Terming as "worrisome" the recent cyberattack at New Delhi's All India Institute of Medical Science (AIIMS), Royal Hansen, the VP- Engineering for Privacy, Safety and Security, Google, said such incidents would continue if proper cyber hygiene is not taken up.
"To me that (AIIMS cyber attack) is a worrisome development. People have been talking about ransomware, and we certainly see a lot of (it) in certain sectors. I worry that if the kind of hygiene that we need is absent, then this will continue," Hansen told Moneycontrol in an interaction in the run-up to the Google for India event in New Delhi.
Last month, a major ransomware attack hit the country's leading hospital and research institute, which left centralised records inaccessible. Hospital services such as generation of unique health identification numbers, new registrations, laboratory reports, billing and patient discharge were also hit.
Google held its annual Google for India 2022 event in India on December 16. Ashwini Vaishnaw, Union Minister of Railways, Communications and Electronics and Information Technology, and Sundar Pichai, CEO of Google and Alphabet, attended the event.
Why ransomware?
In the last 20-30 years, IT work has built up a lot of legacy infrastructure, such as basic programs like Fortran, COBOL and so on, Hansen said. These areas would have a simple vulnerability, which hackers liked to exploit with ransomware, he said.
"Instead of getting in and having to steal something, the hacker will just encrypt the disk and ask for ransom. It's like a very simple monetisation strategy for poor hygiene in software," Hansen said.
Also read: India's tech policy should balance safety and trust with certainty and innovation: Sundar Pichai
Need for SLSA
He also explained that a software is composed of many libraries such as open source, third party and so on. Developers often don't know what these libraries are or from which library they are uploading the code from.
"So, the production could be vulnerable to a ransomware attack. So, if you really want to understand what kind of vulnerabilities you have, you have to know the provenance of all of your software," he said.
To help with this, particularly validating a code, Google has been stressing on the adoption of Supply Chain Levels for Software Artifacts (SLSA)—an end-to-end framework to ensure supply-chain integrity.
"What it does is that every time you receive code or a binary from somewhere, you use the standard for checking the signature that comes with it, so that I can validate the provenance or source of it," Hansen said.
Investment in the future
Hansen also said that Google has been working on making algorithms ready for quantum computers, which is often used for decrypting.
"A lot of the old algorithms were not designed to withstand the computational powers of a quantum computer; it's relatively simple computational work," Hansen said.
"So we are investing building new algorithms that are resistant to quantum computing attacks. Then we will be embedding those algorithms into the databases, the networks that are on cloud. So you don't even have to go change anything," he added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
