Former NSA Narayanan rings cyber alarm

The Aadhaar card scheme was worth looking at for its cyber-security ramifications, he says

By Aditya Nag in Calcutta
  • Published 18.01.19, 12:26 AM
  • Updated 18.01.19, 1:03 PM
  • 2 mins read
  •  
Narayanan speaks at the programme on Wednesday. The Telegraph picture

Former national security adviser and Bengal governor M.K. Narayanan has sounded an alert on how “cyber terrorism” can cripple the economy and stressed the need for protecting cyberspace against such attacks.

“Growing inter-connectivity has effectively demolished traditional security perimeters. Financial services, banks, manufacturing and the healthcare industry are among the most targeted. Insider threats are growing at an exponential rate,” he told a seminar in Calcutta on Wednesday.

The 6th annual economic summit titled “Cyber Terrorism and the Economy — A Gathering Storm” was organised by the Research Centre for Eastern and North Eastern Regional Studies, Calcutta, and the Bengal Chamber of Commerce and Industry.

Narayanan, who was joined on the dais by former Chief of Staff Shankar Roychowdhury and Chief of the Air Staff Arup Raha, referred to the dangers that the digital age faces from “malware”, or malicious software, that is designed to cripple computer systems remotely.

“Cyber warfare is a slow poison, silently administered by non-attributable, physically non-intrusive, generally undetectable elements,” said General Roychowdhury (retd), patron of the research centre.

Narayanan said the Aadhaar card scheme was worth looking at for its cyber-security ramifications.

“The use of Aadhaar cards is becoming ubiquitous. The danger is that not only is it becoming easier to mask an identity online, but once malware codes come into the open market, it can be bought and re-purposed by hackers and nation states across the world,” he said.

In late 2016, political parties and social activists protested the Aadhaar Act, saying mandating the UIDAI’s 12-digit number for essential services was a violation of the fundamental right to privacy.

Narayanan said infamous Equifax breaches of 2017 or the Marriott hacks of 2018 — while extremely significant — were not “cyber terrorism”.

Equifax is a data analytics company from which millions of credit cards details were stolen by hackers in 2017. Similarly, hackers stole personal and financial information of over 500 million guests of the Marriott group through a single hack in 2018.

He referred instead to more insidious cases such as the StuxNet virus, which was launched in 2012 to undermine Iran’s nuclear programme, and which was subsequently repurposed by Iran to attack computers of the Saudi American Oil Company.

Narayanan also referred to the presence of “cyber arms dealers” in various countries, who sell malware both to corporations and to governments.

“Unlike viruses or computer attacks that result in a denial of service, a cyber terrorist attack is designed to cause physical violence or extreme financial harm,” Narayanan said. Narayanan also warned for a careful transition to the “Internet of Things” — the popular term for imminent time in which most infrastructures will be connected to the Internet.

Every end-point, every node, every device connected to enterprise networks has become a point of entry for cyber attackers,” he said.