The breach involved misuse of the organisation’s highly secure intranet, wherein a private vendor submitted a bid through the very IP address that was used by the organisation to float the tender

The Indian security establishment has stumbled upon a major breach at a top DRDO (Defence Research and Development Organisation) lab spearheading the country’s missile development projects, exposing loopholes in the security grid. The breach involved misuse of the organisation’s highly secure intranet, wherein a private vendor submitted a bid through the very IP address that was used by the organisation to float the tender.

The incident occurred in July at the Hyderabad-based Advanced Systems Laboratory (ASL), which develops state-of-the-art core technologies required for designing and building of Indian missile systems, including ballistic missiles capable of carrying nuclear warheads. The tender in question related to procurement of a missile related component.

IP address is a unique address that identifies a device on the internet or a local network. IP stands for ’Internet Protocol‘, the set of rules governing the format of data sent via the internet or local network.

The breach of IP address at ASL is being seen a serious security issue since all DRDO laboratories are connected through intranet, and not Wifi. Security and intelligence agencies are all the more worried because ASL is a high-security zone where visitors are required to go through stringent checks before they can gain entry. “If outsiders can access your intranet device, then they can also get their hands on all sorts of information related to missile development or any other classified DRDO programmes,” said an Indian security official, who did not wish to be named. “It is not only a case of corruption but a security breach.”

According to an internal note issued by DRDO last month, 895 cases of suspected collusion between buyers (government agencies) and sellers (private vendors) had come to light between April 2021 and January this year. These cases were currently being reviewed by the defence ministry.

In the ASL case, an internal inquiry established that the lapse had occurred at a demanding officer’s level wherein the system or a device of the lab was purportedly used by the vendor to submit the tender bid. “All systems of ASL, including all work centres, have the same IP address. The IP addresses of the buyer (ASL) and the seller (vendor) were found to be identical, indicating a possible collusion,” said the note issued by DRDO.

Reached for official reaction on the ASL episode, the DRDO spokesperson did not offer any comment. ASL, however, has issued a warning to all stakeholders to desist from practices that allow suppliers to use the lab’s intranet. DRDO authorities claim all stakeholders dealing with processing of contracts are personally and unreservedly responsible for lapses at work, whether committed by them or a subordinate. “It is strictly instructed that for any misuse of systems or device, the person or the custodian of the same is personally responsible and liable for strict disciplinary action,” the DRDO note stated.

In 2016, the government had developed the GeM (Government e Marketplace) portal to bring transparency to the tendering process for procurements by government departments. The main objective of GeM was to facilitate government departments and ministries to procure products or services in right quality and quantity and from the right sources within defined timelines.