India Insights with Geetha Nandikotkur

Protecting India's Government From Cyberattacks

What Essential Steps Still Need to Be Taken?
Protecting India's Government From Cyberattacks

India is seeing a surge in government website defacements and data leaks that apparently are tied to nation-states. But if key stakeholders from all sectors collaborate, using appropriate skills and technologies, they can fight off these threats.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Could the various attacks against the Indian government be a precursor to efforts to interfere with next year's elections? In a recent blog, entrepreneur Vinayak Dalmia, co-founder and CEO of Therapeople Medical Services Pvt. Ltd., warns that election machinery could be attacked, data stolen, information leaked and systems brought to a standstill.

Clearly, India needs a structured framework for security collaboration among all government and private sectors. An effective threat intelligence program would help detect vulnerabilities in the ecosystem. 

The most recent attack was on Sept. 11, when sensitive data of an undisclosed number of soldiers, including their personnel numbers and Permanent Account Number details, were leaked from government pay websites, prompting the Ministry of Defense to order a review of security protocols.

Government departments that have been repeatedly attacked include the Ministry of External Affairs, Indo Tibetan Border Police and the Defense Research and Development Organization.

India's Ministry of Defense was allegedly hacked this April, when it appears that Chinese hackers stole critical information (see: India's Ministry of Information Website Defaced).

Hackers have also targeted the Prime Minister's Office as well as PM Narendra Modi's app (NaMo), which has shared users' information without permission to a third party in the United States (see: More Indian Government Data Security Vulnerabilities Alleged).

In a recent blog, Praful Bakshi, defense and security analyst and former spokesperson for the Defense Ministry, said that last June, Pakistani hackers compromised a number of Indian websites, including National Aeronautics, Army Institute of Management and Technology, Army Institute of Management and the Board of Research in Nuclear Sciences. "This was in response to Indian hackers breaching Pakistani websites and just weeks later, reports surfaced of a massive leak which revealed secret details about India's Scorpene submarine fleet," he wrote.

In yet another incident, the Supreme Court of India's website was defaced in April. A group called "HighTech Brazil Hackteam" is suspected as being responsible, according to News18.

That same group apparently also compromised hundreds of websites around the world in 2013, including some in India, and those of South African satellite TV service TopTV, the Greek National Printing Office and many others, News18 reports.

What's the Game Plan?

The government plans a new tri-service agency for cyberwarfare. The Defense Cyber Agency will coordinate with the National Cyber Security Adviser, utilizing over 1,000 experts from the Army, Navy and Air Force.

The government is apparently quietly preparing for cyberwar. The National Technical Research organization, Defense Intelligence Agency, National Information Critical Infrastructure Protection Centre and ICERT are collaborating with the National Security Adviser and National Cybersecurity Coordination Center on the effort.

"We must prepare for next-generation warfare, which will be more and more technology-driven, more and more automated and robotized," says Ajay Kumar, defense secretary (see: Analysis: India's Artificial Intelligence Push).

IT Minister Ravi Shankar Prasad's initiative to drive AI's application in security, finance, manufacturing, commerce, voice recognition and transportation is worthwhile. But the effort could prove futile if it lacks a defined, concrete structure.

Recently, the PMO appointed a four-member panel headed by Ajay Sawhney, secretary of the Ministry of Electronics and Information Technology, to tackle cybersecurity concerns and define a framework.

Collaborative Security Framework

Clearly, India needs a structured framework for security collaboration among all government and private sectors. An effective threat intelligence program would help detect vulnerabilities in the ecosystem.

Golok Simli, CTO at the Ministry of External Affairs, tells Information Security Media Group that most government departments lack a full-fledged security posture.

"Security must be given prime importance. This happens only when security posture layers are built in the top layer of the hierarchy," Simli says. "Things are changing, but it will take time."

Today, stakeholders must define and implement security frameworks based on the way users work. Identifying appropriate role-based access controls strategy is most critical.

"It's time to review the entire governance and policies around data protection and privacy and reviews of policies and practices both internal and the third-party ecosystem that ride on their platform," says Rama Vedashree, CEO of DSCI. "It's also a reminder for global internet companies and government agencies of their responsibilities toward designing trustworthy platforms and apps, keeping users center-stage, and demonstrating by example how to win and retain user trust."



About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.