India beefs up cyber preparedness with national boot camp

Hands-on exercises to deal with cyberattack situations marked the maiden National Cyber Exercise (NCX) that concluded in New Delhi on Friday. The event, under the aegis of the National Security Council Secretariat (NSCS), was held in wake of a recent cyberattack on Oil India and similar incidents related to India’s critical-information
infrastructure.

In the concluding session, deputy national security adviser Rajinder Khanna said that India being in a “difficult neighbourhood”, the use of “cyber as a weapon becomes extremely important”.


Around 150 government officials, including chief information security officers (CISOs) from critical-information infrastructure like power, oil,
telecom, and finance, attended the closed-door event and discussed whether India’s stance should be diplomacy driven or intelligence driven.

The event was executed in two stages — training and conduct. CyberExer Technologies, a NATO-awarded Estonian company accredited for conducting cyber exercises, held a training session for the officials. Thereafter, teams worked on cyberattack scenarios.

According to California-based Cyber Security firm Trellix, India’s critical infrastructure witnessed a 70% jump in ransomware attacks in 2021. “In the last couple of months, ransomware attacks on supply chains in critical infrastructure have been growing in number, scale, and complexity,” Lt Gen (retd.) Rajesh Pant told The Economic
Times on the sidelines of the meeting. The nation should be prepared for situations like the recent event at Oil India, which is why “we got people from all critical sectors of India in one room,” he added.

Pant highlighted that the Russia-Ukraine conflict has shown that modern warfare can be a “quasi-kinetic”. Asked if India would be looking at aggressive cyberdefence posturing in the days to come, he said, “You cannot have good cyberdefence without having capability for deterrence. In what manner that is executed is classified.”

Pant drew attention to a recent circular issued by CERT-IN, India’s computer emergency response team, which mandates all oganisations to report cybersecurity breaches to CERT-IN within six hours.

“India needs to build, strengthen, and continuously train to predict, pre-empt, prevent, detect, respond, mitigate and remediate any cyberthreat,” he said. “Due to the high levels of interdependencies involving multiple stakeholders and cross-domain linkages, it is necessary to have a national-level cyber exercise to suitably assess, validate, and hone the capabilities of the stakeholders towards securing the national cyberspace.”

NSCS is keen to make NCX an annual event, adding CISOs from private organisations as well. Data Security Council of India was the knowledge partner of this year’s event, which was supported by the Defence Research and Development Organisation (DRDO).

Inaugurating the event on April 18, national security advisor Ajit Doval had highlighted the importance of safeguards, as threats to cybersecurity can impact social, economic, and national security.