Defence sector and cyber threats

June 22, 2018 By Lt. General P.C. Katoch (Retd) Photo(s): By PIB
By Lt. General P.C. Katoch (Retd)
Former Director General of Information Systems, Indian Army


The Union Minister for Defence, Nirmala Sitharaman at the Workshop on Cyber Security Framework – 2018, in New Delhi on June 19, 2018. The Secretary (Defence Production), Dr. Ajay Kumar and the Joint Secretary and Chief Information Security Officer of DDP, Dr. Amit Sahai are also seen.

Addressing a workshop for formulating Cyber Security Framework on Jun 19, 2018, Defence Minister Sutharaman said that the defence sector is more prone to cyber threats and it was important to safeguard cyberspace with anticipation of possible attacks. The event was organized by the Department of Defence Production (DoPD) which is part of MoD. Sitharaman called establishing cells at various levels to handle cyber security related issues; workforce in accordance with the country's vision to become a dominant force in cyber space.

The Secretary, Defence Production said all defence public sector undertakings (DPSUs) and ordnance factories (OF) were increasingly relying on Information Technology, and any compromise in information and cyber security in defence production environment can have far reaching consequences on effectiveness of the defence forces and national security; stressing the need to establish a strong, robust and resilient cyber security infrastructure on priority basis. DoPD has reportedly issued a framework document for cyber security this year, and the workshop was organized to synchronized approach for cyber security based on frame work document. DoPD's framework document is in line with national policies and guidelines and provides a common mechanism for all organizations to describe their current cyber security posture and the target area; allowing prioritizing opportunities for improvement, and continuously assess the progress. DoPD's initiative is good albeit perhaps a decade and a half late but as they say der aaye, durust aaye. Yet it is the execution that matters.

Cyber attacks in India have been on the rise over the years, particularly against government sites; PMO, MEA, MHA, National Informatics Centre (NIC), DRDO, atomic installations, and military websites have all suffered hacking attacks periodically. Just before demonetization, as many as 32 lakh debit cards belonging to various Indian banks were compromised resulting in the loss of 1.3 crore, with one report indicating malware infected ATM of Yes Bank. According to the Toronto-based Munk Centre of International Studies, in one instance GhostNet (a Chinese network) had infiltrated networks of the Indian Government as well as of the Dalai Lama. Not that this is not happening world over, absolute cyber security being misnomer. Russia allegedly hacked the US presidential elections in Donald Trump's favour, including exposing some 60,000 e-mails of the Hillary Clinton campaign that were later released by WikiLeaks showing Hillary in poor light. We also face a situation where China is a cyber superpower adept in refined skills to undertake, cyber espionage and sabotage, and Pakistan is increasingly a beneficiary of China's cyber warfare capabilities because of the expanding China-Pakistan anti-India nexus. China has been consistently spying and stealing defence technology especially from the US. Few years back, five PLA officers were indicted in the US for cyber spying.

In the past too, China was accused of stealing technologies of the US F-16 Bomber, US Navy's quiet electric drive and US W-88 miniaturized nuke used in Trident missiles etc through cyber spying. Cyber spying and stealing of defence technology and trade secrets is a global phenomenon, and our defence establishments have been and will continue to remain the targets. Vulnerabilities to cyber attacks in India are no different from the rest of the world. However, despite our technological and knowledge prowess, we continue to import bulk hardware and critical software, telecommunication equipment, and have no facilities to check for malware and embedded vulnerabilities, and 'bot' infected computers are multiplying at alarming rate. Security of networks would include basic physical protection, partitioning and protecting network boundaries with firewalls, having workstation firewalls, basic host security to include port lockdown and minimizing running services and access control lists. Measures for controlling access to devices and systems should include user authentication for network devices, centralised authentication and methods and securing network data with encryption and authentication, secure access protocols and refining and instituting basic practices for network security. Absolute cyber security is a myth as security is a challenge to stay since it is dynamic and manifests into new forms. But we must be able to prevent cyber attacks and if these happen, contain them and effect swift recovery. Malware embedded in both software and hardware including at manufacturing stage can prove grave risks to national security. We must develop foolproof mechanisms to check our system for malware, a capability that is non-existent in the country today. Finally, there is no other way to defeat cyber attacks and ensure strategic defence other than building adequate deterrence through developing offensive cyber warfare capabilities.