India training cyber defenders as Russian-linked hackers strike

Mandeep Singh

A major ransomware attack by Russian-linked hackers on one of India’s biggest oil companies in April 2022 was the backdrop for New Delhi’s launch of an initiative to train government officials and key industry personnel in the latest tools and methods of cyber defense.

The attack on Oil India Ltd. (OIL), the nation’s second-largest, state-owned hydrocarbon explorer and producer, caused a networkwide outage affecting internal servers and computers, as well as those of OIL’s clients, according to India’s The Economic Times newspaper. The attack used Russian malware seeded from a server in Nigeria, police told the newspaper. The hackers demanded U.S. $7.5 million from OIL to release their hold on the company’s network. An OIL spokesman told The Economic Times that the affected systems were shut down and purged, allowing company operations to resume.

The attack was not unique. Ransomware assaults on Indian businesses climbed by 218% in 2021, according to research by Palo Alto Networks, a United States-based cybersecurity firm.

The April attack did not dissuade India from apparently requesting the removal of the words “Russia” or “Russian” from the joint statement issued in May by leaders of the Quad grouping, which includes Australia, India, Japan and the U.S. It also did not prompt India to reverse its position and condemn Russia’s invasion of Ukraine.

In response to the growing cyber threat, three Indian government agencies conducted the first National Cyber Security Incident Response Exercise (NCX India) from April 18-29, 2022, to train government and industry personnel. The sponsoring agencies were the National Security Council Secretariat (NSCS), the Data Security Council of India, and the Defence Research and Development Organisation, according to the Indian Ministry of Defence. CybExer Technologies, an Estonian cybersecurity firm that has conducted large cyber exercises, provided the training platform.

“Cybersecurity remains the foundation of any successful digital transformation,” Indian National Security Advisor Ajit Doval said during his NCX India keynote speech. “Any threats in cyberspace directly impact our social, economic and national security and, therefore, we need to safeguard our cyberspace.”

According to the Defence Ministry, the exercise was designed to “help strategic leaders to better understand cyber threats, assess readiness, and develop skills for cyber crisis management and cooperation. This will also help develop and test cybersecurity skills, teamwork, planning, communication, critical thinking and decision-making.”

About 140 officials attended the closed-door exercise, including chief information security officers from critical infrastructure sectors such as electricity, oil, telecommunications and banking. Topics included intrusion detection techniques, malware information sharing platforms, vulnerability handling and penetration testing, network protocols and data flows, and digital forensics.

Retired Indian Army Lt. Gen. Rajesh Pant, pictured, an NSCS coordinator who spoke at NCX India, noted the role of cyber warfare in the Russia-Ukraine conflict. He characterized it as “quasi-kinetic,” adding that effective cyber defense requires a deterrence capability, The Economic Times reported.

India must develop and train personnel to anticipate and respond to cyber threats, Pant said. He emphasized the importance of a national-level cyber exercise to assess, validate and refine stakeholders’ skills and to secure the nation’s cyberspace.

Mandeep Singh is a FORUM contributor reporting from New Delhi, India.

IMAGE CREDIT: INDIAN MINISTRY OF DEFENCE