It’s not difficult to predict India’s response to a cyber incident. The aftermath of a September 2020 power outage in Mumbai is a textbook example.
First, denial. While Maharashtra’s cybercrime department suspected that the attacks originated from China, the central government later denied that the security breach was connected to the power outage.
Then, a reluctant admission that came after The New York Times broke the story broke the story New York Times China Appears to Warn India: Push Too Hard and the Lights Could Go Out Read more in late February. On 10 February, US-based cyber intelligence firm Recorded Future gave Indian authorities a list of IP addresses belonging to a suspected command and control centre of a Chinese hacker group. The addresses had communicated with the computer systems of power utilities and ports in the country.
And finally, delayed action. “It took agencies 17 days to block the IPs. Ideally, action should have been taken in 24-48 hours,” Sandeep Shukla, professor and joint coordinator at IIT Kanpur’s C3I Centre, told The Ken. The centre is the only academic research entity working on critical information infrastructure in the country.
Additionally, in its statement statement Twitter NCIIPC informed targeted organisations through mail on 12 Feb Read more to news agency ANI, India’s Ministry of Power said that all systems in the targeted organisations were scanned and cleaned by antivirus software. The responses seemed naive, at best. The malware used were advanced persistent threats (APT), which are far too advanced to be detected by mere antivirus programs.
This, though, is the norm. E-commerce platforms, power grids, nuclear power plants—even India’s premier space agency, ISRO—have all been compromised by hackers in the past. In each case, the government’s reactions played out in a similar manner.
In sharp contrast is the hack of US IT firm SolarWinds, which serves Fortune 500 companies and many government departments and agencies, including part of the Pentagon and the US’ Department of Treasury. When Russian hackers broke into and spied on SolarWinds’ clients for months, the US government asked every department and organisation involved to do an impact assessment.
“That’s the depth one is required to go to when incidents happen. In India it begins with denial. The immediate response is to always fix the problem, not resolve it,” Sivarama Krishnan, Asia-Pacific cybersecurity services leader at PricewaterhouseCoopers (PWC) PricewaterhouseCoopers (PWC) PricewaterhouseCoopers A multinational professional services and accounting firm , told The Ken.