As the world grapples with escalating cyber threats, recent developments in the United States have underscored the urgent need for robust defences to protect critical infrastructure. President Biden's executive order, empowering the Coast Guard to respond to cybersecurity incidents in the maritime sector, serves as a wake-up call for nations globally, including India, to fortify their digital defences. With mounting concerns over China-linked hacking groups targeting critical infrastructure, particularly in the maritime domain, India must take proactive measures to safeguard its national security interests.
The maritime sector, often overlooked in discussions of cybersecurity, plays a vital role in India's economy and national security. Prime Minister Narendra Modi had stressed the value of security cooperation in the Indian Ocean Region (IOR) at a high-level meeting on maritime security back in 2021. Since then, New Delhi has been embracing the role of a “net-security provider” in IOR. India recently inaugurated an airstrip, jetty, and 6 development projects in Agalega Island, Mauritius, aimed at refurbishing the island’s infrastructure, boosting intelligence & communications facilities, and identifying ships traveling through the IOR. Such endeavours also lend credibility to GoI’s Security & Growth for All in the Region (SAGAR) policy to strengthen its maritime capabilities & presence in IOR. Thus, it becomes imperative to recognize the vulnerabilities inherent in this sector.
China's assertive cyber activities pose a significant threat to India's critical infrastructure, especially in the maritime domain. Aspiring to be a major maritime force per Maritime India Vision (MIV) and Amrit Kaal Vision 2047, New Delhi’s dependence on operational technology (OT) and information technology (IT) systems for automation processes is bound to increase. With this comes the threat of being a target of Chinese state-backed hacking groups.
Recent cyber-attacks against US’ critical infrastructure - led by Volt Typhoon (a Chinese state-backed hacking group) - were the major driving force behind the Biden administration’s issuance of the executive order. Similarly, the notorious APT 10 hacking group, believed to have ties to the Chinese government, has a history of targeting maritime entities globally. In 2018, the group was implicated in a cyber espionage campaign targeting companies involved in maritime technology and defence sectors. Such attacks highlight the sophisticated tactics employed by state-sponsored actors to exploit vulnerabilities in critical infrastructure.
And India cannot afford to ignore the looming threat of cyber warfare. The nation has witnessed several cyber-attacks attributed to state-sponsored actors, with China being a primary suspect. The 2020 cyber-attack on the Indian electricity grid, believed to be the handiwork of Red Echo (a Chinese state-backed group), disrupted power supply in Mumbai and raised concerns about the vulnerability of India's critical infrastructure. In 2022, Chinese backed groups were also alleged to be behind a cyber-attack on Jawaharlal Nehru Port Trust’s IT systems, thus exposing India’s maritime assets to such cyber-attacks. And more recently, the “iSoon leak” uncovered the cyber-attacks against India’s PMO, Reliance, and Air India. These incidents underscore the need for enhanced cybersecurity measures to mitigate the risk of future attacks.
In light of these threats, India must emulate the proactive approach adopted by the United States in strengthening its cyber defences. Empowering agencies like the Coast Guard with the authority to respond to cybersecurity incidents is a crucial step towards bolstering national security. India's Coast Guard, entrusted with safeguarding maritime interests, should be equipped with the necessary resources and capabilities to detect and counter cyber threats in the maritime domain. And in doing so, New Delhi should leverage the Indian Computer Emergency Response Team (CERT-In) to provide training and resources to build such capabilities. Their wide archives on previous cyber-attacks can also prove to be useful case studies for the Coast Guard to learn from.
Furthermore, there is a pressing need for enhancing collaboration between public and private sectors in India while responding to cyber threats. While CERT-In collaborates with the private sector regularly, the companies that are operating out of critical ports in India, should be specifically focused upon for providing training to counter cyber threats emanating from China.
Additionally, investments in cybersecurity infrastructure are paramount to enhancing India's resilience against cyber-attacks. Allocating resources to modernize port infrastructure and deploy advanced cybersecurity technologies will strengthen India's ability to defend against evolving threats. In this regard, the announcement for setting up a Bureau of Port Security by Union Minister for Ports, Shipping, and Waterways, Sarbananda Sonowal, is a welcome step. But the mandate of the same and other details are still awaited, and it remains to be seen whether cybersecurity will be a part of it or not.
Moreover, India must leverage international partnerships and cooperation mechanisms to bolster its cybersecurity capabilities. Collaborative initiatives with like-minded nations, such as the Quad, can facilitate information sharing and capacity-building efforts to counter cyber threats collectively. The third in-person Quad Senior Cyber Group’s Principal Meeting held in December 2023 laid down joint principles in areas of Secure Software, Cybersecurity of Critical Infrastructure, Supply Chain Resilience & Security, and Cyber Awareness. These principles, if leveraged effectively, can significantly bolster India’s cybersecurity capabilities against potential cyber threats.