Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT-In) and coordinator of the committee on cyber laws, says the team is gearing up to address the increasing mobile internet usage. In an interview with Shivani Shinde, he talks about the changing technology landscape. Edited excerpts:
How serious is the threat from increasing access to the internet through mobile phones? How can CERT-In address this?
Mobile phones are a concern because of the number of users. Besides, users download applications for free; even hackers know you are downloading apps for free. A computer system has more resources and more storage, and you can use security software to protect it. But this is not the case with mobile phones. These have limited storage and, therefore, limited capacity for security software. We have started developing a security covering around operating systems like Android and Windows. We hope we would be able to bring out a secured system and, perhaps, mandate the people of the country to use this solution.
What are CERT-In’s key areas of concern?
Cyberspace is a huge area, and the penetration would only increase. The challenge is how do I secure Indian cyber users to ensure they surf safely? How do we create or increase awareness? In conjunction, how do we face the capacity challenge, in terms of capable manpower? Today, the manpower addressing the cyber security issue is limited. We need 4,00,000 skilled people to address this; currently, we have just about 32,000 skilled people. We need people to address aspects like technology procurement and legal issues, and train the police and the judiciary in understanding the cyber segment.
The number of attacks on government website has increased.
That attacks on government websites have increased is true. The nature of these attacks has also changed. They are targeted towards stealing information and installing malicious software. Another dangerous trend is hackers install software on the hacked website and use it as a platform to launch other attacks. This allows them to camouflage their routes. This is not specific to India; it is happening worldwide.
The government is aware of these incidents. We track sites that are hacked and try to get in touch with all the parties that report to us. According to our mandate we try to help them, study the logs, look into the vulnerabilities that have been exploited and consider what needs to be done. We have started an intensive auditing process, for which we have also empanelled auditors.
They would carry out audits, including vulnerability assessment, and penetration tests of systems of government organisations.
We also carry out security drills with industries, government agencies, companies and internet service providers. We push malicious codes and see what kind of loopholes systems have.
The recent ‘hacktivism’ by Anonymous on censorship hit several government websites.
These attacks were carried out with malicious intent, and I think all these were funded. The ‘Anonymous’ community had last surfaced when the Madras High Court had passed an order banning certain films. This is a group that tries to create terror and panic. Recently, when they started from Mumbai, we were monitoring them. We told the Department of Telecommunications and the National Informatics Centre what steps had to be taken. All these attacks were distributed denial of services (DoS) attacks.
We provided our facility to protect governments websites to counter DoS attacks. As a result, the attacks were aimed at us; these continued for 10 days. I have seen interceptions from these hackers. They made our systems slow, which meant our response time was slow. But beyond that, they could not enter our systems.
How difficult was it to monitor and respond to the attacks?
For the ‘Anonymous’ attacks, every attack was different. These started with five-megabit traffic; by the time these ended, these were pushing 70-megabit of traffic. They Japanese websites were hacked. So, the nature of hacking changes over time. We are gearing up. The other challenge was these hackers used virtual private network connections. In this case, the hackers were routing from Sweden.
The government has faced severe criticism over some of its action, especially its decision to block a few websites. Could this have been handled in a better manner?
We believe in freedom of speech and expression. However, this was an emergency. And, in such a situation, you have to cut off the source of the problem. People were misusing social networking sites by posting wrong information. Morphed images were being circulated and users were using clips and circulating these via MMSs. If you have fire, you need to extinguish it first. Even when riots broke out in London, access to social networking sites was stopped for seven hours.
In a transparency report by Google, the numbers of requests for blocking websites were more in countries that have absolute freedom, compared to India.
The government has complained popular websites take time to act on its requests. Is the turnaround time long? When we had sent advisories to some websites, these heard us and, on the face of it, agreed. But nothing was done. They have cooperated with the government, but according to their guidelines. They never shared the details of the people who uploaded the matter. How do we catch these people who spread such information? It is this area in which we seek cooperation. If we ask them for details, they ask us to follow US laws and approach US courts.