The recent breach of part of the network at the largest civil nuclear facility in the Indian state of Tamil Nadu has led the government to seriously consider creating a single authority to oversee the entire spectrum of defensive cyber operations.
The cyber-attack on the Indo-Russian joint venture Kudankulam Nuclear Power Plant (KNPP) in September failed to compromise critical systems, but the fact that the plant’s administrative network was accessed left authorities worried.
The Central government plans to place over a dozen agencies currently engaged in protecting India’s cyber-infrastructure under one nodal authority, the Indian daily The Hindustan Times quoted an anonymous official as saying.
The restructuring exercise is under consideration to ensure better coordination and functioning and do away with individual control over operational and reporting systems, the official added.
Three government ministries, the National Security Council Secretariat (NSCS), the National Technical Research Organisation (NTRO), as well as several other agencies, have their own cyber units at present.
Internationally recognised cyber-security expert and National Cyber-Security Coordinator Lt. Gen. Rajesh Panth has been tasked with the responsibility of bringing together the capabilities of these agencies under one cohesive authority.
The NSCS conducted several rounds of discussions on the issue, and a broad framework has already been worked out, the official told the daily.
The National Cyber Security Policy 2020 will emphasise cyber-security awareness and hygiene. It is likely to suggest a cyber-security course for schools and college curriculums. The government will need to give its consent to the proposal before it is implemented.
Analysts have suggested that when the practice of having a single nodal cyber-security authority is prevalent across the globe, including in places such as the US, UK and Singapore, there is no reason why India should not follow suit.
Last month, the government-owned Nuclear Power Corporation of India Limited (NPCIL) confirmed that one of its systems at its nuclear plant in Tamil Nadu state had been infected by malware.
“Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In (Computer Emergency Response Team) when it was noticed by them on 4 September 2019”, a senior NPCIL official had said in a statement at that time.
Department of Atomic Energy (DAE) specialists were immediately brought in to investigate the matter, and it was found that the infected PC (personal computer) belonged to a user who was linked to the internal Internet-connected network used for administrative purposes.
Located off the Bay of Bengal in the state’s Tirunelveli district, the power plant is the largest nuclear power station in India.
The KKNPP (Kudankulam Nuclear Power Plant) is scheduled to have six VVER-1000 water energy reactors built through a joint venture between Russia’s Atomstroyexport and the NPCIL. Once all six nuclear plants are built, they will generate 6,000 megawatts of electricity.