India Cyber Chief Pushes International Action on CybercrimeRajesh Pant Says Union Government Plans to Unveil a National Cybersecurity Strategy
The Indian government's cybersecurity chief on Friday touted international cooperation on cybercrime and said the union government is preparing additional legislation to combat the modern threats in cyberspace.
Delivering the keynote address on Friday at Information Security Media Group's DynamicCISO Summit in Mumbai, National Cyber Security Coordinator Rajesh Pant said cybercrime as a service has become commonplace in recent years, thanks to participation by access brokers, many of whom are insiders at targeted organizations. These access brokers determine the amount of cyber insurance coverage their organizations have, he said, and pass on the information to ransomware attackers, who use it to negotiate effectively.
Pant also spoke of the emerging trend of physical attacks being preceded by cyberattacks on military targets. He said in the war in Ukraine, Russia frequently targeted critical infrastructure, government and military agencies with cyberattacks prior to launching conventional weapons and forces at them. He observed similar trends in countries that don't enjoy the best of relations or are at the brink of war.
Pant touted international cooperation as an antidote to cybercrime, citing the International Counter Ransomware Task Force, composed of 37 member nations. Members disrupted the Hive ransomware group in January (see: FBI Seizes Hive Ransomware Servers in Multinational Takedown). The U.S. Department of Justice said Hive "targeted more than 1,500 victims in over 80 countries around the world, including hospitals, school districts, financial firms and critical infrastructure."
How India Plans to Defeat Cybercrime
Pant said the union government will soon roll out a national cybersecurity strategy and will unveil legislation to combat modern cyberthreats. The government is preparing a telecom that would require telecom sector organizations to secure their over-the-top assets, evaluate equipment and devices for vulnerabilities, and only source equipment from vendors that do not share information with foreign governments.
Pant said the government set up the National Critical Information Infrastructure Protection Center to act as a nodal agency to secure the country's critical infrastructure. The government itself is not immune to cyberattacks and is cognizant of the challenges it faces, Pant said. Central and state governments run a total of 13,500 web portals, and their employees use 3 million email addresses.
To protect government organizations and workers, the government provides cybersecurity training and the Indian Cyber Crime Coordination Center coordinates with state cybercrime coordination centers, Pant said.
Pant referenced a recent cyberattack on New Delhi-based All India Institute of Medical Sciences and the lessons the government drew from the incident. He said the AIIMS network, designed by IT specialists and healthcare management with no cybersecurity experience, contained over 15,000 unsecured endpoints, making it extremely easy for malicious actors to compromise the hospital's servers.
The government aims to prevent its agencies from suffering a similar fate by using the Bharat-CISO program to train government cybersecurity decision-makers and provide them with in-depth knowledge of cybersecurity, Pant said.