On March 18th, The Minister for Road, Transport and Highways informed Lok Sabha that it would implement a GPS-based toll collection system and remove all toll boots within a year. Soon after, CERT-In alerted his Ministry about targeted intrusion operations aimed at the Indian transportation sector with possible malicious intent. Responding to the later, the Transport Ministry has advised its departments and organisations to strengthen security and infrastructure.
“Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards Indian Transport sector with possible malicious intentions. The Ministry has advised departments and organisations under the transport sector to strengthen the security posture of their infrastructure.
Accordingly, NIC, NHAI, NHIDCL, IRC, IAHE, State PWDs, Testing agencies and Automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies regularly and take all actions as per their recommendations. The audit report and the ATR to be regularly submitted to the Ministry.”
What happened to FASTag though?
Without thinking much about the privacy and surveillance implications of GPS imaging, the Minister is claiming to remove all physical toll booth in the country. No toll booth, means no more FASTags. However, the reasoning seems to be quite quirky. He claims that 93% vehicles pay toll using FASTag, but the remaining 7% had still not adopted it despite paying double the toll. No other reason was provided for removing the newly introduced FASTags and moving on to the GPS based toll collection system, which could be exploited for surveillance.
The security scare comes in the wake of a rash of cyber attacks on Indian government websites in recent months. Recently it was also revealed that a phishing scam targeting Indian Bank customers was carried out which tried to trick them into sharing their passwords on a page that looked exactly like the government’s official mail server sign-on website. The attackers could gain access to sensitive credentials and files if an official fell for it. The Income Tax department also issued an alert the next day to large groups of officials in response to the development.
In another case of a cyberattack, a Chinese state-backed attack was reported which targeted the IT systems of Serum Institute of India and Bharat Biotech, the manufacturers of COVID-19 vaccines in India. Apart from this, it was also revealed that the last year’s October 13 Mumbai blackout was also backed by China. The Critical Infrastructure Information was also hacked in an attack by the Sakura Samurai Group, and the recent attack on Zee5’s database lead to an information leak of 9mn users. Lastly, as per IBM’s X-Force Threat Intelligence Index, India ranks second among countries targeted by cyber-attacks in Asia.