Indian defence services seek cyber-security, surveillance products

The Indian Navy is looking for an autonomous, artificial intelligence-based threat detection and threat elimination engine to block ransomware and zero-day attacks. The maritime branch of the Indian armed forces said this in a problem statement floated as part of the Defence India Startup Challenge (DISC).

The Ministry of Defence launched the challenge, which is aimed at encouraging startups, small businesses and innovators to create prototypes or commercialise solutions in the areas of national defence and security.

“Ransomware attacks pose a great threat to cloud services and are capable of locking the service with or without damage to system files. Further, zero-day attacks can exploit the vulnerability in the cloud service till the vulnerability is detected by a developer and fixed,” according to the navy’s problem statement. “The solution must provide an AI-powered alert management system that can automatically detect problem ransomware and zero-day attacks and help reduce the workload of security analysts.”

Data from the Indian Computer Emergency Response Team showed that 19 government organisations were affected by ransomware attacks in 2022. Overall, CERT-In observed 198 ransomware attacks affecting Indian companies operating in the country in 2022. The figure was 111 in 2021. Apart from the navy, the Indian Army and the Indian Air Force floated several surveillance and cybersecurity-related problem statements as part of the DSIC.

The army is looking for a platform that can carry out a vulnerability assessment and defacement detection of its internet-facing websites. Web defacement is an attack in which bad actors delete or modify content on the site, replacing it with their own messages.
“The platform must scan the website for the under-mentioned issues and generate a report of the identified vulnerabilities and also suggest required mitigation. Moreover, the platform should be able to scan an Android mobile app to detect any vulnerability or malicious content,” the army said in its problem statement.

The army is also looking for an indigenous, social media monitoring tool for intelligence and operations. “Design and implement a GUI (graphical user interface)-based social media monitoring platform for defined crawling of various social media platforms like Twitter, Facebook, Instagram, Discord, etc,” it said.

The Indian Air Force (IAF) is seeking an antivirus solution capable of handling and identifying complex malware. It also wants a browser plug-in that can detect phishing mails and take appropriate action. Currently, the defence network is air gapped, or disconnected from unsecured networks. However, personnel from all three services use the National Informatics Centre and other email services for personal and official purposes, it said.
This makes them vulnerable to phishing attacks, which are not mitigated by standard security tools (antivirus/firewalls).

“It is proposed to create a browser plug-in for Chrome and Firefox, which is able to detect phishing mails and take appropriate action,” the problem statement added.