Armed forces further tightening cyber security, IT usage norms

Monday, 1 October 2012 8:23 PM
NEW DELHI: The armed forces are further tightening cyber security and information technology usage norms for all its personnel to prevent the "leaking" of confidential data and information, apart from reiterating strict orders to refrain from posting classified information on social networking websites.

The move comes in the backdrop of mounting online espionage attempts — mainly by China and Pakistan — as also several cases of officers inadvertently posting classified information on social networking sites like FacebookOrkut andTwitter.
All IAF officers, for instance, will now have to sign a declaration that they will not "save or view" any official document on personal computers as well as provide details of digital storage devices being used for official purposes. Any violation will attract strict action, warned IAF authorities.
The Army has already directed all its officers and personnel to even remove their pictures and information showing their affiliation to the service from their personal profiles on social networking websites.
The armed forces are also planning the creation of a joint full-fledged Cyber Command, in addition to Aerospace and Special Operations Commands, to tackle rapidly emerging threats in the cyberspace domain.

The need to be extremely cautious in the use of computer and digital storage devices has also been reemphasized after intelligence alerts pointed to an increase in leakage of classified data from defence establishments through the use of pen drives, removable hard disks, CDs, VCDs etc.
Five to six naval officers are facing a board of inquiry (BoI) after Chinese hackers were detected to have broken into sensitive naval computers, in and around Eastern Navy Command HQs at Visakhapatnam, with the help of "worm-infected" pen-drives.
Another BoI in the Mumbai-based Western Navy Command has recommended stringent action, including dismissal of service, against at least two commanders for posting the location of warships and their patrolling patterns on social networking sites like Facebook.
The armed forces are also planning the creation of a joint full-fledged Cyber Command, in addition to Aerospace and Special Operations Commands, to tackle rapidly emerging threats in the cyberspace domain, as reported by TOI earlier.
Cyber-weapons can cripple an adversary's strategic networks and energy grids, banking and communication, and even sabotage a country's nuclear programme like Iran learnt after the Stuxnet software "worm" destroyed a thousand of its centrifuges couple of years ago.

Indian Air Force issues strict orders to tackle hacking

New Delhi: Every officer of the Indian Air Force (IAF) will now have to sign a declaration that they will not save or view any official document on personal computers. Failure to adhere to this directive will lead to a court marshal and prosecution.The recent directive from the IAF headquarters to all its formations across the country comes after repeated leaks of sensitive documents - some of which are of operational and sensitive in nature - from personal computers of officers and men.
In a recent case, operational documents were found on the personal computer of a young pilot posted at an airbase in Tamil Nadu. A court of inquiry has been initiated.

In another incident this July, it was found that classified data regarding Indian Naval operations were transmitted to IP addresses in China. Later, inquiries revealed that a few naval officers had, against the rules, taken copies of the plans in pen drives from a naval computer, to study. The Chinese-made pen drives allegedly had malwares which transmitted the data back to IP addresses in China once they were used on computers connected to the internet.

Earlier last year, a major with the Indian Army posted in the crucial Andaman and Nicobar Command was investigated by the Intelligence Bureau (IB) and the National Investigative Agency (NIA) when classified Army plans and other sensitive operational data stored in his personal computer reached Pakistan's Inter-Services Intelligence Agency (ISI). The inquiry revealed that the Major was preparing for a course, and had taken copies of presentations and plans in his personal computer, which was subsequently hacked by malware originating from Pakistan.
In almost every case of cyber leak, subsequent inquiries have revealed that officers wanting to study the documents at leisure copied the data from the official systems into their personal computers, and the data later found its way into the cyberspace.

Over the years, cyberspace has emerged as a critical frontier for espionage as the use of computers and dependence on the internet has grown. Thus, document security has emerged as one of critical areas of concern for the government. It is perhaps alluding to these increasing instances of the cyberspace being used by foreign agencies to collect critical information. Prime Minister Manmohan Singh, while addressing top cops of the country at the annual security conference hosted by the Intelligence Bureau earlier this month, said, "Our country's vulnerability to cybercrime is escalating... Large-scale computer attacks on our critical infrastructure and economy can have potentially devastating results. The government is working on a robust cyber security structure."
The Indian armed forces are considering a joint cyber command to deal with document security and hackers, many of whom are funded and used by foreign governments searching for sensitive and strategic information. The Indian Navy has come up with an exclusive Information Technology brigade to be deployed on warships and various sensitive establishments on shore to manage and secure the network and data.
As a general rule, computers in which sensitive information are stored or prepared are never connected to the internet. "The IAF internal communication network, for instance, is not only a stand-alone network with no connection to the net, but also has the system configured in such a way that it doesn't allow external storage devices like pen drives or CDs," a senior MoD official told NDTV. Nonetheless, some officers have been found "keeping copies or preparing documents using critical information in their personal computers, which have subsequently passed out by malwares in the system or hacked," the officer added.