India is all set to launch a national mission to screen electronic components and software that lie at the core of nuclear, space and missile programmes, says a Deccan Herald report.
The mass sensitisation programme will be run by Electronic Corporation of India Ltd, a public sector undertaking in the department of atomic energy, in collaboration with Indian Institute of Technology, Mumbai which provides technical support and did the groundwork for launching the screening programme.
“We are building a national capacity for mass sensitisation in which a standard rule book is being prepared. The importers of components and software will be asked to follow the standard operating procedure. In the future, we may develop a national facility to screen these components,” YS Mayya, chairman and managing director of ECIL said.
The genesis of the programme, spearheaded by R Chidambaram, principle scientific adviser to the Cabinet, lies in the fear of unknown import of Chinese malware in electronic hardware and software used in strategic electronics.
“In the US, for certain (strategic) applications routers made in other countries (read China) are not used. It has been prohibited by the government,” said Srikumar Banerjee, chairman Atomic Energy Commission.
Australian government too made it mandatory for the industry to use indigenous components in certain products.
“We are concerned about presence of malware in strategic systems. It is easy to introduce trap doors in embedded software, which can be exploited by others. Chips from abroad are areas of concerns,” Mayya said.
With example of Stuxnet fresh in mind and intelligence inputs suggesting Chinese emphasis on creating malware and hacker’s brigade, the government is not taking any chance.
Discovered in June 2010, Stuxnet is a computer worm that spreads to Microsoft Windows and is the first maleware that tamed industrial system. Though the source remains unknown till this date, one of the targets was Iranian nuclear programme. Teheran’s uranium enrichment infrastructure is understood to have been affected adversely by the Stuxnet.
The groundwork for the Indian programme was done by IIT Bombay, which also developed technology to manufacture secure routers in India. “Even though you cannot be 100 per cent sure about the presence of malware without source code, safety and security of foreign products are verified and validated through repeated testing,” said Ashwin Gumaste, James R Issac Chair professor at IITB.
Based on IITB technology, ECIL has produced a secured carrier ethernet transport router for nuclear, defence and space applications. With built-in security features and a fully Indian design, this development is significant in the context of global apprehensions about the vulnerabilities posed by ‘black box’ products, populating the information highways which carry vital and strategic data.
The strategic sector, however, would have to depend on imported components in the absence of an Indian chip fabrication facility. That’s where the screening programme would fit in.