India has been the target of numerous cyberattacks in recent years. These attacks have targeted various sectors including government, finance, and critical infrastructure. Some of the most notable cyberattacks in India include the WannaCry ransomware attack in 2017, which affected several government and private organizations, and the 2019 cyberattack on the Indian National Stock Exchange. Additionally, there have been a number of attacks on Indian banks, including a major attack in 2016 that resulted in the loss of millions of dollars. These attacks have highlighted the need for increased cybersecurity measures in India to protect against future attacks.
A Chinese hacking group called RedEcho is believed to have attacked Maharashtra’s electricity grid in March 2021, amidst an ongoing crisis in Ladakh. Hackears from North Korea penetrated the Kundankulam Nuclear Power Plant (KKNPP) in 2019 in a bid to test the cyber security of the plant and steal information about the reactor design.
Infrastructure Projects at Risk
India’s infrastructure projects, particularly those related to the country’s strategic interests, are considered to be at risk from cyberattacks by Chinese state-sponsored groups. These groups are known to have a significant capability in cyber espionage and have been accused of targeting infrastructure projects in other countries as well. In recent years, there have been a number of reported cyberattacks on Indian infrastructure projects, including attacks on power grids and transportation systems. The Indian government has acknowledged the risk and has taken steps to increase cybersecurity measures to protect its infrastructure projects, but it is a constant battle to stay ahead of the attackers.
PLA’s Cyber Attackers
In some ways, cyber war between India and China is already taking place – after India banned hundreds of Chinese mobile apps, limiting Chinese investments in the Indian economy and giving a bloody nose to the People’s Liberation Army on the Line of Actual Control on 15 June 2020.
In March 2013, DRDO’s computers were breached by Chinese hackers, who took files related to Cabinet Committee on Security (CCS), to a server in Guangdong in China and the Indian defence ministry ordered a probe.
China-linked hacker group, RedFoxtrot, from their intelligence Unit 69010, targeted India’s power sector, including conglomerate NTPC, in March 2021. RedFoxtrot’s predominant targets are sectors like government, defence, and telecommunications across Central Asia, India, and Pakistan.
Some Indian targets included Walchandnagar Industries engaged in India’s Nuclear and Space programmes, and defence manufacturer Alpha Design Technologies and Bharat Sanchar Nigam Limited (BSNL).
The Times Group (Feb, Aug 2021), Unique Identification Authority of India (UIDAI), and MP Police Department (June 2021) have been targeted by suspected Chinese state-sponsored threat activity group TAG-28, which used Winnti malware. In June 2021, APT41 was responsible for cyber attack against Air India.
Recent Initiatives
The creation of the Defence Cyber Agency in 2019, Cyber Security Coord at the National Security Council (NSC), preparedness for offensive ops by the National Technical Research Organisation (NTRO), defensive measures by National Critical Info Infrastructure Protection Centre (NCIIPC) and the release of India’s National Cyber Security Policy (NCSP) are steps in the right direction. As roles and responsibilities of the armed forces, other government agencies as well as the private sector are articulated, the nation’s vulnerability to cyber attacks will decrease.
The vulnerabilities facing India’s Critical Infrastructure (CI) need to be addressed with greater urgency. Cyber attacks against India’s CI and Strategic Infrastructure (ST), such as nuclear power plants, are not new.
Defensive measures like having a cyber security framework, Cyber Security Awareness, Incident Response Tools, Vulnerability Assessment and Penetration Testing, Multi-Factor Authentication and so on are necessary but offensive defence is the key. Along with space, Indian must prepare for “cross-domain” warfare to include cyberspace.
Comments
China has been leading a worldwide hacking and economic espionage campaign, using cyber attacks to steal intellectual property in disregard of bilateral and multilateral agreements.
China is one of the world’s pre-eminent players using cyber weapons. Used as methods of espionage, state-sponsored data breaches and server hacks pose a significant threat to global security. China was responsible for worldwide rise of cyber crime by 600% during the Covid-19 pandemic. Even before the virus hit, China had overtaken Russia as the biggest state sponsor of cyber attacks against the West.
The People’s Liberation Army (PLA) of China is known to have trained hackers and offensive cyber groups for operations. These groups are believed to have been involved in a number of cyber espionage and cyber-attacks against various countries, including the United States and India. The PLA’s cyber units are thought to be well-funded and well-equipped, with a focus on both defensive and offensive capabilities. In addition to targeting government and military organizations, these groups have also been known to target private companies, particularly those in the technology and aerospace sectors. The Chinese government has denied any involvement in cyber-attacks, but evidence suggests otherwise. The US and other countries have accused China of using cyber espionage to gain an economic and strategic advantage.