In “zero trust” model, no user is trusted until identity and authorisation are verified
New Delhi:
India has raised the level of alert around its critical infrastructure ahead of the G20 Summit to be held in Delhi this weekend, amid cyber threats originating from foreign shores.
“Indian agencies working overtime to keep a check on China-Pakistan cyber warriors who are trying to undermine India ahead of G20. Keeping cyber threats in mind, India has raised the level of alertness around its critical infrastructure,” a senior officer told NDTV, adding the critical infrastructure includes government websites.
According to him, keeping the scale of the threat, cybersecurity at the summit is being handled by the Computer Emergency Response Team, while the rest of Delhi is being secured by the cybersecurity wing of the Delhi Police.
“The level of alert also has been raised at 28 hotels where VVIPs and delegates would be staying,” he said.
Cyber squads have been stationed at ITC Maurya where US President Joe Biden would be staying. Also, arrangements have been done at The Lalit, Shangri-La, Claridges, Eros Hotel, Radisson Blue, Taj Hotel, Pride Plaza, Vivanta by Taj, Hotel Grand, Ambassador by Taj, The Ashok, Hyatt Regency, JW Marriott, Pullman, Roseate, Andaz Delhi, The Lodhi, The Leela, The Suryaa, The Sherton at Saket, Oberoi Gurgaon, Leela Gurgaon, Trident Gurgaon, Imperial Delh, The Oberoi, and ITC Bharat Gurgaon.
All these hotels have been asked to function on the “principle of zero trust” – that is constant monitoring of all IT assets.
The Home Ministry’s cyber unit said the “zero trust” model relies on strong authentication and authorisation for every device and person before any access or data transfer takes place on a private network, no matter if they are inside or outside that network’s perimeter – from “trust, but verify” to “never trust, always verify”.
In the “zero trust” model, no user or device is trusted to access a resource until their identity and authorisation are verified. This process applies to those normally inside a private network, like an employee on a company computer working remotely from home or on their mobile device while at a conference across the world.
“This also applies to every person or endpoint outside of that network. It makes no difference if you have accessed the network before or not,” an advisory sent to all hotels linked with the G20 summit said.
These arrangements are being done after a meeting in the Home Ministry where the history of cyberattacks during G20 Summits were discussed by security agencies.
In February 2011, a spear phishing attack occurred around the Paris G20 Summit, in which phishing emails and malware attachments were sent to the French Ministry of Finance officials with the aim of accessing classified G20 documents.
In 2014, the personal data of attendees at the G20 meeting in Brisbane was leaked. In June 2017, the Hamburg G20 Summit was targeted by hackers.
Security agencies have been working overtime to stall threats and dispel misinformation campaign, which in the past few days has accelerated into overdrive.
Data of the cybersecurity unit, which functions under the Home Ministry, shows social media warriors from both China and Pakistan are spinning a web of lies to discredit India’s hosting of the world’s mega event in its capital.
“A lot of misinformation is being floated on various sites. Mainly, these platforms are sharing fake information on Jammu and Kashmir. We have managed to block many accounts, but it’s a continuous process,” a senior Home Ministry official said.
