India is facing serious cyber threats some from other nations while some from within the nation. Some of the very crucial aspects of cyber security are missing in India. For instance, we have no implementable cyber security policy in India.
Similarly, we have no cyber security best practices in India and an inadequate cyber security infrastructure in India. Even the law enforcement and intelligence agencies of India are not following cyber security best practices. Both cyber security awareness in India and cyber law awareness in India are also not upto the mark.
Recently, the computer systems of DRDO and security officials were breached. Further, Kochi metro rail corporation’s website was cracked and compromised. The companies and banks in India are not reporting cyber attacks, cyber crimes and cyber frauds. In these circumstances, the Indian government is planning a legislation mandating strict cyber security disclosure norms in India. The regulations and guidelines for effective investigation of cyber crimes in India may also be formulated very soon.
It is obvious that India is facing many cyber security problems and sophisticated attacks upon the critical infrastructure of India. We have to analyse the cyber security problems and issues in India and management its challenges. We have also to establish the offensive and defensive cyber security capabilities of India.
In these circumstances, the allegations by the department of electronics and information technology (DeitY) that national technical research organisation (NTRO), India’s technical intelligence gathering agency, cracked into national informatics center (NIC) network came as a surprise.
To substantiate its claim, DeitY has cited a report prepared by its operations division, the Indian Computer Emergency Response Team (I-CERT), listing specific instances when NTRO reportedly hacked into NIC infrastructure and extracted sensitive data connected to various ministries.
Obviously, NTRO has refuted these claims. It is also learnt that NIC refused to give relevant logs to NTRO to conduct penetrative testing. NIC provides internet connectivity to all ministries and its NICNET has institutional linkages with the central government, state governments and union territories. All government officials have email IDs issued by NIC.
The National Security Advisor, Shivshankar Menon, was also informed about this fact in February this year. The IB and R&AW are reported to have told the government that NTRO’s role should be downgraded to that of a service provider. We would report more on this issue soon.