In response to recent threats to critical national infrastructure, the Indian government are set to approve plans to allow offensive cyber operations.
The Times of India have reported that the National Security Council (NSC) are to approve a comprehensive cyber security plan including the provision for the Defence Intelligence Agency (DIA) and National Technical Research Organization (NTRO) to carry out offensive cyber operations, if necessary.
This news comes just weeks after the discovery of a massive malware infection, nicknamed Flame, that had been gathering private data from computers in countries including Iran, Syria, and Saudi Arabia.
Kaspersky Labs, who helped uncover the malware, said that Flame was more than likely state sponsored.
Speaking to the BBC Kaspersky Labs’ chief malware expert Vitaly Kamluk said, “Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group.”
This week the same firm have suggested that large portions of code from this new malware threat are also present in versions of the Stuxnet virus which was responsible for several data breaches including Iran’s nuclear development programmes.
The New York Times recently indicated that Stuxnet was developed by the US government following a direct order from President Barack Obama.
India’s much more open approach to their interest in carrying out offensive cyber attacks indicates a significant level of transparency and their determination to protect critical national infrastructure (CNI) from hackers and, potentially, other state-sponsored attacks.
The proposals currently being looked at would see the creation of a National Critical Information Infrastructure Protection Centre which would be a round the clock command and control centre to protect CNI.
The UK invested GB pound 30m over four years in new regional e-crime hubs earlier this year as part of a wider GB pound 650m investment in the fight to tackle cybercrime and cyber attacks.
