After several high-profile attacks (on computers in the Prime Minister’s Office, diplomatic missions in Kabul, Moscow, and Dubai as wells as an artillery brigade, air force base, army technology institute, and think tanks with ties to the military), the Indian government has announced a flurry of measures designed to address the cyber security challenge. The response pulls several strings at once:
1) Reduce dependence on foreign, especially Chinese, hardware and software vendors: In February, the Times of India reports, the government formed a task force to devise a plan to build open source, indigenous operating systems. Also, the Indian government blacklisted Chinese telecoms Huawei and ZTE. Before, the Department of Telecommunications was informally warning Indian mobile operators, but now they have made public their fear of “trapdoors, blackboxes and malwares.”
2) New policies and plans: In March, the government conducted its first mock cyber war. In April, Defense Minister A. K. Antony called for the military to develop “a crisis management action plan” along with National Technical Research Organisation, Computer Emergency Response Team, and home affairs and communications ministries. Last week Sachin Pilot, minister for communications & information technology, announced that the government would not store sensitive information on computers connected to the Internet and all ministries and departments were told to audit IT systems. The government has also established a Crisis Management Plan against cyber attacks to be implemented by all central ministries, state governments, and critical sectors.
3) Take the fight to them: Soon after the reports of the Chinese attacks, there were several calls for India to develop its own offensive capabilities and its own group of “patriotic hackers”—civilian hackers who can be kept at arm’s length but mobilized to attack targets (though Indian hackers might be less than willing partners given the rough treatment in the past—this story in Wired recounts a hacker who taunted the Mumbai Cyber Crime Cell by taking over their website and only to have his hand broken by one of the interrogating officers. “I am not saying that I was merciless with the hackers, but my point is that we cops have seen such tough situations that we know how to handle boys.”)
4) Diplomatic response: According to The Hindu, cyber was not raised when External Affairs Minister S.M. Krishna met Yang Jiechi and Premier Wen Jiabao in April. During his visit to Washington in March, Sachin Pilot proposed stronger ties between the United States and India in cybersecurity.
We can expect slow progress on all of these fronts but (1) and (3) will be the most interesting to watch in the near term. The effort to reduce dependence on Chinese technology companies is already causing tension with China with Beijing threatening action at the WTO (and the ban has exposed tensions within the government between those more hawkish toward China and those wanting to keep relations smooth. Prime Minister Manmohan Singh criticized Jairam Ramesh, the environment minister, for calling India’s trade and investment policy toward China “paranoid.” ) The development of patriotic hackers could add a whole new level of volatility to the relationship; it is not hard to imagine a flare up over the long running border dispute escalating more quickly than either side expected or wanted, fed by hacking on both sides, and eventually forcing officials on both sides to adopt a harder line than needed.