India is all prepared to adopt measures to protect its cyber infrastructure and designate agencies for carrying out offensive cyber attacks on other countries. Evidence shows countries launching cyber attacks — not only for intelligence gathering — and many nations describing the attacks as an act of war.
The National Security Council (NSC) headed by Prime Minister Manmohan Singh would soon approve the comprehensive plan and designate the Defence Intelligence Agency (DIA) and National Technical Research Organization (NTRO) as agencies for carrying out offensive cyber operations, if necessary. All other intelligence agencies would be authorized to carry out intelligence gathering abroad, but not offensive operations.
The detailed policy for national cyber infrastructure protection is presently before the NSC awaiting its approval. The policy would identify all government agencies that would have a role in the protection of Indian cyber infrastructure and define their roles.
The move to not just define defensive mechanism but also designate agencies for offensive operations comes as New Delhi tackles repeated waves of cyber intrusions, though all of them are aimed at gathering information from critical networks. But the next stage, of an adversary carrying out offensive cyber attack, of bringing down a power grid, stalling air traffic control systems, or manipulating controls of a dam are now believed to be a real possibility.
Stuxnet, the cyber worm created by US’s National Security Agency and Israeli military and specifically targeted at Iran’s nuclear enrichment center at Natanz, was found to have infected Indian systems.
CERT-IN (Computer Emergency Response Team India) would be responsible for protection of most of the cyber space, while NTRO would be tasked to protect the critical infrastructure such as important government networks. NTRO would be tasked to create the National Critical Information Infrastructure Protection Centre (NCIPC), which would be a command-and-control centre for monitoring the critical infrastructure. It would be a round-the-clock centre, providing real time response to cyber security breaches.
The proposal before NSC also envisages creation of sectoral CERTs in order to respond quickly to protect power distribution networks, Air Traffic Controls, traffic networks and other areas that heavily dependent on networked systems, and thus are susceptible to attacks.
The policy suggests that the defence forces would be responsible for their own networks’ protection.