Cyber Attacks in India and Institutional arrangements for Cybersecurity

Synopsis: India’s Critical Infrastructure is vulnerable to Cyberattacks from foreign countries. India needs to upgrade its Institutional arrangements for Cybersecurity.

Background

• Recently, The New York Times reported that China is threatening India through Cyber-attacks.
• It raised the possibility that the power outage in Mumbai (on October 13 2020) could have been an attack by a Chinese state-sponsored group.
• In the same direction, Maharashtra’s Home Minister acknowledged a report by the Maharashtra Cyber Cell. The report showed that the grid failure was potentially the result of “cyber sabotage”.
• However, Power ministry contended that the grid failure was not linked to any cybersecurity incident.

Has India been affected by Chinese state-sponsored Cyber security attacks in the past?

India has been attacked by suspected Chinese state-sponsored groups multiple times in the past. For example,

• In 2009, GhostNet (cyber-espionage network) extensively targeted Indian entities. These entities included military establishments, news publications, and even the National Security Council Secretariat.
  • • After the attack, the Shadow Network investigation by researchers found clear evidence that confidential documents accessed by the attackers.
• Suckfly attack, targeted government and private entities including a firm that provided tech support to the National Stock Exchange.
• Dtrack attack in2019, it first targeted Indian banks, and later the Kudankulam nuclear power plant (Tamil Nadu).
• India also faced an attack from Stuxnet, which had hampered the functioning of nuclear reactors in Iran.
• Apart from state-sponsored Cyber-attacks, there are enough evidence to show that the Chinese are also helping them to dismantle the infrastructure behind some of these attacks.
• More fearfully, WikiLeaks has shown that groups such as the Central Intelligence Agency’s UMBRAGE project have advanced capabilities of ‘false flag attacks. (ability to make other nations responsible for cybersecurity attacks with false proofs)

What are the Institutional arrangements in India related to cybersecurity?

Over the past two decades, India has made a significant effort for providing cyber security, some of them are

• One, Cyber security is given high priority by including cyber portfolios in PMO (Prime Minister’s Office). For example, the National Security Council, chaired by the National Security Adviser.
  • • The NSA also chairs the National Information Board, the apex body for cross-ministry coordination on cybersecurity policymaking.
• Two, Establishment of National Critical Information Infrastructure Protection Centre under the NTRO. It protects critical information infrastructure,
• Three, in 2015, the Prime Minister established the office of the National Cyber Security Coordinator. It advises the Prime Minister on strategic cybersecurity issues.
• Four, the Computer Emergency Response Team (CERT-In), is the nodal agency. It responds to various cybersecurity threats to non-critical infrastructure.
• Five, The Ministry of Defence has recently upgraded the Defence Information Assurance and Research Agency.
  • • It aims to establish the Defence Cyber Agency, a tri-service command of the Indian armed forces to coordinate and control joint cyber operations and craft India’s cyber doctrine.
• Six, the Ministry of Home Affairs oversees “coordination centres”. It focuses on law enforcement efforts to address cybercrime, espionage and terrorism.
• Finally, the Ministry of External Affairs coordinates India’s cyber diplomacy with other countries and at international fora like the United Nations.

What are the issues in India’s cybersecurity framework?

• First, the institutional framework for cybersecurity has the following concerns.
  • • Lack of effective coordination.
    • Overlapping responsibilities
    • Lack of clear institutional boundaries and accountability.
• Two, India is yet to prepare a Cyber doctrine that defines the limits for offensive cyber operations, or the scope of countermeasures against cyber-attacks.

What is the way forward?

1. First, a clear-cut cyber doctrine similar to Nuclear doctrine is needed for protecting cyber spaces. For example, the ‘No First Use’ nuclear posture was critical in preventing a nuclear war despite rising tensions.
   • • The absence of a credible cyber deterrence strategy allows states and non-state actors to conduct cyberattacks on critical information infrastructure.
2. Second, India should push for the debate on global governance architecture regarding Cyber space in international fora based on India’s strategic interests and capabilities.
   • • It should also push for making binding rules that makes cyberspace-attacks on critical infrastructure illegitimate. (health-care systems, electricity grids, water supply, and financial systems)
3. Third, need for improved coordination between the government and the private sector at the national and State levels. It will effectively counter threats from both state actors and their proxies.
4. Four, need to publish cyber-attack information in Public domain for enabling meaningful public discussions on future Cyber policies.