Home India Governance After AIIMS ransomware attack, Modi govt’s building a task force to fight...

After AIIMS ransomware attack, Modi govt’s building a task force to fight cyber espionage

DGPs discussed setting up National Counter Ransomware Taskforce last week. This is part of 3-fold measure which also includes drawing up National Information Security Policy Guidelines.

Representational image | Cyber crime | Pexels
Representational image | Cyber crime | Pexels

New Delhi: Shaken by the ransomware attack at the All India Institute of Medical Science (AIIMS) in November, the central government is working on a task force to prevent such attacks in the future, ThePrint has learnt.

Called the National Counter Ransomware Taskforce (NCRT), the force is among the several measures discussed during a meeting of directors general of police held last week, a source at the Ministry of Home Affairs told ThePrint.

The three-day-long All India Conference of Directors General/ Inspectors General of Police  2022 held in Delhi last week was attended by Prime Minister Narendra Modi and Home Minister Amit Shah.

The conference came within two months of the ransomware attack at AIIMS wreaking havoc at India’s premier medical institution and causing a temporary shutdown of its servers.

A senior IPS officer serving in the Ministry of Home Affairs told ThePrint that in order to prevent such attacks, a three-fold security measure was suggested at the meeting, including building an integrated national task force and drawing up National Information Security Policy Guidelines (NISPG). 

The government also plans to hold regular conferences of chief information security officers and routine coordination meetings of the state home secretaries, the source said, adding that the Modi government has already started working on the NCRT.   

A source at the MHA told ThePrint that the government was particularly concerned about cyber espionage, cyber terrorism, and ransomware, especially since the possible involvement of Pakistan and China has come to the fore during investigations into the AIIMS attack.

Also Read: Why are cybercrime convictions low in India? ‘Weak forensics, dark net & cross-border attacks’

Crypto cops 

Apart from ransomware, cryptocurrency-induced cyber attacks are seen as another massive threat to India’s sensitive installations, ThePrint has learnt. 

The source at the MHA told ThePrint that an analysis by India’s central security agencies had revealed that the country has only 12 certified crypto case investigators, which was found to be “inadequate”.

In 2022, the government trained around 8,000 officers across police units and agencies to investigate such cases and 26,000 more have been enrolled for the certification course, the source told ThePrint. 

Steps taken by the central government in September 2019 to combat cybercrime were also reviewed at the meeting, the source said.

In September 2019, the MHA wrote to all state chief secretaries about new measures to combat cybercrime — including instituting the Indian Cyber Crime Coordination Centre. ThePrint has accessed the letter.

The centre, otherwise known as the 14C, was made the nodal agency to fight cybercrime at the national level.

The letter, which ThePrint has accessed, also speaks about the implementation of Mutual Legal Assistance Treaties (MLATs) — a bilateral treaty signed between the countries for providing international cooperation and assistance — in connection with cybercrime.

In addition, the MHA also suggested that states block or remove unlawful content from the web.

Beyond fraud and phishing attacks  

According to a report submitted to the government by the MHA’s 14C, 70 per cent of India’s total number of cybercrime cases are recorded in seven states — Rajasthan, Jharkhand, Uttar Pradesh, Haryana, Delhi, Bihar, and West Bengal, a source in the coordination centre

Of these, around 20 per cent of the cases were reported in 20 districts in these seven states, the source said.

However, despite this, the government is more concerned about cyber espionage, cyber terrorism, and ransomware, especially in light of the AIIMS attack, the source said. 

“There are threats from preloaded smartphones or customised systems. Protection of Critical Information Infrastructure (CII) is of supreme importance to us now as it plays a crucial role in ensuring national security. We are working on developing a response mechanism such as a national firewall and counter ransomware task force,” said a second senior IPS officer working on cyber security issues.  

The government has formed a six-member committee that has three state DGPs, the DGs of the National Critical Information Infrastructure Protection Centre (NCIIPC) and CERT-In, and officers from the  Intelligence Bureau and MHA’s 14C. 

The MHA is also working on a “security audit calendar” — a routine audit of security measures — for ministries and departments, the second source said.

“The MHA in coordination with the state police will identify the hot spots of cyber criminals,” added the senior officer. “It is also working on certain legal amendments related to specific cyber offences.”

(Edited by Uttara Ramaswamy)

Also Read: Mewat is India’s latest Jamtara. And sextortion is the new kill