The government’s decision restricting imports of laptops and tablets comes close to reports that there has been a 133% jump in ransomware attacks in India in the first half of this year.
New Delhi
In addition to promoting “Make in India” laptops and tablets, the Narendra Modi government’s decision to introduce licences for imported IT hardware like laptops, PCs and tablets was, to a great extent, influenced by an alert raised by Ministry of Home Affairs’ (MHA’s) cyber experts tracking vulnerability threats, including terror, spyware and ransomware attacks in the hardware ecosystem.
The government’s decision restricting imports of laptops and tablets comes close to reports that there has been a 133% jump in ransomware attacks in India in the first half of this year. Incidents of cryptojacking, IoT malware and encrypted malware have also risen.
It took a major push from the cyber security and intelligence experts in the MHA and Ministry of Electronics and Information Technology to convince the decision makers to protect the nation’s hardware from espionage by restricting imports of IT hardware, mainly from China, said sources.
The vulnerabilities detected by MHA’s Indian Cybercrime Coordination Centre (I4C), which constantly examines emerging technological developments and predict potential vulnerabilities that can be exploited by cybercriminals, expedited the government’s decision to introduce licensing for importing laptops. As I4C also offers support for development of components of cybercrime combating ecosystem, its views were given due weightage, said an official.
The decision was taken in “national interest”, knowing very well that it could be misconstrued as an attempt to revive “licence raj”, said a top functionary in the MHA. The government is now concerned that laptops and tablets imported from certain countries may contain backdoors, a form of vulnerability that gives a cyber attacker unauthorised access to a laptop or tablet, that could be used by foreign governments to spy on Indian citizens.
Sources said the clampdown on bulk import of laptops and tablets was preceded by an assessment of the threat perception and assessment of its implications on the economy. During the discussions, representatives of finance and commerce ministry had pointed out that a ban on import of IT hardware could cost 1-2% of GDP, apart from inviting retaliatory actions.
In its final decision, the government said that it will grant licences only for the import of laptops and tablets that meet certain security standards. It has also said that it will work with the industry to develop a domestic manufacturing ecosystem for laptops and tablets.
Out of India’s total annual imports, the share of laptops and tablets stands at 1.5%. In the first quarter of 2023, $19.7 billion worth of electronics items were imported. These electronics items included PCs, laptops and tablets.
Giving examples of the threats a cyber expert working under an MHA wing said compromised hardware may support spyware that have capability of capturing images from a laptop even when its camera is not switched on. “Even after a laptop is shut down, some spywares continue to catch voices around it through its mike and relay its translated text through AI,” said a cyber sleuth.
Underlining the need for a robust response to cyber threats, former chief of National Cybersecurity Reference Framework, Lt Gen Rajesh Pant pointed to last year’s cyberattack on All India Institute of Medical Science in Delhi in which five servers were hacked and 1.3 TB data was encrypted. The attack allegedly compromised the records of nearly 3-4 crore patients. The Chinese connection of the hackers of AIIMS has come as a warning for the security establishment in India which brought about an emergency in the government to frame SOPs to counter such attacks. Cyber experts also suggest creation of a full-fledged nodal ministry to manage cybersecurity threats.