wordpress blog stats
Connect with us

Hi, what are you looking for?

India’s new Defence Cyber Agency – Nidhi Singh, CCG-NLUD

hacking

By Nidhi Singh.

Recent developments in India’s space policy including Mission Shakti, India’s first anti-satellite weapon testing is indicative of the states growing concern into contemporary threats to the state; India is ranked among the 15 least cyber-secure countries in the world from the list of 60 countries. To this end, the Prime Minister announced the setting up of three new tri-service agencies, for Cyber Warfare, Space and Special Operations, at the Combined Commanders’ Conference in Jodhpur last year.

In this post we will mainly deal with the third tri-service agency, the Defence Cyber Agency, which is setup to work in conjunction with the National Cyber Security Advisor. Its focus will reportedly be limited to military cyber-issues and not civilian ones. Its Tri-service nature means that it would include as many as 1000 personnel from all three branches, the Army, Navy and the Airforce. Rear Admiral Mohit Gupta has been appointed to be the first head of the DCA.

Current Legal Framework

The current legal framework dealing with cyber-security is not centralized. Different agencies are responsible for various aspects of cyber-security. These can broadly be classified into agencies focusing on civilian cyber security, and those focusing on the military cyber security.

The National Cyber Security Policy was adopted by the Government of India in 2013 to ensure a secure and resilient cyberspace for citizens, businesses and the government. This policy was launched to integrate all the initiatives in the area of Cyber Security and to tackle the fast-changing nature of cybercrimes. Initiatives such as setting-up the National Cyber Coordination Centre (NCCC), National Critical Information Infrastructure Protection Centre (NCIIPC), and creating sector specific Computer Emergency Response Teams (CERT) were implemented under the policy.

Advertisement. Scroll to continue reading.

The Indian Computer Emergency Response Team (CERT) is an office within the Ministry of Electronics and Information Technology. It is the national nodal agency for responding to computer security incidents as and when they occur. It deals with mostly civilian threats by issuing guidelines, vulnerability notes, and whitepapers relating to security practices as well as providing a point of contact for reporting local problems.

Cyber-Security concerns in India

The 2019 Global Risk Report highlights India’s history of malicious cyber-attacks and lax cybersecurity protocols which led to massive breaches of personal information in 2018. It also specifically mentions the government ID database, Aadhaar, which has reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens. It was reported in January that individuals were selling access to the database at a rate of 500 rupees for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers.

The Digital India initiative has resulted in a boom in the internet usage in the country. However, due to the lack of proper security protocols in place, there have been an estimated 700 hacks into state and central governments websites, as was reported in Lok Sabha. Additionally, in January of 2017, the National Security Guard page was hacked by suspected Pakistan based operatives who then went on to post anti-India content on it. The need to prevent such attacks on Indian websites has been a matter of debate since 2016, following the hack of the IRCTC website.

While some aspects of cyber security are easy to classify, such as the breach of IRCTC being a civilian breach and hacking the website of the National Security Guard being a military breach, other potential cyber threats could fall within a grey area.

Defence Cyber Agency

Advertisement. Scroll to continue reading.

The lacuna which the Defence Cyber Agency seeks to fill, exists in the realm of military cyber security. It is currently governed by the Defence Intelligence Agency (DIA) which operates under direct control of Ministry of Defence and focuses on the international offensive and defensive capabilities of the state. It is the nodal agency for all defence related intelligence.

The formation of the Defence Cyber Agency, is supposedly meant to combat the current threat of foreign hackers from nations such as China or Pakistan, who could attack India’s digital infrastructure using Cyber warfare. The new agency could potentially set up the roadmap for the future of India’s cyber security specifically, by combating threats made to military targets.

A common feature of many military agencies is the lack of legislative clarity; in the absence of a clear and coherent policy document or a parliamentary enactment to this effect, the parameters on which the domain of ‘military cyber security’ is demarcated remain unclear. The definition of ‘military’ in this case could potentially be based on the nature of the target (IRCTC hack vs. NSG hack) the origin of the threat (geographical location or the nationality of the perpetrator) or even the source of the threat (China/Pakistan or amateur domestic hackers).

The Agency is expected to follow a decentralized structure where the bulk of the agency will be focused into smaller teams, spread around the country, with the command center in Delhi. It also aims at putting dedicated officers in major headquarters of the tri-forces to deal with emerging cyber security issues.

One of the main takeaways from the setting up of this agency is the inter-service cooperation between the Army, Navy and the Airforce. The move is also in keeping with the Joint Training Doctrine Indian Armed Forces, of 2017, which seeks to foster ‘Synergy’ and ‘Integration’ amongst the three Services and other stake-holders leading to an enhanced efficiency and optimum utilisation of resources.

Since the new agency will fall under the purview of the Ministry of Defence, the precise mandate and composition of the DCA are not clear at this point. After its formal inauguration, which is supposed to happen sometime this month, it is possible that people will have a better idea of the agency’s role and functions in maintaining India’s cyber defences.

Advertisement. Scroll to continue reading.

A key issue, which has not been addressed so far remains the need to employ experts in the field of cyber-security. While the new agency is projected to employ over 1000 personnel from the three services, employing personnel with sufficient technical knowledge will be difficult, owing to a general lack of qualified personnel in this field. Additionally, with the boom in the cyber security market, the DCA would not only have to contend with private players in the domestic markets in attracting qualified talent, but also face stiff competition from international players in the scene.

In addition to setting up the DCA, it is also important that all three services take this opportunity to better train existing personnel in basic cyber security practices, including staff which is not specifically deployed to the DCA.

It is hoped that the formation of such an agency will not only improve India’s cyber security but also bolster its international reputation in terms of digital safety. The creation of this new agency highlights the weaponization of cyberspace as a tool of modern warfare, and also the importance of data and information sharing between the three services in order to better protect the nation.

*

This article was first published on CCG-NLUD’s blog, its been cross-posted with prior permission.

Advertisement. Scroll to continue reading.
Written By

Free Reads

News

With GPS in every car, India's toll collection is going high-tech.

News

Google is currently undergoing the necessary procedures for the leasehold land, which is presently under the ownership of the Maharashtra Industrial Development Corporation.

News

The pilot project for which is being launched in 19 cities this year, with a plan to launch a full-fledged rollout next year.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ