VIF Cyber Review: June 2022
Anurag Sharma, Senior Research Associate, VIF
National
“Cyber secure India is integral to national security and development”: Union Minister of Home Affairs

Addressing a national conference on cyber security and national security on 20 June 2022, the Union Minister of Home Affairs (MHA)— Amit Shah, emphasised the need for public awareness about cyber security being an integral part of national security and the government of India led by Prime Minister Modi is committed to making it robust.

“With the initiatives of PM Modi, India is going forward in all areas, and the usage of technology has been taken to all levels; but if cyber security is not ensured, this strength can become a huge challenge for us. It is important that every Indian understands the challenges of cyberspace so that a secure cyber-India can be created,” said the Minister of Home Affairs. The Government of India is already preparing a National Cyber Security Strategy, which focuses on the need for a legislative framework to address the emerging challenges in the technology space.[1]

Cabinet approved the auction of the IMT/5G spectrum

On 15 June 2022, the Union Cabinet, chaired by Prime Minister Modi, approved a proposal of the Department of Telecommunications to conduct a spectrum auction for providing 5G services to the public and enterprises. Digital connectivity is integral togovernment initiatives through Digital India, Start-up India, and Make in India. Through these flagship programmes, the government has promoted access to innovative banking/mobile banking, online education, telemedicine, and e-Ration, to “Antyoday” families.

India’s 4G ecosystem is now paving the way for 5G indigenous development. Establishing a 5G test bed in eight of India's top technology institutes is accelerating the launch of domestic 5G technology in India. The Production-Linked Incentives (PLI) schemes for mobile handsets and telecom equipment, as well as the launch of the India Semiconductor Mission, are expected to help build a robust ecosystem for the launch of 5G services in India. The day is not far off when India will emerge as a leader in the field of 5G technology and the upcoming 6G technology.[2]

“India’s ICT strategy centres on inclusive growth for all sections of society”: Minister of State for Communications

On 01 June 2022, the Minister of State for Communications, Devusinh Chauhan, addressed a session organised by the World Summit of Information Society (WSIS) 2022 and said that ICT (Information and Communication Technology) is having a growing impact on our daily lives, as a powerful tool for more inclusive, resilient, and prosperous societies. For the development of reliable ICT infrastructure, around 600,000 villages in India are connected through optical fibre cable, whereas small and remote islands and other inaccessible areas are connected through satellite communication services and submarine cable networks.

During the high-level dialogue on Artificial Intelligence (AI), the minister apprised the audience of the Government of India's policy initiatives to mobilise AI's emerging sector. India’s National Strategy for Artificial Intelligence (AI) has formulated the way forward to harness the power of AI in various fields, especially in healthcare, agriculture, education, smart cities and infrastructure, and smart mobility and transportation. Emphasising the India-Japan collaborations in the telecom sector, the minister urged the Japanese companies to be part of India’s initiatives in telecom sectors. He also points out that India-Japan collaboration in the area of Open RAN, Massive MIMO, Quantum Communications, Connected Cars, 5G uses cases, and 6G innovation will bring forth the strengths of two ecosystems allowing the creation of leading global solutions.[3]

CERT-In issued an advisory on multiple vulnerabilities in Microsoft Product

On 16 June 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory— CIAD-2022-0017, regarding multiple vulnerabilities that have been discovered in various Microsoft products which an attacker could exploit to access confidential information, bypass security restrictions, perform a Denial of Service (DoS) attack, escalating privileges, and perform spoofing attacks or executing arbitrary codes on the targeted system.[4]

Cabinet approved MoA by India to set up BIMSTEC Technology Transfer Centre in Sri Lanka

On 14 June 2022, the Union Cabinet chaired by Prime Minister Narendra Modi approved a Memorandum of Association (MoA) by India for establishing the Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) Technology Transfer Facility (TFF), which was signed by the BIMSTEC member countries at the 5th BIMSTEC Summit held at Colombo, Sri Lanka on 30 March 2022. As the primary objective, the BIMSTEC TFF are to coordinate, facilitate, and strengthen cooperation in technology transfer among BIMSTEC member nations by promoting the transfer of technologies, sharing of experiences and capacity building. The TFF shall have the Governing Board, and overall control of activities of the TFF shall be vested in the Governing Board[5].

Public Consultation on Draft National Data Governance Framework Policy held in Delhi

A Public Consultation/stakeholder interaction on Draft National Data Governance Framework Policy was organised on 14 June 2022 in New Delhi, India. Over 250 stakeholders from industry, start-ups, academics, think-tanks, international alliances and government officials from various ministries attended the event. Minister of State of Electronics & Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar highlighted the rapid digitisation of the government and Nagriks within India, and the subsequent rise in data volumes necessitates a framework for harnessing the potential of this data. “PM Narendra Modi encourages public consultations as the most effective way to develop policies with wide inputs from a broad universe of stakeholders.

The Ministry of Electronics and Information Technology (MeitY) follows Public Consultation to ensure international standard laws for India’s globally competitive digital economy and startups,” said Minister Chandrasekhar. The draft policy and its solid foundation will focus on improving the institutional framework for government data sharing, promoting privacy and security by design principles, encouraging the use of anonymisation tools, and ensuring equitable access to non-personal data for both the public and private sectors.[6]

International
G7 agreed to counter cyber threats and disinformation from Russia

On 28 June 2022, the G7 leaders agreed to strengthen their respective countries’ cyber defences against foreign cyber-attacks and disinformation, including threats from Russia. “We commit to strengthen our internal security amidst transnational threats including those posed by Russia and other authoritarian regimes,” read the G7 communique at the end of the Summit held in Germany.[7]

Canadian national police force admitted the use of spyware to hack phones

The Royal Canadian Mounted Police (RCMP) disclosed the information on the usage of spyware to hack mobile devices and gather data, including by remotely turning on the camera and microphone of the suspect’s phone and laptop. However, the RCMP said it only uses such tools in the most serious cases, where less invasive techniques are unsuccessful. Between 2018 and 2020, the RCMP deployed this technique in 10 investigations.

According to the document introduced in the House of Commons (Canada), “the RCMP can use spyware programmes to collect a broad range of data, including text messages, e-mail, photos, videos, audio files, calendar entries, and financial records. The police can also collect “audio recordings of private communications and other sounds within the range of the targeted device, and photographic images of persons, places, and activities viewable by the camera(s) built into the targeted device.”[8]

NATO building cyber response force amid emerging Russian and Chinese threats

On 29 June 2022, the North Atlantic Treaty Organisation (NATO) heads of State and other governments participating in a high-level Summit in Madrid, Spain, announced the creation of the “virtual rapid response cyber capability” to quickly respond to cyber-attacks and other malign activity in cyberspace. According to the Madrid Summit Declaration, NATO plans to bolster its cyber defences through increased civil-military cooperation and expanded partnerships with industry.

“We [NATO] are confronted by cyber, space, hybrid, and other asymmetric threats, and by malicious use of emerging and disruptive technologies. We face systemic competition from those, including China, who challenge our interests, security, and values, and seek to undermine the rules-based international order,” read the document.[9]

Russian hacker group targeted Norway’s public service websites

On 29 June 2022, Norway’s National Security Authority (NSA)’s Director-General Sofie Nystrom informed reporters that the Russian hacker group— Killnet targeted a string of Norwegian public service websites in the latest cyber-attacks. Some websites experienced instability or disruption, but there are no indications that any sensitive or personal information has been compromised. In the Distributed Denial of Service (DDoS) attack, the Public Administration Portal, the corporate page of an online banking identification service, and the Norwegian Labour Inspection Authority (NLIA) were affected. The website of Norway’s largest newspaper was also down for 25 minutes.[10]

China lured jobseekers into cyber-espionage

At a mysterious tech firm, the graduates of Chinese universities have been bagged to pursue a job. It was discovered that the mysterious firm concealed the actual work, which aimed at analysing western objectives for snooping and interpreting hacked data concerning China’s commercial-scale findings system. The recruitment procedure comprised interpretation assessments on confidential papers accessed from the United States government offices and directions to examine people at Johns Hopkins University as a significant intelligence target. In 2021, a United States court accused the company of espionage for the APT40 hacking association of China.

Western intelligence agencies have made allegations against the Chinese association for invading ministry offices, firms, and universities across the United States, Canada, Europe, and the Middle East, following China’s Ministry of State Security (MSS)’s commands. The firm's selection of recently graduated Chinese University students seems to have unknowingly drawn them into the world of spying. When posting job openings on the universities' websites, the tech company only mentioned the position as a translator and withheld all other employment-related details.[11]

Endnotes :

[1]HT Correspondent. “Cyber-secure India Key for development: Amit Shah”, Hindustan Times, 21 June 2022, Available from: https://www.hindustantimes.com/india-news/amit-shah-calls-for-making-india-cyber-secure-nation-101655711986417.html
[2]Government of India. “Cabinet approves Auction of IMT/5G Spectrum”, Press Information Bureau-Cabinet, 15 June 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1834126
[3]Government of India. “India’s ICT strategy hinges on inclusive growth for all sections of the society: Shri Devusinh Chauhan at WSIS 2022”, Press Information Bureau-Ministry of Communications, 02 June 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1830362
[4]Government of India. “CIAD-2022-0017”, Indian Computer Emergency Response Team, 16 June 2022, Available from: https://www.cert-in.org.in/
[5] Government of India. “Cabinet approves MoA by India for establishment of BIMSTEC Technology Transfer Centre at Colombo, Sri Lanka”, Press Information Bureau-Cabinet, 15 June 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1834126
[6]Government of India. “Public Consultation on Draft National Data Governance Framework Policy”, Press Information Bureau-Ministry of Electronics and IT, 16 June 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1834520
[7] “G7 to tackle cyber threats and disinformation from Russia: communique”, Reuters, 28 June 2022, Available from: https://www.reuters.com/world/g7-tackle-cyber-threats-disinformation-russia-communique-2022-06-28/
[8]Forrest, Maura. “Canada’s national police force admits use of spyware to hack phones”, Politico, 29 June 2022, Available from: https://www.politico.com/news/2022/06/29/canada-national-police-spyware-phones-00043092
[9]Demarest, Colin. “NATO forging cyber response force amid growing Russian, Chinese threats”, 30 June 2022, Available from: https://www.c4isrnet.com/cyber/2022/06/30/nato-forging-cyber-response-force-amid-growing-russian-chinese-threats/
[10]Treloar, Stephen. “Russian hackers target Norway in latest volley of cyber attacks”, Bloomberg, 30 June 2022, Available from: https://www.bloomberg.com/news/articles/2022-06-30/russian-hackers-target-norway-in-latest-volley-of-cyber-attacks#xj4y7vzkg
[11]Ghosh, Riya. “China lured graduate jobseekers into digital espionage”, Tech Story, 02 July 2022, Available from: https://techstory.in/china-lured-graduate-jobseekers-into-digital-espionage/

Contact Us