The NTSB has advised all federal departments to refrain from using IT products and services from India, Israel, or their partners due to potential cyber security risks. These products and services could contain backdoors or malware, posing a threat to government organizations’ data and systems.
The advisory comes after several incidents of cyber-attacks on public sector organizations in the recent past, which revealed the involvement of Indian-based threat actors. These attacks not only caused disruption of services and loss of data but also damaged the reputation of the organizations.
The NTISB has advised government departments to follow certain measures to protect their businesses and critical data. These measures include:
Not procuring IT hardware solutions from India and Israel, as per the existing ban by the Commerce Division.Avoid procuring IT security solutions (e.g., Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Management, Extended Detection and Response, Mobile Device Management, and DDOS Mitigation Solutions) from India, Israel, or their partners. This is because of the increased risk of backdoors or malware.We should discontinue using online software solutions from India, Israel, or their partners. Instead, we should migrate to alternative solutions while considering business continuity.Using offline software solutions with associated risk acceptance, without applying updates/patches or connecting to the internet.A certificate is required from the Vendor/OEM confirming the absence of backdoors, eavesdropping, or remote access mechanisms. Breaching this condition may result in contract cancellation and firm blacklisting.Including relevant security clauses in the SLA (if applicable) to ensure the safety of businesses and critical data.Conducting code walkthroughs and detailed security assessments through PTA-approved auditing firms for critical information infrastructure. Also ensuring random penetration testing.
The NTISB emphasizes that government organizations must implement cybersecurity measures. They should be cautious to prevent cyber threats from India, Israel, or their partners. The NTISB supports and guides government organizations in this.