The Defence Research and Development Organization (DRDO), which is in charge of the nation’s missile development projects, suffered a significant breach that the Indian security establishment discovered, exposing security grid flaws. The breach involved the misappropriation of the company’s extremely secure intranet, in which a private vendor filed a bid using the exact IP address that the company had used to announce the tender.

The incident took place in July at the Advanced Systems Laboratory (ASL) in Hyderabad, which creates cutting-edge core technologies needed for designing and constructing Indian missile systems, including ballistic missiles capable of delivering nuclear warheads. The bid in dispute was for the purchase of a missile component.

A device can be identified by its IP address on the internet or a local network. The rules defining the format of data delivered over the internet or a local network are known as “Internet Protocol,” or IP.

Since the intranet connects all DRDO laboratories, rather than WiFi, the IP address compromise at ASL is perceived as a severe security risk. Because ASL is a high-security area and visitors must pass through rigorous screening in order to enter, security and intelligence authorities are even more concerned. Unnamed Indian security official: “If outsiders can access your intranet device, they can also get their hands on all sorts of the material linked to missile development or any other classified DRDO programmes.” “There has been a security violation in addition to corruption in this case.”

895 suspected examples of collusion between purchasers (government agencies) and sellers (private vendors), according to a DRDO internal report published last month, were discovered between April 2021 and January this year. The defense ministry was now examining these cases.

In the ASL case, an internal investigation determined that the error had happened at a demanding officer’s level. The vendor allegedly utilized the lab’s system or equipment to submit the tender offer. “The same IP address is shared by all ASL systems, including all work centers. The buyer’s (ASL) and seller’s (vendor) IP addresses were discovered to be the same, suggesting a potential conspiracy, “DRDO’s note stated this.

When contacted for an official response to the ASL incident, the DRDO representative was silent. However, ASL has warned all parties involved to stop using procedures that let suppliers access the lab’s intranet. According to DRDO authorities, everyone involved in the processing of contracts is individually and unconditionally liable for any errors made at work, regardless of whether they or a subordinate were accountable. The DRDO note indicated that it was explicitly directed that anyone who misused systems or devices would be held personally accountable and subject to severe disciplinary action.

To increase openness in the procurement process for government agencies, the government created the GeM (Government e-Marketplace) platform in 2016. GeM’s primary goal was to assist government agencies and ministries in acquiring goods and services of the proper kind, quantity, and quality within predetermined timeframes.

Reference