India needs to enhance cyber security to critical infrastructure to conquer China proxy war
The recent technical glitch or outrage on NSE, by whatever name it is referred, seems to be part of the cyber attack from China or other international hacking groups acting on behest of China. Consequent to the Galwan Valley incident and events deciphering thereafter, China has to face embarrassment at their domestic as well as international level. The attack on the national stock exchange which forms part of critical infrastructure could be part of the series of attacks done by the China since Galwan Valley incident.
Similar attacks were on the power grid in Mumbai in October 2020 which impacted the stock market, train services, hospital and other prominent institutions. Recorded future, a company which analyzed the use of Internet by state actors, in its report attributed the attack to RedEcho, China linked cyber attack group. In its report, Recorded Future observed a large increase in the suspected targeted intrusion activity on critical infrastructure in India by Chinese sponsored group and use of various dedicated command and control servers for these attacks.
The attacks which are organized and targeted using sophisticated technologies of critical infrastructures are the acts of cyber war entitling a nation to respond. However with the emergence of advance technologies and techniques such as IP spoofing, VPN tunneling, etc. the attribution of such attacks may not be easy and India may not find the appropriate support from the International community to respond such attack referring them as the acts of war.
Similar situations are being faced by various countries across the globe and the only option to tackle these issues is to enhance the cyber security and counter offensive against offenders. In case of NSE outrage, though exact reasons have not been disclosed but the outrage itself indicates the failure of cyber security mechanism of the NSE. As a cyber security response, in case of the failure of the server due to any reason, the traffic to the NSE should have been automatically switched to the backup server which did not happen and it indicates the absence of disaster recovery plan which is the essential component of Business continuity planning in any organization.
The impact of the compromise or hacking on the NSE server could be more fatal and disastrous as compared to other institutions because of the huge financial stake involved in the transactions. A single unauthorized access to the critical infrastructure can be fatal as the hacker may escalate the privileges and can cause enormous damage which may not be possible to repair as the world observed in the case of Sony Hack and the Ukraine Power Grid. What needs to be focused specifically is strengthening the Business Continuity Management Plan of these Vital organizations like telecom service providers and the stock exchange companies. Regular update and audition need to be carried out ensuring that the systems are upgraded with the resilience to the latest cyber threat that such vital organization’s systems face. Such systems come under the ambit of Section 70 of the Information Technology Act, 2000 that is the protected systems and the offenders should be held liable accordingly.
The act of cyber attack which may be through hacking or DDOS ultimately rising to DOS for the stakeholder is an act of cyber terrorism in terms of Sec 66F of the Information Technology Act, 2000. The section provides that any act which is being done to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people by causing denial of access to the computer resource which may cause damage or destruction of property or disrupt any services which adversely affect the critical information infrastructure.
The investigation of the attack on the power grid by Cyber cell of Mumbai police revealed the possibility of sabotage in the SCADA Network. The Chinese hackers execute such attacks using high level technology and precision which could only be possible with the support of state actors. The motivation for such attack ranges from exfiltrating intellectual property, secret informations and confidential data, threatening the security of critical institutions and striking terror in the people of another country.
India has to adopt a multifold approach to deal with such attacks as the ramifications of such attacks are serious and also it costs heavily to rectify or reimburse the damages. The CIA triad (Confidentiality, Integrity and Accessibility) should be the goal that needs to be focused upon and strengthened from time to time. So the first priority should be to prevent, detect and control such attacks by strengthening the cyber security framework of the organizations, institutions and at the country as a whole and India should consider retaliation for such attacks and all the possible methods to prosecute the offenders.