wordpress blog stats
Connect with us

Hi, what are you looking for?

Influences on social media promoting violent extremism among biggest cyber threats, says NTRO Chairperson

Satish Chandra Jha
Chairperson of NTRO, Satish Chandra Jha, at Nullcon 2020. Credit: Aditi Agrawal

“Influences on social media” that promote “violent extremist ideologies” are among the biggest cyber threats right now, Satish Chandra Jha, the chairperson of National Technical Research Organisation (NTRO), said at Nullcon on March 5. The other threats are data breaches, business espionage, phishing and distributed denial of service attacks, polymorphic malware that change features to be better at contamination, and supply chain contamination. He also said that India is among the five key targets of global cyberattacks.

Jha said that the government of India was aware of the challenges this posed and had created the National Critical Information Infrastructure Protection Centre (NCIIPC) in 2014 to counter threats to critical information infrastructure. NCIIPC recognises six sectors as part of critical information infrastructure: transport, power and energy, telecom, government, strategic and public enterprises, and banking, financial services and insurance. During his welcome address, Jha drew attention to NCIIPC’s Responsible Vulnerability Disclosure Program (RVDP) that allows people to report vulnerabilities in Indian critical information infrastructure to the central government.

Set up in 2004, the NTRO is the technical intelligence agency under the National Security Advisor in the Prime Minister’s Office. The NCIIPC, an agency under the administrative control of the NTRO, was sent to clean up in mid-September 2019, after a “malicious activity” in the external (information technology, not operational) network of the Kudankulam Nuclear Power Plant was detected earlier that month. Jha has been heading the NTRO since 2018 and has previously been the Special Director in the Intelligence Bureau. NTRO was one of the sponsors of Nullcon, an annual information security conference.

India needs to be more proactive about cyber security: Jha also said that he was “agitated” by “growth” in the country. Comparing India to Israel, where they have an organised system and “security is a key consideration”, he said that India severely lags behind. “Any product they [Israelis] develop, they consider the security aspect of it, be it missiles or cyber products,” he said.

NCIIPC’s advisories are not binding: At another panel discussion, Major General Sandeep Sharma, who is part of the NTRO and was instrumental in bringing out the Army’s Cyber Security Strategy, explained that the advisories with suggested patches for security vulnerabilities that NCIIPC issues are not binding except when a system is declared “protected”. “If a system is declared ‘protected’, they [the system operators] have to report the breach, following which the Intelligence Bureau also gets involved,” he said.

Advertisement. Scroll to continue reading.

Digital attribution is practically impossible, says NTRO chief

Jha said that at an international level, the lack of coordination and global policy on dealing with cyber threats is a major problem. Calling attribution of cyberattacks at a global level “shoddy, exasperating and practically impossible”, he said that “anonymous platforms like the dark web and scores of messaging apps make situation more difficult”.

Attribution requires looking at patterns, but that is not foolproof: Sharma said that the question of attribution is very difficult. Attribution is primarily determined by “how people from a particular country use their vectors to attack a particular country”, he explained.

Major General Sandeep Sharma

Major General Sandeep Sharma (centre) at a panel discussion at Nullcon 2020

Sharma said that this includes looking at the techniques, metadata, components of the attack such as the layout of the keyboard, the time of the attack, etc. Even then, he cautioned, “you cannot say with full confidence” that “this is the country from where the attack originated”. “So all these are pointers, suspected pointers,” he said. Such factors “automatically point out to geo-political context,” he later added.

“Everyone follows the Stuxnet pattern. Nobody attacks from a source within their own country. … But the way you understand it is using the components of the attack, you detect certain patterns.” — Major General Sandeep Sharma, NTRO

Motivation of North Korean hackers remains unclear: Sharma said that the motivation of North Korean hackers behind the hack at Kudankulam Nuclear Power Plant’s IT network remains unclear. “That is where the threat intelligence framework comes into the picture. Is it helping somebody else? Or is it a plan for the future? Nobody knows. So if I can decipher that, that will be the best framework that we can ever develop,” he said.

NTRO part of task force working on National Cyber Security Strategy

“Cyber security requires multi-stakeholder approach that includes the government, academia, industry, and platforms like Nullcon,” Jha added. He said that the NTRO is working with the National Cyber Security Coordinator’s Office on the National Cyber Security Strategy. The National Cyber Security Coordinator’s office has created a task force which includes representatives from NCIIPC, MeitY, DoT and other agencies, to work on the Strategy.

No clarity on critical personal data yet: NTRO is “not yet” working on critical personal data since the Personal Data Protection Bill has not been “drafted” (read: enacted) yet, Sharma said. “The work of the concerned people will only start once the Bill is passed. [It is] too premature to say that because there is no clarity on the protection bill itself,” he explained, since “what changes will take place, nobody knows”.

Issue of data localisation is ‘very difficult’: “There is one school of thought that servers should be within India, nothing should go out. Another school of thought, if everything is inside, how do you interact with the world. So the data has to flow and come back, has to flow out and come back,” Sharma said. Even if from a cyber security point of view the server should be within India, that “server also needs to send some data outside”, he pointed out. “India is not an independent entity, whatever we produce we can’t consume it ourselves. We got to send it outside to consume. And we need products from outside. Very difficult one,” he said.

Advertisement. Scroll to continue reading.

Disclosure: I had been invited by Nullcon to conduct a workshop on the Personal Data Protection Bill, 2019, and my stay and travel were sponsored by the organisers.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.


The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ