The Narendra Modi government is preparing to set up a Rs 950-crore cyber security centre following a rise in virtual world attacks and recent revelations that the US National Security Agency had spied on the BJP and sensitive establishments.
The proposed National Cyber Coordination Centre (NCCC) will coordinate between intelligence and cyber response agencies such as the Intelligence Bureau (IB) and the Indian Computer Emergency Response Team (CERT-IN) to ensure a more robust defence of critical Indian computer systems. The government has prepared a 250-page note for final approval from the Cabinet Committee on Security (CCS) to set up the NCCC. The CCS is likely to clear the project soon, paving the way for more integrated cyber security operations by these agencies, which have been working in a piecemeal manner.
According to the CCS note the NCCC will be headed by a joint secretary-rank officer. Sources said this could also give impetus to the proposed appointment of a national cyber coordinator of the rank of a secretary to Government of India.
Global concerns about India's net security practices rose after June 25 when hackers broke into the National Informatics Centre (NIC), which runs e-mails of all central government officials as well as websites of various ministries and scheme and accessed information on its root directory that hosts the sensitive data. They issued several fake digital certificates which went undetected for days.
Data accessed by Hindustan Times shows the severity of attacks on Indian systems last year. A survey by a government agency shows over 780 attacks that damaged sensitive computers across 88 cities and over 350 hacking attempts on sensitive computer systems last year.
Many of these vulnerabilities were raised during a National Information Board (NIB) meeting chaired by National Security Adviser (NSA) Ajit Doval on July 25.
The NIB's members include intelligence chiefs, the director general of CERT-IN and a joint secretary from the Prime Minister's Office (PMO). Its role is to review all aspects of information security and take measures to counter emerging threats.
"When the NSA quizzed one of the intelligence chiefs regarding India's policy on proactive measures like hacking to gather intelligence, he didn't have an answer," a source familiar with the meeting told HT.
"While India has been making attempts to hack into emails and computer systems of its adversaries and terrorists, it does not have a policy or even a law to sanction this," the source said. "This was raised by the NSA, who also suggested that this needed better coordination between the technical intelligence agency NTRO and the Indian army's Directorate of Signals."
Doval was reportedly unhappy at the NTRO's lack of progress on the National Critical Information Infrastructure Protection project. Proposed in 2013, the project was approved by the UPA government this year. However, slow progress on the project leaves critical infrastructure like power stations and telecommunications vulnerable to cyber attacks. The NSA has now asked the NTRO to rope in the IB for the project.