Cyber attacks on critical Infrastructure

Synopsis: At present Critical infrastructure of India is vulnerable to cyberattacks. The government have to strengthen its cybersecurity initiatives.

Introduction:

Recently Massachusetts-based firm Recorded Future released a study. It mentioned that Mumbai power outages can be a cyber attack aimed at critical infrastructure. The report also mentioned few important things such as,

• The Cyberattack was carried out by the state-sponsored group Red Echo.
• The Red Echo has close ties to the People’s Liberation Army (PLA) and has also behind many recent cyberattacks by China.
• So the cyberattacks probably carry a message from China.
• Chinese cyberattacks in the past focussed on stealing critical information and not on projecting their cyber potential. But their Cyberattack on India might be different.

What is the critical infrastructure?

These are the physical and cyber systems that are so vital to any country. Any attack on these infrastructures will weaken the economic security or public health or national security of a country.

In general 16 sectors are identified as a critical infrastructure of any country. This includes sectors such as the Defence sector, Energy sector, Emergency services, Nuclear reactors and their materials, etc.

What was India’s response to the cyber attack on critical infrastructure?

1. The power minister denied the reports. Further, he mentioned cyberattack was not the reason behind power failure in Mumbai.
2. But, the power minister of Maharashtra on the same day mentioned that the Mumbai Cyber Police investigation had suggested a possible cyberattack on critical infrastructure. The cyberattack aimed with the intent to disrupt the power supply.
3. National Critical Information Infrastructure Protection Centre (NCIIPC) has also reported cyberattacks by Red Echo to hack the critical grid network.

Government initiatives to protect critical infrastructure from cyberattacks:

1. Indian government for the past few decades interested in critical information infrastructure protection (CIIP). So, In 2014 the government made NCIIPC as a national nodal agency for CIIP.
2. In 2019, the government also announced a National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS). The mission allotted a budget of Rs 3,660 crore for five years, to strengthen the Cyber-Physical Systems(CPS).
3. The Bureau of Indian Standards (BIS) also launched the Industrial Cybersecurity Standards (IEC62443). This standard aimed to address and mitigate current and future cybersecurity challenges. Especially in industrial automation and control systems. But the government is yet to adopt the standards.

Vulnerability of Critical Infrastructures:

Critical infrastructure has become increasingly vulnerable to cyber-attacks. The power grid ecosystem is a major target of such cyberattacks.

Critical infrastructures always focused on productivity and reliability during their construction and planning. Further, many of these critical infrastructures were never designed to protect against cyberattacks. This is the main reason for their vulnerability to cyber-attacks.

Suggestions to protect critical infrastructure:

The government has to adopt the BIS Industrial Cybersecurity Standards. This will strengthen cybersecurity.

Apart from that, Ministries and Departments need better budgetary allocations for cybersecurity. The government also need a robust infrastructure, processes and audit system to strengthen cybersecurity.

To strengthen the power sector India needs strong regulation. India can take examples from the North American Electric Reliability Critical Infrastructure Protection (NERC) policy. The policy could serve as a guide to the power sector companies and help in securing their operational technology (OT) networks.

India so far has protected the critical networks like the sensitive Aadhaar ecosystem, the core banking systems etc. To strengthen it further, India can release a new cybersecurity policy addressing wider challenges.

Source: The Indian Express