The army’s communications system is riddled with security flaws and could be infected with Chinese malware that can bring down India’s military network, a report warns, stressing on the need for a technology upgrade.
Malicious software cannot only disrupt communication during operations but also lead to theft of information in peacetime, the report on future core technologies and problem statements says.
Cyber adversaries compromise government networks and it could have serious consequences, former Indian Air Force chief Fali Major said.
“War plans would be protected by hundreds of firewalls but there are enough sensitive documents that can be stolen,” said Major, who served on the national security advisory board during 2013-15. “The attackers can crash your systems and corrupt your data by gaining full control of computers.”
The army realises the threat. It had set a target of one year to develop the capability for “high assurance testing” to check the hardware for “embedded malware, backdoors and hidden processes” that hackers could abuse, an army officer said.
The root of the problem is the armed forces dependence on imported equipment that heightens threat from an embedded virus or spyware.
“This has been compounded by the fact that origin of a large amount of electronic circuitry being used in communication equipment is of Chinese origin,” says the report prepared by the army design bureau (ADB).
Inaugurated in 2016, the ADB is tasked with promoting research to meet the army’s requirements.
The threat from embedded Chinese malware was real, warned Rakshit Tandon, a cyber security expert.
“Even the US is deeply worried about systems being infected with Chinese malware,” said Tandon. “India is extremely vulnerable to such attacks and the military needs to evolve very stringent testing methodology to make sure hardware and software systems are not compromised.”
To secure equipment, it is vital to ascertain that imported hardware is free of malware and reliable to “operate in hostile cyber environment”, says the report.
Most advanced nations have laboratories that check communication and IT equipment for malware before installing it, says the army.
A 2015 US congressional report on cyber operations sums up the threat. “Nation states and other entities target government and military networks to exfiltrate data, thereby gaining an intelligence advantage, or to potentially plant a malicious code that could be activated in a time of crisis to disrupt, degrade, or deny operations,” the CRS report said.
The ADB report highlights the need for military-grade security to protect data, making a case for utilising software-based encryption as an additional security feature.
The document also red flags threats to commercial operating systems (OS). It calls for developing “hardened indigenous OS” for extra security, saying no commercial agencies should be involved in its development.
Another item on the army wish list is “all-in-one communication handsets” that will do away with the need to carry multiple handsets and simplify use of communication devices.