Army's comm software is virus-prone

Army's comm software is virus-prone

BEL got the contract, but hired private firm for the job

Army's comm software is virus-prone

The Army's sensitive Command and Information Decision Support System (CIDSS), which is employed during war-time operations, has been found to be vulnerable to virus and trojan attacks and potential hackers.

The CIDSS, named Operation Samvahak, is a software project based on the web and has a database that operates on a number of networked servers and clients. Documents available with Deccan Herald indicate that Bangalore-based defence public sector undertaking Bharat Electronics Ltd (BEL), which was awarded the Rs 140-crore contract by the Army's Directorate General of Information System (DGIS), did not “provide services as per the provisions of the contract.”

The revelations have come at a time when the outgoing Chief of Army Staff, Gen V K Singh, has written to the prime minister about critical deficiencies in key weapon systems many of which have outlasted their life cycles.

According to several “performance certificates” that Deccan Herald accessed, “the critical faults (involving virus attack leading to crashing of servers) led to complete disruption of normal CIDSS functioning” between June and September 2011.

Army sources said although the CIDSS system is not classified, it assumes that status once critical, top secret information is uploaded. The disruption was noticed across several Army field units in Fazilka, Suratgarh, Kota and Jaipur among others in the western sector which is one of the important commands.

What is alarming is that about 116 performance certificates generated over the past two years at the field-level units were suppressed, preventing the matter from being investigated by Army headquarters.

Even when the CIDSS was operationalised in a limited way, virus attacks were noticed, making the system “unstable” and forcing personnel of the technical group of the Electronics and Mechanical Engineers (EME) who subsequently had to refeed the data.

The purchase order for the software for phase-1 of the project was issued by the Army to BEL and the Defence Research and Development Organisation's Centre for Artificial Intelligence and Robotics (CAIR) in 2006. After the project was outsourced to two other firms, Tata Elxi Ltd and YM Tech Pvt Ltd, it was implemented on a pilot basis in Punjab and Rajasthan.

Although phase-1 was declared complete in 2010, the CIDSS system was far from effective because it was based on the old Windows 2000, updates of which are hardly available today. Besides, no anti-virus or firewall was provided, making the system ‘highly vulnerable to virus and trojans.’

Once the warranty and extended warranty of the system expired in September 2010, the Army again awarded BEL the annual maintenance contract (AMC) in June 2011 for a year, at an estimated cost of Rs six crore. Through limited tendering, BEL in turn transferred the entire AMC to a third party civilian vendor, MSM Networks Enterprises, for slightly over Rs three crore.

In 2011, the Army also negotiated with BEL to provide suitable antivirus for the CIDSS, but it was only in the fourth quarter of the AMC that the defence PSU made available a few ‘QUICKHEAL’ antivirus whose market price could not have exceeded Rs one lakh. Sources disclosed that no indigenous action was taken to thwart cyber threats to the system.

The Army, however, continued to battle an unstable system that required frequent server formatting, re-installation and re-feeding of data as BEL even failed to provide backup support and maintenance / repair work cover within the stipulated time frame as agreed in the AMC.

Despite the system's failure, payment was released to BEL even though most field units returned non-satisfactory certificates. It is mandatory that such certificates are signed by the concerned user formation, the EME representative, the DGIS and the Technical Group (EME) before any payment is released.Even as phase-1 has remained grounded, it is learnt that the Army has contracted Phase-2 of the project, the cost of which is Rs 905 crore.

Get a round-up of the day's top stories in your inbox

Check out all newsletters

Get a round-up of the day's top stories in your inbox