The plan will coordinate responses across ministries including home affairs, information technology, defence and the National Critical Information Infrastructure Protection Centre in case of an attack and set audit procedures, former Lieutenant General Rajesh Pant, India’s National Cyber Security Coordinator, said in an interview. It will be approved by the cabinet committee on security headed by Prime Minister Narendra Modi.
Authorities are investigating a series of recent suspected cyber intrusions which could have led to a power outage in Mumbai, crippled systems at banks and caused a glitch at the country’s premier National Stock Exchange, he said. A report is expected in a few weeks.
“We also want to know what happened,” said Pant, who served in the Indian army and now coordinates India’s cyber intelligence and reports to the Prime Minister’s office (PMO). He said the breaches were likely malware and couldn’t be classified as attacks without a proper investigation.
At least one connection opened by Chinese state-sponsored hackers into the network system of an Indian port was still active, as authorities blocked attempts to penetrate the country’s electrical sector, the US-based research firm Recorded Future said last week.
The attempts by the Red Echo group have been occurring since at least the middle of last year, around the time a skirmish between Indian and Chinese soldiers started in Ladakh, the firm said.
“India will have to work at breakneck speed to put in place stringent security for critical infrastructure,” said Sandeep Shukla, who runs a state-funded cybersecurity project at the Indian Institute of Technology, Kanpur, and has advised the government in the past.
“There may also be a need for state financial backing to help smaller companies that are part of the grid. Because if one is hacked, entire systems can be compromised.”
The new strategy will lay down protocols for prevention and audit to secure the government’s digitally connected water, health and education systems that are all being treated as critical infrastructure, he said. Infrastructure like nuclear, power and aviation will be considered supercritical.
“In my view, if internet-connected computers are infected by malware, I won’t say it’s an attack but an infection unless it jumps from IT systems to other operation systems,” Pant said. “It’s like a crank caller. Can you stop someone from dialing your number?”