The
army’s communications system is riddled with security flaws and could be
infected with Chinese malware that can bring down India’s military network, a
report warns, stressing on the need for a technology upgrade.
Malicious software cannot only
disrupt communication during operations but also lead to theft of information
in peacetime, the report on future core technologies and problem statements
says.
Cyber adversaries compromise government
networks and it could have serious consequences, former Indian Air Force chief
Fali Major said.
“War plans would be protected
by hundreds of firewalls but there are enough sensitive documents that can be
stolen,” said Major, who served on the national security advisory board during
2013-15. “The attackers can crash your systems and corrupt your data by gaining
full control of computers.”
The army realises the threat.
It had set a target of one year to develop the capability for “high assurance
testing” to check the hardware for “embedded malware, backdoors and hidden
processes” that hackers could abuse, an army officer said.
The root of the problem is the
armed forces dependence on imported equipment that heightens threat from an
embedded virus or spyware.
“This has been compounded by
the fact that origin of a large amount of electronic circuitry being used in
communication equipment is of Chinese origin,” says the report prepared by the army design bureau (ADB).
Inaugurated in 2016, the ADB is
tasked with promoting research to meet the army’s requirements.
The threat from embedded
Chinese malware was real, warned Rakshit Tandon, a cyber-security expert.
“Even the US is deeply worried
about systems being infected with Chinese malware,” said Tandon. “India is
extremely vulnerable to such attacks and the military needs to evolve very
stringent testing methodology to make sure hardware and software systems are
not compromised.”
To secure equipment, it is
vital to ascertain that imported hardware is free of malware and reliable to
“operate in hostile cyber environment”, says the report.
Most advanced nations have
laboratories that check communication and IT equipment for malware before
installing it, says the army.
A 2015 US congressional report
on cyber operations sums up the threat. “Nation states and other entities
target government and military networks to exfiltrate data, thereby gaining an
intelligence advantage, or to potentially plant a malicious code that could be
activated in a time of crisis to disrupt, degrade, or deny operations,” the CRS
report said.
The ADB report highlights the
need for military-grade security to protect data, making a case for utilising
software-based encryption as an additional security feature.
The document also red flags
threats to commercial operating systems (OS). It calls for developing “hardened
indigenous OS” for extra security, saying no commercial agencies should be
involved in its development.
Another item on the army wish
list is “all-in-one communication handsets” that will do away with the need to
carry multiple handsets and simplify use of communication devices.
Source :- Hindustan Times
0 Comments