India’s Defence Cyber Agency (DCA) achieves full operational status to mitigate State-level Cyber Threats

India’s Defence Cyber Agency (DCA) achieves full operational status to mitigate State-level Cyber Threats

Defence Cyber Agency

In 2018, the Central Government approved the establishment of the Defence Cyber Agency (DCA) under the Ministry of Defence. The DCA reported that the agency was fully operational in 2021 and that it had established Cyber Emergency Response Teams (CERT) in all three Services to mitigate cyber threats from state-level cyber adversaries.

India’s national security agencies recently conducted a week-long cyber defence exercise to test the capabilities of the country’s civilian and military digital infrastructure. According to official sources, the training was held under the auspices of the DCA, and its primary goal was to test the resilience of the firewalls that protect India’s critical infrastructure.

In most cases, air-gap and standalone servers protect India’s defence servers. Air-gapping is a technique in which network administrators create an “obstacle” made of air to prevent hackers from inserting hostile programming code in order to compromise network integrity. The hostile code cannot travel beyond the network’s physical boundaries because there are no cables or WiFi connections.

Civilian servers, such as those run by the National Informatics Centre (NIC), are not air-gapped and are frequently hacked. There have been a few reports of NIC servers being compromised. Many cybersecurity threats point to sophisticated attackers, some of whom appear to have resources available only to state actors. These types of attacks necessitate the use of sophisticated resources.

DCA is evaluating national networks in order to improve cyber defences by implementing a more powerful firewall architecture.

It has also been reported that the DCA’s role is not limited to defending the nation’s critical digital infrastructure, but that it can also go on the offensive. It is most likely capable of hacking into networks, conducting surveillance operations, breaking into encrypted communications channels, recovering deleted data from hard drives and cellphones, laying cyber traps for foreign hackers, and accomplishing other complex goals.

The DCA works closely with the National Security Council (NSC), the Defence Research and Development Organization (DRDO), the National Technological Research Organization (NTRO), and the Research and Analysis Wing (RAW). Cyber attacks have targeted all of these organizations. The formation of the DCA adds an extra layer of security to their situation.

India is working on a cyber security strategy. In 2022, Ashwini Vaishnaw, Union Minister for Electronics and Information Technology, informed the Lok Sabha that “the National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy, which holistically looks at addressing issues of security of national cyberspace.” The Presidential Management Office is currently reviewing the draft National Cyber Security Strategy.

Is the DCA authorized by the Ministry of Defence to go on the offensive and take the necessary steps to neutralize or destroy India’s adversaries’ cyber capabilities? A purely defensive strategy, according to the DCA, will not protect the country’s critical digital infrastructure. No country can afford to overlook the possibility of going on the offensive in both real-world and cyberspace battles.

The DSC intends to be prepared to “respond to cyber warfare, with a cohesive response for incidents using centralized threat databases, libraries, and incident records.” However, India’s cyber warfare capabilities are still lacking. According to some reports, Vietnam, Malaysia, Spain, Sweden, New Zealand, Singapore, and a few other countries lag behind in cyber warfare.

It is unclear whether the Ministry of Defence is only addressing cyber attacks or also preparing for cyber warfare. The current emphasis appears to be primarily on the protection of civilian and military data, as well as limited offensive action against hacker groups.