India's defence establishment has sounded a fresh red
alert over the need to ensure physical as well as cyber security of
classified information in light of ever-increasing espionage attempts by
foreign intelligence
agencies, especially from China and Pakistan.
Citing "inputs" from the home ministry and elsewhere, the defence
ministry has directed the armed forces and other organizations working
under it to strictly implement the fresh security measures to prevent
any classified matter from being leaked.
NSA chief refuses to comment on PC spyware
Wikipedia is suing NSA over internet surveillance
India 5th on US intel's spying list
"Defence personnel, especially those serving in lower formations, privy
to sensitive information relating to organization/matters pertaining to
the armed forces continue to be targets of foreign intelligence
espionage efforts/agents," said the MoD directive, issued on March 12.
Some of the security instructions deal with monitoring of photocopying
machines, police verification of all staff employed on "an outsourced
basis", restricted access to divisions dealing with confidential matters,
close watch on suspicious conduct, caller ID spoofing and the like.
But the bulk of them are connected to cyber-security and computer-
usage norms. They range from strict access control and proper
firewalls to "air gap" between secure and insecure networks and curbs
on use of digital storage devices.
"There have been cases of data being leaked through the use of pen-
drives, removable hard disks and CDs. Moreover, Chinese hackers
have also broken into military networks through worm-infected USB
devices to exfiltrate information," said an official.
Interestingly, in its publication 'The Science of Military Strategy' this
month, China for the first time has admitted its People's Liberation
Army has specialized cyber warfare units. While both China and
Pakistan have been bolstering their capability to wage war in the
virtual arena, the former has made it a top military priority. "China
regularly hacks into sensitive computer networks of countries like
India, US, the UK and Germany," said a senior officer.
"China has at least a couple of hacker brigades, apart from over
30,000 computer professionals in its militia. It also has civilian teams
empowered to undertake similar intelligence and computer network
attacks," he added.
Targeted cyber attacks can hobble, and even destroy, strategic
networks and energy grids, financial and communication info-
structures of an adversary. Iran, for instance, learnt this the hard way
when the Stuxnet software "worm" crippled its nuclear programme five
years ago.
But even as countries sharpen their cyber-weapons, India continues to
drag its feet in setting up a tri-Service Cyber Command, which was
proposed along with an Aerospace and Special Operations Commands
by the chiefs of the staff committee a couple of years ago.