The growing involvement of Chinese tech companies in the Indian market has been flagged as a major ‘national security’ concern by cybersecurity experts, who say India is the “primary target” of Chinese hackers working in the People’s Liberation Army (PLA).
“They have a dedicated cyber war-room within the PLA, which operates out of Beijing. At least 35,000 Chinese hackers are on the payroll of the PLA. Another 1.5 lakh private hackers work on the instructions of the Chinese government,” says Dr Nishikant Ojha, a cybersecurity expert, who in the past has helped Russian and several other foreign governments in devising their cybersecurity strategy.
He further informs NH that a “dedicated 30-member Inter-person Task Force,” comprising top officials from the PLA, supervises China’s cyber operations.
Dr Ojha estimates that a whopping 35 per cent of hacking attacks from China are directed towards India, more than any other country. The government is believed to have an overview of the threats facing India’s cyber sovereignty. “The government is now moving fast on putting together a comprehensive cybersecurity strategy,” he says.
At present though, Dr Ojha believes that the Indian government is “severely under-prepared” for handling the barrage of cyber attacks taking place from Beijing.
“We don’t have a dedicated cyber war room like they have. While hacking attacks from China targeting Indian servers have become a norm, not a single hacking attack towards China has happened yet,” he says.
India’s Computer Emergency Response Team (CERT), the agency tasked with handling cyber attacks, is running at the mercy of “ad-hoc” contractors who are under-trained as well. The CERT works in tandem with India’s defence forces to counter growing cyber threats.
“Even Pakistan is better than us when it comes to countering cyber threats,” Dr Ojha rues, adding that “critical cyber infrastructure” needs to be secured.
It has been reliably learnt that a majority of Chinese hackers have been targeting Indian websites for mainly “political and diplomatic motives.”
Dr Paval Duggal, a Supreme Court lawyer specialising in cybersecurity, says that Chinese tech companies’ growing involvement in the Indian market could have “damaging political implications” as India approaches the 2019 elections.
The veteran SC lawyer says that UC Browser, developed by China’s UCWeb, had been accused of “trying to sway the political outcomes” in the recently concluded Telangana state elections.
“The threat is only going to get bigger in the Lok Sabha elections,” he reckons.
According to the International Data Corporation (IDC), a market intelligence firm, four of the top five mobile phone brands in the Indian market in 2018 were Chinese companies, namely Xiaomi, Vivo, Oppo and Transsion.
He adds that Section (1) and Section (75) of the IT Act do have provisions to deal with “extra-terrestrial” threats, a lack of inter-country cyber cooperation agreement with China means that it can’t be executed.
The Information Technology (IT) Act, 2000 does little to address our cybersecurity challenges. “While we do have a National Cyber Security Policy, developed by the Department of Electronics and Information Technology (DeitY) in 2013, it remains a paper tiger and unimplemented as of now,” says Duggal, adding that India even lags behind countries like Vietnam and Malaysia when it comes to defending its cyber sovereignty.
Duggal recounts that in many of the litigations involving cybersecurity, it has been proven in court that the source of attack lay in China, but nothing could be done thereafter.
“Breaching of security systems and extracting sensitive trade data is what the Chinese hackers mostly do. This is how they mainly operate,” says the cybersecurity lawyer.
He echoes Dr Ojha in stating that a “dedicated cyber force” is the need of the hour.
Even the Prime Minister’s Office (PMO) has been compromised by Chinese malware. Says Duggal, “A couple of years back, at least 600 cyber attacks took place, all directed at the PMO. All of them were found to have come from China.”