India: Attacks on infrastructure came from China

The Indian government has singled out China as one of several nations identified to have been responsible for attempts to hack the country's cyber networks.

Minister of State for Communications and IT Shri Milind Deora told India's house of representatives, Lok Sabha, that there had been attempts to hack the government's systems from "time to time".

In a written reply to a series of pre-submitted questions posed the previous day by member of parliament Shri Jose K. Mani, Shri Deora said it was difficult, though, to attribute cyberattacks to a particular country.

"These attacks have been observed to be originating from a number of countries, including China," Deora said. "It has been observed that the attackers are compromising computer systems located in different parts of the world, and use masquerading techniques and hidden servers to hide the identity of actual systems from which the attacks are being launched."

The comments come amid the fiery war-of-words between China and the United States over which state is home to the world's biggest cybercriminal.

The Indian IT minister did not provide specific attack details but said the government had implemented a number of measures to defend the nation's technology infrastructure:

- The Indian Computer Emergency Response Team (CERT-In) conducts mock cybersecurity drills to assess the ability of organizations to withstand cyberattacks;

- All levels of government and critical sectors were expected to implement a Crisis Management Plan to counter cyberattacks and cyberterrorism;

- A 2008 amendment to the Information Technology Act, 2000, provides the legal firepower to address issues connected with security breaches of IT infrastructure;

- CXentral and state governments are advised to periodically audit their entire IT infrastructure including Web sites, and identify and remove weaknesses; and

- The National Informatics Centre (NIC) manages government Web sites and e-mail service and implements measures to secure the government IT infrastructure from cyberattacks.

He revealed that in July 2010, when the Stuxnet virus first targeted industrial control systems of corporations and governmens around the world, Shri Deora's Ministry advised critical-sector organizations, via CERT-IN, to detect and clean infected systems. It also worked with ISPs (Internet service providers) and IT security vendors to detect and clean infected systems, and conducted information workshops.