G20 Summit: The 'Zero Trust Model' India is following to prevent cyber attacks, explained

With barely two days to the G20 Summit, India has stepped up its cyber security efforts to combat threats coming from foreign sources.

Due to concerns over cyber threats, particularly from China and Pakistan’s warlords, the level of alertness around significant infrastructure has increased, including government websites.

“Indian agencies working overtime to keep a check on China-Pakistan cyber warriors who are trying to undermine India ahead of G20. Keeping cyber threats in mind, India has raised the level of alertness around its critical infrastructure,” NDTV quoted a senior officer saying.

Here’s how it is being prepared.

Also read: What is the G20 and why is it important?

The “Zero Trust” model

The “zero trust” policy, which mandates constant monitoring of all IT assets, is being applied by all participating hotels in advance of the global summit.

The Home Ministry’s cyber division has stressed the significance of this approach, requiring robust authentication and authorisation for every device and person accessing private networks.

By using this strategy, the conventional mentality of “trust but verify” is replaced with “never trust, always verify.”

According to this approach, no person or device is considered reliable for accessing resources until their identity and authorisation are confirmed. This procedure applies to people who are often inside a private network, such as a worker using a company computer from home or a mobile device while attending a conference halfway around the world, reported NDTV.

“This also applies to every person or endpoint outside of that network. It makes no difference if you have accessed the network before or not,” an advisory sent to all hotels linked with the G20 summit said.

Quick Reads

View All

What to expect as UK PM Keir Starmer visits China

‘Biggest FTA’: What gets cheaper in India, how will Europe benefit?

The private network’s users as well as any outside parties requesting access must adhere to this strict procedure.

Also read: G20 Summit: What Xi and Putin’s absence means for India

Securing critical infrastructure

The Indian government is making every effort to protect against cyber dangers.

The summit’s cyber security is being managed by the Defence Research and Development Organisation’s Computer Emergency Response Team (CERT), while the rest of the city is being protected by the Delhi Police’s cyber unit.

All IT assets are subject to ongoing security monitoring, and a firewall-based network login system has been developed. Hotels have been told to set a restriction on the number of concurrent management connections in order to ensure WiFi safety.

A source told the Times of India, “They were briefed to monitor and log all attempts to access network devices. Further, they were told to disable all router interfaces and switch ports that are not used so that unauthorised access to the devices can be stopped.”

28 hotels reserved for VVIPs and attendees for the international event have increased security measures, as per NDTV.

ITC Maurya, The Lalit, Shangri-La, Claridges, Eros Hotel, Radisson Blue, Taj Hotel, Pride Plaza, Vivanta by Taj, Hotel Grand, Ambassador by Taj, The Ashok, Hyatt Regency, JW Marriott, Pullman, Roseate, Andaz Delhi, The Lodhi, The Leela, The Suryaa, The Sherton at Saket, Oberoi Gurgaon, Leela Gurgaon, Trident Gurgaon, Imperial Delhi, The Oberoi, and ITC Bharat Gurgaon, have cyber squads stationed there.

Also read: G20 Summit: Yogesh Saini, the artist giving Delhi a makeover with his murals

Tackling misinformation

Along with the cyber danger, Indian authorities are fending off an increase in misinformation tactics, mostly directed towards Jammu and Kashmir.

Aims to identify and block bogus accounts have been made as a result of social media platforms becoming channels for disseminating misleading information.

Data from the cybersecurity section, a division of the Home Ministry, reveals that social media trolls from China and Pakistan are also creating a web of lies to cast doubt on India’s hosting of the world’s largest event in its capital.

“A lot of misinformation is being floated on various sites. Mainly, these platforms are sharing fake information on Jammu and Kashmir. We have managed to block many accounts, but it’s a continuous process,” the Delhi-based news channel quoted a senior Home Ministry official as saying.

Lessons from previous G20 events

The decision to strengthen cyber security was made in response to earlier mishaps at G20 gatherings.

Strong cyber security measures are essential since high-profile events have in the past been the target of cyberattacks and data leaks.

Around the time of the G20 Summit in Paris in February 2011, phishing emails and malware attachments were sent to representatives of the French Ministry of Finance with the intention of gaining access to confidential G20 papers.

At the G20 summit in Brisbane in 2014, attendees’ personal information was compromised. Hackers also targeted the G20 Summit in Hamburg in June 2017.

With inputs from agencies