India is said to have not suffered any major economic or physical damage because of cyber attacks. Does this mean India is strong in cyber defense?

This question assumes significance especially in wake of recent revelation that hackers have reportedly broke into computer systems of US defense establishments and stole designs of weapons systems.

While digging an answer to the above question, we only find that we haven’t pulled up our socks. Though a system is in place, there is no single solution to ensure cyber security.

The State-run Nuclear Power Corporation of India reportedly faces up to 10 targeted attacks a day. Even if one attack succeeds there could be a nuclear emergency.

In the single-largest cyber attack ever carried out against India, several high-level officials had reported their emails had been hacked into in mid 2012. The victims induced officials from the Ministry of External Affairs, Ministry of Home Affairs, Defense Research and Development Organization (DRDO), and the Indo-Tibetan Border Police (ITBP), the paramilitary unit deployed along much of the country’s 3,500 km border with China.

In the same attack, hackers had even breached the main National Informatics Centre email server, which serves all government departments. An investigation put the total number of hacked accounts at roughly 12,000.

What is ironical is that the incident had happened despite the National Technical Research Organization (NTRO) noticing odd ‘Signals’ and sending out warning up the China of command.

The NTRO has built complex algorithms since 2010 that had help detect attack at an early stage.

Eversince, the Government has set-up National Critical Information Infrastructure Protection Centre (NCIIPC), which has been assigned to protect assets in sensitive sectors such as energy, transport, banking, telecom, defense and space. The CERT-In’s responsibilities is now reduced to protecting cyber assets in non-critical areas.

Dhruv Soi, Founder and Director of Torrid Networks, a CERT-IN (Computer Emergency Response Team – India) empaneled security auditor says: “Around 5 years back we did not have vision or any sort of counter measures with regard to cyber security. But things have been put in place now. “

“No doubt security incidents are on a rise and every-time a breach happens we blame it on

Â

China. In fact, the origin of cyber-crimes is hard to detect unless there there is a detailed study. I can say even small countries like Qatar are better prepared in cyber security than India, he says adding that lack of co-ordination is what lacking in India’s cyber security prepardness.”

Govind Rammurthy, CEO and Managing Director, eScan, says “At eScan, considering that we audit and help secure endpoint assets within critical and sensitive areas, we do get requests from Defense establishments of other countries for solutions. But, most of these requirements categorically state that none of the endpoints, within the parameter of these establishments, have any kind of connectivity to public networks.

We believe, most countries are working towards these kinds of policies, to ensure that even with compromised devices, it would be close to impossible for data leakage to happen.

These are the policies which sensitive Indian establishments, be it military, air force or naval, need to strongly enforce within their parameter, in order to thwart the most enthusiastic of hacking communities.”

What do you think of India’s cyber defense preparedness? Let us know in the comment box below.