India govt agencies to conduct cyberattacks, gather intel

Country's upcoming cybersecurity policy will designate agencies to gather intelligence abroad and carry out offensive cyber-operations if necessary, to prepare for possibility of cyberattacks targeting critical infrastructure.

India is taking steps to protect its cyberinfrastructure by designating relevant government agencies to carry out offensive cyberattacks on other countries when necessary.

The country's National Security Council (NSC) will soon approve the "comprehensive" plan and designate the Defence Intelligence Agency (DIA) and National Technical Research Organization (NTRO) to carry out offensive cyber-operations if needed, sources told The Times of India in a report Monday. All other intelligence agencies will be authorized to carry out intelligence gathering abroad, but not offensive operations.

Shivshankar Menon, India's national security adviser announced last month the government was in the process of creating a cybersecurity policy which would include efforts to boost its security networks and infrastructure and set up certification systems and monitoring protocols to enable the country to deal with cyberattacks.

The "detailed" policy for national cyber infrastructure protection, which is presently awaiting approval by the NSC, will identify all government agencies involved in the protection of Indian cyberinfrastructure and define their roles, the sources explained.

The proposal also called for the creation of Computer Emergency Response Teams (CERTs) to respond quickly to protect power distribution networks such as air traffic control, traffic networks and other areas heavily dependent on networked systems. It also suggested defense forces be responsible for their own networks' protection.

This move was aimed at defining defensive mechanism and designated agencies involved in offensive cyber-operations, as cyber intrusions often were repeated but aimed at gathering information from critical networks. The government now believed the next stage of an adversary, conducting offensive cyberattacks such as bringing down a power grid or stalling air traffic control systems, was now a possibility, sources said.