Does India Understand Backdoor Threats?!
Posted by Peo Nathan on September 19, 2017
Category netPulz

History had taught unforgiving lessons to India, from Moghuls to East India Company, and such discourses are often quickly digressed with religious and anti-western sentiments. We live in a globally interconnected world, so, developing enduring partnerships with those who share our values and using caution when dealing with those whose only goal is destroying or weaken us are absolutely important. In this article, I want to focus on the risks of not understanding backdoor threats of the big bad internet. I am talking about the digital security backdoor threats of the information technology (IT) network systems that are the modern equivalent of the historical conquests and Trojans. IT network systems are instrumental in building information technology infrastructures in government agencies and businesses across India. But, does government agencies and businesses in India understand the risks of backdoor vulnerabilities that puts their IT infrastructure at risk for hacking and spying?

In the world connected with internet and when efficiency in delivering products and services is critical, including government services, secure IT infrastructure connected to internet becomes very essential. The fort for any IT infrastructure are perimeter network devices such as routers, switches, firewalls and VPNs. Backdoors could be deliberately built into these network devices, and more often, backdoors are security vulnerabilities overlooked in development and configuration of these network devices. Such backdoors and security vulnerabilities of any such vulnerable network devices expose the entire IT infrastructure behind such devices for hacking and stealing of proprietary and private information. It also exposes, businesses to competition spying, and the government agencies to spying by enemy nations.

India has emerged as the leader in global information technology outsourcing and support over the last three decades that catapulted India to one of the largest rapidly growing economies of the world. This was and is due to a mutually beneficial partnership between the oldest and the largest democracies of the world through the spirit of free enterprise. But, look closer at the information technology services that Indian outsourcing companies provide, and you will see it is predominantly in the areas of infrastructure support and development of computer systems and applications, and not much in the area of network technology development, support or network security. Still Indian telecom and other telecom service providers predominantly use well known network gears from developed parts of the word. Recently, Indian IT hardware market is supposedly flooded with Chinese network gears because of low cost, a hallmark of Chinese products. While India has a huge talent pool in IT systems development, network and digital security talent is limited. Does this pose a serious risk to Indian government agencies and businesses? Yes and no, depends on with whom you are talking!

What should India do? Indian government and businesses in India should seek and promote indigenous network products and service providers. As the network world transforms more towards software defined networking, SDN, the threat is not just from hardware alone. That doesn’t mean that Indians has to start from scratch to develop and deploy network protocols to support their IT infrastructures. Indigenous network hardware manufacturing in India is not there yet, but, indigenous SDN solutions are a quick antidote to the kind of risks I am talking about. Even imported hardware could be overlaid with SDN software that eliminates the threat of adopting low cost imported hardware-software network products. Importing ideas, skills and talents from the developed parts of the world that can power the development, deployment and support of secure network products and services in India are critical to securing Indian government and business IT networks.


Peo Nathan 21-SEP-17

Worth reading: