India's Defence Ministry Switches to Ubuntu-Based Maya OS for Enhanced Cybersecurity
India's Defence Ministry is switching from Microsoft Windows to Maya OS, an Ubuntu-based operating system, to improve its cybersecurity posture and protect its critical systems from cyberattacks.
India's Defense Ministry has taken a strategic decision to replace the Microsoft Operating System (OS) on its internet-connected computers with Maya, an Ubuntu-based OS developed locally. The new OS is currently being implemented within the Defense Ministry's computer infrastructure, with plans to extend it to the three branches of the Armed Forces. While the Navy has already approved the use of Maya in its systems, the Army and the Air Force are still evaluating its suitability.
Maya has been developed collaboratively by Indian government agencies in a remarkably short span of six months. Its primary objective is to safeguard against cyber threats, particularly malware attacks, which are increasingly targeting critical infrastructure and government institutions. To further bolster its security, the new OS will be complemented by a protection system called Chakravyuh, which will also be integrated into computers equipped with Maya.
However, what sets this new OS apart and how does it compare to Microsoft's Windows? While both operating systems serve as platforms for users to interact with computer hardware, Maya and Windows exhibit significant differences, not only in terms of cost but also in terms of their underlying architecture.
Windows is a commercial software product offered by Microsoft under a licensing model. It remains the most widely adopted OS, known for its user-friendly installation and operation. Devices running on Microsoft's OS are built upon the Windows NT kernel, which serves as the core of the operating system. The kernel, residing in a computer's Random Access Memory (RAM), provides essential instructions for executing specific tasks.
Before the development of the kernel architecture, programmers used to directly execute code on the processor. In the 1970s, Danish computer scientist Per Brinch Hansen pioneered the concept of separating the tasks performed by a processor from how it executes those tasks. This concept led to the kernel architecture, as seen in the RC 4000 multiprogramming system. This approach separated the policy (what needs to be done) from the mechanism (how it is executed) in OS design.
The initial kernel architecture was monolithic, with a single program encompassing all essential code for kernel-related tasks. While this architecture offered robust hardware abstraction, it became increasingly unwieldy to manage as the lines of code multiplied into the millions.
The limitations of the monolithic architecture prompted the development of a new kernel design known as the microkernel. This design divided the monolithic system into smaller servers, communicating through a compact kernel while allowing for greater user customization.
This shift enabled developers to easily apply patches without the need to reboot the entire kernel. However, the microkernel approach introduced drawbacks such as increased memory usage and more complex software interactions, resulting in reduced overall system performance.
Windows employs a hybrid kernel architecture, combining microkernel design with additional components aimed at enhancing performance. Apple's MacOS similarly utilizes a hybrid kernel known as XNU. In contrast, Ubuntu, the Linux-based OS used as the foundation for Maya, adheres to a monolithic architecture. Various versions of Linux, referred to as "distributions" or "distros," are characterized by their incorporation of free and open-source software. Notably, the Android operating system is also built upon the Linux kernel.
India's transition to the Ubuntu-based Maya OS comes at a time when the global digital landscape faces escalating threats from malware and ransomware attacks. A significant cyber espionage campaign, detected around three years ago, prompted governments worldwide to reevaluate their cybersecurity strategies.
In December 2020, cybersecurity firm FireEye, now rebranded as Trellix, uncovered a cyber espionage campaign that compromised numerous government agencies and private organizations within the United States. The campaign involved infiltrating the Cybersecurity and Infrastructure Security Agency (CISA), a unit under the Department of Homeland Security. The attack, attributed to the Russian intelligence service SVR, underscored the vulnerabilities of critical government networks to cyber threats.
The incident also implicated IT software provider SolarWinds, whose widely adopted network management software, Orion, was exploited to introduce malware disguised as a legitimate software update. The attack impacted a substantial user base, and even Microsoft's own systems were compromised.
In response to the inherent vulnerabilities associated with proprietary software, governments worldwide are increasingly turning to free and open-source software (FOSS) to develop their own secure OS solutions. According to a survey by the Center for Strategic and International Studies (CSIS), a total of 669 open-source policy initiatives have been undertaken by governments globally between 1999 and 2022. The adoption of FOSS aligns not only with cybersecurity concerns but also with modernization efforts aimed at digitizing government services and enhancing interoperability.
As cybersecurity risks remain at the forefront of government agendas, the decision to implement Maya reflects India's commitment to utilizing open-source software as part of its India stack model. However, the transition to open-source software is anticipated to occur gradually, with sensitive ministries leading the way in the near term, according to Sameer Patil, Senior Fellow at the Observer Research Foundation (ORF).
In the ongoing pursuit of bolstered cybersecurity and robust digital infrastructure, India's decision to embrace open-source software marks a significant step toward safeguarding critical systems and sensitive information from evolving cyber threats.