States told to brace for cyberattacks, ringfence key infra

Cyberspace is fast becoming the "fifth dimension of warfare", the Centre told all state chief secretaries at the Third National Conference of Chief Secretaries, cautioning them to urgently map, audit and ringfence the Critical Information Infrastructures (CII) that could be vulnerable to malware.

All states were asked to start working on building robust defences, from onboarding IT assets and organisations with the NIC's Cyber Swachchta Kendras to appointments of chief information security officers, establishment of security operations centres, network operations centre and a cyber security incident response team (C-SIRT), besides alignment with central protocols on cyber safety, ET has learnt.

The Centre has asked states and Union territories to share details of action taken on the same ahead of the fourth conference of chief secretaries in November.


The potential losses of cyber warfare encompass "financial ramifications, data loss, service disruptions, defamation, social unrest and implications for human and national security", it was underlined.

State of threat

A special session on cyber security challenges held at the November 12, 2023, conference highlighted how "malware attacks" had been recorded across all states and UTs, mainly targeting critical infrastructure. However, there were maximum threats posted by "malicious scanning" in Assam and Kerala - an issue being studied closely with the state governments.

It was also revealed that India's G20 Presidency saw the highest number of cyberattacks routed through four cities - Surat, Chennai, Bangalore, and Hyderabad.

Sector wise, the largest impact was observed in the automobile, government services, education and power sectors while the likes of telecom, banking and IT-enabled services experienced relatively lower threats due to inbuilt security designs, it was pointed out in a key presentation by the home ministry.

The National Informatics Centre (NIC) is learnt to have pointed out that there were several "policy-gaps" that needed urgent attention. While 331 Critical Information Infrastructures (CII) in seven critical sectors have been identified, states have mostly highlighted only the power sector.

Even on that front, only four states/UTs have declared both State Load Dispatch Centre (SLDC) and private centres as protected systems, with 20 states/UTs declaring only SLDC, and 12 declaring neither.

In terms of preparedness, only one state has set up a Computer Security Incident Response Team while merely 7 states have an audit agency in place. Further, only 7 states/UTs have both Security Operations Centre and Network Operations Centre, while 18 states/UTs have neither.

G20 case study: Think Like a Disruptionist

India’s battle with cyber threats during the G20 summit last year was the key case study discussed at the meet. “Hacker groups from different nations targeted various G20 collaterals aggressively, including the G20 website, Bharat Mandapam, Delhi police, airports, and even the IT systems of hotels where delegates were staying. The highest number of cyberattacks were routed through four cities: Surat, Chennai, Bangalore, and Hyderabad,” it was shared at the meet.

The government cyber response was to "Think like a Disruptionist" and involved establishment of a real-time war room, identification of anti-India actors and communication channels, along with swift countermeasures for fake news, it was revealed.

A series of coordinated proactive and reactive measures were undertaken to counter these effectively. Learnings from the G20 case study showed that a surge in exploitation by both “state and non-state actors” can be expected given the continuous evolution of the threat landscape, marked by technologies like Digital Public Infrastructure. “Vigilance against cyberattack methods such as ransomware, Distributed Denial of Service, and advanced persistent threats become paramount. The introduction of cutting-edge technologies like crypto, Artificial Intelligence, Internet of Things, and Augmented Reality further complicates the terrain,” central government officials highlighted at the conference.