Secure India’s digital infrastructure
Over the past week, this newspaper has reported on a number of incidents that point to the abuse or the possibility of abuse of the Indian government’s digital infrastructure. Some related to the use of official email addresses to launch phishing attacks, and at least one successfully compromised several targets by convincing them that it was a legitimate communication. Separately, several sensitive government websites and applications were found with problems that can allow attackers to gain dangerous levels of access and control. Many of these flaws remain unaddressed even weeks after they were brought to light. The white hat hackers eventually broke their silence, and India’s cybersecurity apparatus has now promised to assign it to the agencies that were meant to have acted on time.
These incidents bring into focus problems that independent researchers have flagged for long — inadequate recognition of threats, a digital infra erected without adequate safeguards, endemic lack of awareness of safe practices, and a threat and vulnerability-response mechanism that is far from dynamic. The nature of the cyberspace is such that if attackers are able to leverage all or a combination of these weaknesses, they can cause damage that will be far greater than the sum of the parts. This is exactly what the cyber soldiers of a nation-state are able to do to their adversaries. For India, this means it is not just the cyber security of its citizens that is at stake, but also the risk to public infrastructure and national security. To address this, it needs institutions with sophisticated skillsets, which can work with independent communities, tear through red tape, and, evolve as quickly as cyber threats do.