AIIMS cyber attack raises red flags in national security
For the past two days, experts from CERT-IN, NIC and the National Security Council Secretariat led by National Cyber Security Coordinator Lt Gen (Retd) Rajesh Pant have been conducting dry runs on the servers of the All India Institute of Medical Sciences, Delhi to check the resilience of the system to future attacks after 5 out of 100 physical and virtual servers were corrupted by attacks that some government officials believe originated in China.
According to people familiar with the AIIMS cyberattack, the corrupted servers have been isolated and the system is being tested for its resilience. The responders have also recommended the creation of a full-fledged cyber-security division at the VVIP hospital to ensure against future cyber warfare. It is learnt that Delhi AIIMS have been advised to use hierarchical computer architecture with built in redundancies in place of the present flat computer architecture in the hospital that caters to the medical requirements of the highest in the land including the President and the Prime Minister . Top government experts dismiss the ransom demand as mere sensationalism or an effort to mislead responders; and there was no cyberattack on Safdarjung Hospital servers as reported in certain sections of the media, but a malfunction that was corrected.
While government cyber experts are examining how to effectively firewall AIIMS servers, the incident has exposed the vulnerability of the critical and core sector to cyberattacks. As the issue comes under the purview of national security, most experts are tight-lipped, but the AIIMS incident, they admit, has redflagged the vulnerability of the government sector – all ministries have separate portals and are separately vulnerable – to cyber-attack and hybrid warfare
HT learns that SingCERT, the cyber security agency of Singapore, informed India through institutionalized channels that China was testing the resilience of the Indian system as part of hybrid warfare in 2019, when the Indian Air Force launched the Balakot attack on February 26, as a retaliation for the February 14 Pulwama terror strike by the Pakistan- based Jaish-e-Mohammed terror group. It is understood that the Singapore government picked up multiple attacks on Indian government and military servers at that key moment.
Given that hybrid warfare or coordinated physical and cyber-attacks is the future of warfare, big powers such as the US, China, Russia, France have built effective firewalls to protect their government servers from attacks by an adversarial power. These countries allow government servers to operate from a single portal, which is extensively fire-walled and protected, rather than multiple portals which basically allow multiple entries into interconnected government systems. The Indian servers are not only vulnerable to China but a large number of attacks come from arch rival Pakistan through third countries in Eastern Europe and the Middle-East, people familiar with the matter said.
The attack on AIIMS came to light on November 23 when users found they could not access a key application that manages appointments, stores medical records and hosts reports from diagnostic tests carried out by the facility.