Indian
critical infrastructures and sensitive computer systems are
regularly targeted by crackers. In many cases they are also
successfully compromised and in many cases their compromise is also
not known for a considerable period of time.
This has happened in the past and it would happen in
the future as well. Although there is no absolute mechanism to ensure
their security yet we must develop offensive
and defensive cyber security capabilities of India.
There are many glaring
cyber security problems of India that must be addressed on a
priority basis. We must formulate the cyber
security policy of India as soon as possible. Similarly, we must
also ensure cyber
security skills and capabilities development in India. In short,
Indian
cyber security problems, issues and challenges management must be
properly appreciated and adequately taken care of.
In a recent media report, it has been alleged that a
successful Chinese cracking attack has caused one of the biggest
security breaches in India. The cyber security breach has compromised
systems of hundreds of key DRDO and other security officials. The
breach has also resulted in leakage of sensitive files related to the
cabinet committee on security (CCS), the highest decision-making body
for security issues of the government of India.
The leak was detected in the first week of March as
officials from India’s technical intelligence wing, National
Technical Research Organisation (NTRO), working with private Indian
cyber security experts cracked open a file called “army cyber
policy”. The file had been attached to hacked email accounts of
senior DRDO officials that quickly spread through the system in a
matter of seconds.
As Indian security experts began to track its origin
they discovered, for the first time, that all the sensitive files
stolen from the infected systems were being uploaded on a server in
the Guangdong province of China.
On further and detailed probe of the breach, it was discovered that thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.
The intelligence officials also discovered documents
of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU
which manufactures strategic missiles and components. Some other
recovered files were related to price negotiations with MBDA, a
French missile manufacturing company.
At Perry4Law
and Perry4Law’s
techno Legal Base (PTLB) we believe that this clearly is a cyber
security lapse and cyber security due diligence failure on the part
of organisations and computers involved. Let us hope that Indian
government would learn lessons from this episode and plug in the
loopholes existing in the security of these systems.
Source: CECSRDI.