India considers national plan for cybersecurity

New Delhi

INDIA is mulling a new national strategy to strengthen the country's cybersecurity, amid allegations that Chinese intrusions may have affected operations at a key stock exchange and the supply of electricity in the country's commercial capital.

The plan will coordinate responses across ministries; these include Home Affairs, Information Technology, Defence and the National Critical Information Infrastructure Protection Centre in case of an attack and set audit procedures, said Rajesh Pant, India's National Cyber Security Coordinator in an interview.

The plan will be approved by the Cabinet committee on security headed by Prime Minister Narendra Modi.

The authorities are investigating a series of recent suspected cyber intrusions which could have led to a power outage in Mumbai, crippled systems at banks and caused a glitch at the country's premier National Stock Exchange, he said. A report is expected in about a fortnight.

"We also want to know what happened," said Mr Pant, who was lieutenant-general in the Indian army and now coordinates India's cyber intelligence. He reports to the Prime Minister's Office. He said the breaches were likely malware and couldn't be classified as attacks without a proper investigation.

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

At least one connection opened by Chinese state-sponsored hackers into the network system of an Indian port was still active, as the authorities blocked attempts to penetrate the country's electrical sector, the US-based research firm Recorded Future said last week. The attempts by the Red Echo group have been occurring since at least the middle of last year, around the time a bloody skirmish between Indian and Chinese soldiers started in the remote Himalayan region, the firm said.

Sandeep Shukla, who runs a state-funded cybersecurity project at the Indian Institute of Technology in the state of Uttar Pradesh, said: "India will have to work at breakneck speed to put in place stringent security for critical infrastructure." He added: "There may also be a need for state financial backing to help smaller companies that are part of the grid. Because if one is hacked, entire systems can be compromised."

The new strategy will lay down protocols for prevention and audit to secure the government's digitally connected water, health and education systems. All these facilities are being treated as critical infrastructure, he said. Infrastructure like nuclear, power and aviation are classed as supercritical.

Mr Pant said: "In my view, if Internet-connected computers are infected by malware, I won't say it's an attack, but an infection - unless it jumps from IT systems to other operation systems. It's like a crank caller. Can you stop someone from dialling your number?" BLOOMBERG