Technical
Recommendations

5.         Indigenous
Cyber Hardware.     Absence of
electronic manufacturing base and indigenous semi-conductor manufacturing
capability in the country are strategic deficiencies. These are absolutely
essential and fundamental pre-requisites for cyber security and need immediate
attention at the highest level. India announced her National Policy on
Electronics (NPE) in 2012 with a view to establish an Electronic System Design
and Manufacturing (ESDM) eco system and manufacture of semi-conductors and
other electronics in the country. Unfortunately, the scheme did not take off
inspite of the fact that it offered attractive financial and taxation terms.
This scheme has now been given a push under the “Make in India” programme. Hence,
India must now look at equipping all the critical information Infrastructure
with home-grown technologies and software to negate any supply chain
Vulnerabilities. Till the time the Indigenous capability is developed, the
armed forces should develop the capability for “high assurance testing” at the
time of equipment induction to check the hardware for “embedded malware,
backdoors and hidden processes” that hackers could abuse.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

19.       Indigenous
OS.   Commercial Operating
Systems (OS) like Windows and Android etc are vulnerable to easy hacking as the
codes are universal. It is therefore important that “hardened indigenous OS” is
developed for extra security by indigenous experts from the defence forces
without any help from the industry. Till such time, Indian OS like BOSS or
LINUX OS should be used for cyber infrastructure inducted in Armed forces.

20.       Secure
GPS.  The Indian armed forces
should shift their dependence from the GPS to the Indigenously developed IRNSS
(NAVIC) at the earliest. Latest encryption technology with high levels of
anti-jamming and cyber resiliency should be incorporated in the IRNSS data
exclusively used by the armed forces. The system should include a new military
code, or M-code similar to US, that uses a different frequency than public
signals and is more resistant to jamming.

6.         Encryption
of software.   It is extremely
important in the current and future battlefield that any data that rides on a
network is completely encrypted with complex algorithms to render stolen data
unusable in real time. Data encryption technology that protects sensitive data
but at the same time lets computations be performed on it all without the data
being decrypted needs to be incorporated in all Armed Forces Networks like the
Tactical C3I and the C4ISR as and when they become operational. It is proposed
that ‘Fully Homomorphic Encryption’ technology as is being researched by US
DARPA showed be explored for our systems also. File level encryption, Access
control at file level etc should be incorporated as part of Rights management
system.

 

4.         Private
Intranet – Social Media. The social networking sites can be exploited
by the cyber operators by infiltration and influencing the opinion where
feasible. Cyber espionage has already became the cornerstone of some nations,
where international cyber security agencies have reasons to believe, of state
complicity in major hacking, denial of service attacks in the last couple of
years. The social media can be effectively used by the CYBRID warriors for
disinformation or rumour mongering / propaganda. Since social networks become
easy prey to such agencies, there is a need to increase awareness of defence
personal about their vulnerabilities. Also Private Armed forces networks like
the RallyPoint should be developed for the military fraternity which helps them
to connect with family members and friends in the services.

11        Levels
of Protection. This may be identified considering the fwg aspects :-
(a) Value of Info. It implies the intrinsic value of the information itself.
The pers detls of officers may require lower cl compared to say offn plans of a
fd fmn. (b) Access to Info. It implies the further access to information that
an intruder may get in case he becomes privy to certain information e.g.
passwords, User ID etc. This aspect is peculiar to network security and
deserves a great deal of attn.

.

Tactical
Recommendations

77.       Security
of Defence Networks.    For defence
networks, critical ones must be isolated & a “secure zone” should be
created. Large number of defence networks in the rear areas are engineered on
civil media/networks. These are highly vulnerable to penetration attacks &
act as backdoors to so called isolated defence networks. Also, electronic &
physical security measures, particularly those at nodes, assume critical importance.
The threat posed by malware concealed in chips/PCBs & equipment from
foreign / unprotected local sources has assumed very dangerous proportions.
This needs to be plugged on an emergency basis. No
diplomatic/economic/political considerations should be allowed to dilute or
bypass these. Network equipment should be procured from reliable and indigenous
original equipment suppliers.

2.         Cyber
Shield for Aerial Platforms.  
The current aerial platforms like the aircrafts, helicopters , UAVs etc
are complex systems packed with processors, computers, networks, and data
links, creating an interconnected digital environment that may expose war-fighters
to cyber threats. An adversary can carry out a CYBRID attack on these platforms
with a soft kill instead of hard kill by disrupting the data links etc.
Therefore, the cyber defence capabilities to help aircraft detect and mitigate
cyber attacks in real time have to be developed. The new capabilities —
including system analysis, reverse engineering, and intrusion detection —
should build upon the state-of-the-art threat management solutions and help
protect aircraft from a variety of cyber threats. The new threat management
capabilities should include automated vulnerability assessment, subsystem
hardening, and malicious system behaviour identification etc. The versatile
cyber defence technology may be implemented on existing threat warning systems
or as a stand-alone solution.

4.         Anonymous
Sharing of big data.              Security Forces cybercrime units and project
managers can use anonymity when sharing data externally. For example, their
department may hold a dataset containing sensitive data in a particular data
store, and produce an anonymous version of the same dataset to be used
separately by external bodies. This reduces the risk of inadvertent data
disclosure and makes the data less attractive to cyber warfare gangs, who are
looking to grab their hands on data that is linked to a particular source.

4.         Cyber
Shield for Aerial Platforms.  
The current aerial platforms like the aircrafts, helicopters , UAVs etc
are complex systems packed with processors, computers, networks, and data
links, creating an interconnected digital environment that may expose
warfighters to cyber threats. An adversary can carry out a CYBRID attack on
these platforms with a soft kill instead of hard kill by disrupting the data
links etc. Therfroe the cyber defense capabilities to help aircraft detect and
mitigate cyberattacks in real time have to be developed. The new capabilities —
including system analysis, reverse engineering, and intrusion detection —
should build upon the state-of-the-art threat management solutions and help
protect aircraft from a variety of cyber threats. The new threat management
capabilities should include automated vulnerability assessment, subsystem
hardening, and malicious system behavior identification etc. The versatile
cyber defense technology may be implemented on existing threat warning systems
or as a stand-alone solution.