Sachin Pilot, minister of state for IT and telecommunications, said, "We need to be extra vigilant about cyber terrorism, because this can inflict attacks of an assymetric nature, and is therefore that much more dangerous." Pilot has been tracking cyber espionage and has even been in touch with the Canadian researchers. He observed that government systems had not been compromised.
Cert-IN, the official emergency response unit of the government, has suggested counter-measures to guard against such espionage. Pilot said new products were getting introduced regularly and software not tested properly contained zero-day vulnerabilities.
In fact, Indian agencies have been on alert for some time now, and their preventive actions have been reasonably successful. The national security establishment, defence and intelligence agencies follow a complex, multi-layered system to avoid access to their information. Officials said the really classified stuff was not on open networks at all.
However, other parts of the government, for instance, the finance ministry, have been compromised according to sources familiar with developments, because their security may be that much more lax.
A quiet effort is underway to set up defensive mechanisms, but cyber warfare is yet to become a big component of India's security doctrine. Dedicated teams of officials, all underpaid of course, are involved in a daily deflection of attacks. But the real gap in the Indian system is that a retaliatory offensive system has not yet been created to counter them. And it's not difficult, said sources. Chinese networks are very porous, and India is an acknowledged IT giant.
During M K Narayanan's tenure as national security advisor, the NSC had developed a comprehensive cyber security policy, but this was never implemented.
|