Wednesday, November 16, 2011

Lack of security of our Govt servers


NEW DELHI: Investigators have unearthed a new and deadly pattern of cyber attacks in which Indian government servers have been used by foreign entities to target the computer networks of third countries.

The finding comes at a time when a dispute rages within the government over who should be responsible for protecting India's critical IT infrastructure. According to sources, foreign entities have penetrated the servers of the National Informatics Centre in recent months and used them to launch attacks on countries, including China. Among other things, the NIC hosts the official websites and emails of the Indian government.

"These attacks are mostly targeted against government networks of various countries," a source said, adding that the attacks were planned in such a way that investigators from the victim countries would believe that they were launched from Indian government servers. Investigators suspect foreign government entities, including intelligence agencies, have a hand in exploiting NIC servers. They say since the attacks were targeted against Chinese government servers too, there is no scope to blame China.

China had in August said that it had suffered about 250,000 cyber attacks from foreign entities, 8% of which had come from India. Sources now believe these attacks could be the result of the NIC servers being exploited by foreign entities.

Even as this new angle to India's IT infrastructure security emerges, a turf battle is raging within the government about who should be protecting it. Sources said both the department of IT and the National Technical Research Organisation-the technical intelligence agency created after the Kargil conflict-had laid claims to being responsible for safeguarding India's IT infrastructure.

The department of IT believes the job should vest with the Computer Emergency Response Team while the NTRO says it must have the responsibility for both defensive as well as offensive cyber security.

Meanwhile, conventional cyber attacks from foreign entities to extract confidential data from Indian government systems are on. Recently, the computer systems of the ITBP came under attack. There have also been attacks on the systems of the MEA, National Security Council secretariat and other departments.

No comments:

Post a Comment