Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime

Unified Cyber Task Force Is 'Step in Right Direction'

Team to Review Security Intelligence, Address Telecom Risks
Unified Cyber Task Force Is 'Step in Right Direction'

The Indian government's plan to set up a unified national cybersecurity task force is a welcome move, some security experts in the country say, while also pointing out its shortcomings.

See Also: OnDemand | Spotlight Discussion: Advanced Network Detection & Response

Set to be established by March 2022 to tackle the "growing danger from cyberattacks and threats to national security," the task force will review intelligence from cybersecurity watchdogs such as the Computer Emergency Response Team and act upon intelligence shared by other countries, according to a report by the Times of India.

Focus on Telecom

A sub task force will be set up under the unified cybersecurity task force to solely focus on risks stemming from the country's telecom space, according to the report. Unidentified sources tell the newspaper that 20 officers, whose identities have not been disclosed, have already been recruited for the sub task force.

The Prime Minister's Office, the report says, was informed by the Department of Telecom about establishing a separate task force that will develop telecom-specific security capabilities.

Welcome, With Shortcomings

A unified cybersecurity task force is a step in the right direction, Sachit Singh, former general manager of information security at telecom company Bharti Airtel, tells Information Security Media Group.

India continues to see sophisticated cyberattacks that can negatively impact the public and private sector, in addition to affecting the citizens and the interests of the nation, says Singh, who is now vice president of information security at Airtel's rival telecom company Jio.

"Therefore, it's essential to have a unified view across the fragmented ecosystem and sharing of vital information - augmenting software supply chain security and establishing councils with private members to drive the charter across the public and private sectors," he says.

Independent cybersecurity researcher Rajshekhar Rajaharia warns that call forging is India's biggest cyberthreat currently, and the country hasn't done enough to prepare against attacks perpetrated via voice over internet protocol.

Call forging can be used for caller ID spoofing - a technique used by hackers to spoof the identity of the caller. Rajaharia tells ISMG that hackers can use call forging to target banks as well. "A lot of government institutions are in the process of replacing switching systems to disable caller ID spoofing. However, there are still many SIP trunks that can be manipulated to display a caller ID of the hacker's choice," he says.

Session initiation protocol trunking is the service telecom firms offer to provide VoIP connectivity between the phone system and the public switched telephone network, according to a TechTarget article.

Brijlal Mohanty, director of cloud technology at IT services firm Oracle, shared his thoughts on the task force in a tweet:

On the other hand, a task force without statutory powers would be limited to the fringes in an advisory role, says Prashant Mali, cyber and privacy lawyer at the Bombay High Court.

"We need agencies that have the authority to take actions against targeted attacks on India’s telecom infrastructure," he says.

The Center for Development of Telematics has been anxious for security products to be developed in India (see: India Wants Home-Grown Products for Telecom Security). But security practitioners had earlier told ISMG that in spite of having good security companies in India, not all telecom players were ready to entrust them with core infrastructural security. Another security leader, who chose to remain anonymous, said that India lacked proper encryption standards for telecom companies.

Widespread Threat

The threat to telecom is widespread. A report by cybersecurity firm Cloudflare shows that the telecom sector was the preferred target for distributed denial-of-service attacks in the first quarter of 2021, and 0.022% of the total traffic per industry was observed in the telecom sector. Consumer services ranked second with 0.014%.

In August 2021, Cybereason Nocturnus, the threat intelligence arm of cybersecurity firm Cybereason, detected "clusters of intrusions" targeting telecom firms across Southeast Asia. The threat actors were suspected to be operating on behalf of Chinese state interests.

In February 2021, Rajaharia said that personal information of 2.5 million Jammu and Kashmir citizens, all users of Airtel, was posted on a public website. The telecom company had rejected Rajaharia's findings in its response to him, although he had posted screenshots of the Red Rabbit hacker group's email conversations with Airtel.

Other Initiatives

The CERT-In, in February 2017, established the Botnet Cleaning and Malware Analysis Center in collaboration with internet service providers, antivirus companies, academia and the industry to detect compromised devices, as well as notify, clean and secure devices of end users.

The organization - which is also called the Cyber Swachhta Kendra or CSK - reported that in 2020 the country had detected 278,537,556 botnet or malware infections and leveraged its collaboration with internet service providers to notify affected parties. Of the 25,969 incidents of website defacement detected in the year, 18,899 had a government domain, it said.

On Dec. 16, the Telecom Regulatory Authority of India published a consultation paper that states that privacy, security and ownership of data are the "notable key drivers for boosting the data economy of India."

The regulatory authority's report also says that not much has been done around the regulatory framework for data centers, content delivery networks and interconnect exchanges in India.

The report was released days after Prime Minister Narendra Modi's official Twitter account was briefly compromised - for the second time in two years.

About the Author

Soumik Ghosh

Soumik Ghosh

Assistant Editor, Asia

Prior to joining ISMG, Ghosh worked with IDG and wrote for CIO, CSO Online and Computerworld, in addition to anchoring CSO Alert, a security news bulletin. He was also a language and process trainer at [24] Ghosh has a degree in broadcast journalism from the Indian Institute of Journalism & New Media.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.