E-Paper
Specialised unit within NIA to lead probes into cyberattacks
The ACTU, sanctioned by the home ministry last year and currently in the process of being finalised, will be given all such cases to investigate the role of terrorists or state actors behind the attacks
New Delhi
Probes into cyberattacks on India’s critical and sensitive digital infrastructure, like the assault on the servers of All India Institute of Medical Science by suspected China-backed hackers last year, will be led by a specialised anti- cyber- terrorism unit (ACTU) created within the National Investigation Agency, people familiar with the development said.
The ACTU, sanctioned by the home ministry last year and currently in the process of being finalised, will be given all such cases to investigate the role of terrorists or state actors behind the attacks, they said, seeking anonymity.
“By handing over such sensitive cyberattacks to the NIA, involvement of multiple agencies, which generally causes duplicity of work, can be avoided,” an officer said. “Besides, NIA has the mandate to probe such cyber-terror attacks on foreign soil and it can quickly get information by coordinating with the law enforcement agencies of other countries.”
“Both China and Pakistan backed hackers always try to target India’s sensitive installations related to space, defence, power grids, banking, communication networks,” a second officer said. “The NIA through this new unit will employ highly skilled people to detect such cyberattacks and the culprits.”
In recent times, there have been several strategic cyberattacks on India’s critical establishments. In November, suspected China-backed hackers targeted the servers of AIIMS, India’s foremost health care institution, crippling patients’ services for days.
In April 2022, suspected hackers linked to China had targeted seven power grids hubs in northern India. “Two attempts by Chinese hackers were made to target electricity distribution centres near Ladakh, but were not successful... We’ve already strengthened our defence system to counter such cyberattacks,” power minister RK Singh had said at that time.
In October 2019, part of a network in India’s largest civil nuclear facility, the Kudankulam Nuclear Power Plant in Tamil Nadu, was breached by overseas hackers.
“There is a growing tendency to strategically target critical information and financial systems,” home minister Amit Shah said in July. “Such activities are a matter of national concern, as their activities have a direct impact on national security, law and order, and the economy.”
India’s Computer Emergency Response Team (CERT-In) has reported a total of 112,474 cyber security incidents related government organisations and system in 2023 till June, up from 70,798 in the entire year of 2018. In 2022, 192,439 such incidents were reported, according to data shared by CERT-In in Parliament in the monsoon session. To be sure, not all incidents were related to cyberattacks on critical infrastructure.
While the National Cyber Security Coordinator under the National Security Council Secretariat coordinates with different agencies at the national level on cybersecurity, CERT-In is designated as the national agency to respond to cyber security incidents. It operates an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organizations across sectors for threat mitigation.
Incidents ranging from ransomware attacks, sale of critical personal data, online harassment and child abuse to fake news and misinformation campaigns with toolkits are being carried out by cybercriminals, Shah had said in July.
“If such crimes and criminals have to be stopped, then we have to think and also act by rising above the conventional geographic boundaries,” the home minister had said.
