Lately, one of the largest pipelines in the United States, the Colonial Pipeline, was deactivated by a cyber attack. This pipeline supplies about 45% of the fuel consumed on the east coast of the US. While the fuel supply was disrupted by this attack, there was also a jump in gas prices in some parts of the country.It was a ransom attack, where hackers usually threaten to block the critical system or publish confidential data of the target company until the ransom is paid.
The attack on the Colonial Pipeline is an example of cyberattacks in recent years on critical infrastructure that needs to be operational at all times, such as traffic systems, banks, power grids, oil pipelines, and nuclear reactors etc.
Given the rising cyberattacks on critical infrastructure, it becomes imperative for countries like India to develop a strong cybersecurity architecture. Now, before discussing cyberattacks on critical infra, it is important to know about it.
What is critical infrastructure?
Critical infrastructure is a network of assets that needs to be continuously operated to ensure the security of a nation, running the country’s economy and the health or safety of the people.
India needs a robust Cyber Security Framework, Why?
In recent years there has been an increase in cyber attacks targeting critical infrastructure and businesses. These include the WannaCry and NotPetya ransomware attacks in 2017, the 2015 attack on Ukraine’s power grid, and the 2010 Stuxnet attack on the Iranian nuclear reactor. In 2020, RedEcho, a hacker group belonging to China, targeted parts of India’s electricity-related areas, ports and railway infrastructure.
Besides, Cyber attacks are being carried out by one country on other countries to get geopolitical benefits. Also, to avoid responsibility for such attacks, many states use hacking syndicates as proxies. India is so vulnerable to such attacks, given its sour relations with China and Pakistan. Citing all these reasons, the responsibility of securing critical infrastructure from cyberattack has been placed on India’s priority list.
The path is not easy:
A major challenge in protecting critical infrastructure is the reluctance of private and public sector companies to share information about the vulnerability of their systems. They believe that by disclosing their weaknesses and their proprietary information, they can fall behind in competition with their business rivals. For this reason, Indian regulators have warned that the possibility of cyber warfare is being ignored by opposing countries against India only by reactive measures for cyber attacks.
Moreover, India lacks indigenisation in hardware as well as software cybersecurity tools. This makes India’s cyberspace vulnerable to cyber attacks induced by or against hostile countries.
Also, India lacks a reliable cyber-attack deterrence strategy.The absence of a robustcyberattack deterrence strategy means thathostile countries can use various methods, such as espionage, cybercrime and even damage critical infrastructure to harm our country.
Need of the hour:
There is a need for a theory related to cyberwar, which should explain its approach to cyberwar as a whole. It should mention the limits related to aggressive cyber operations and the subject related to cyberattacks, counter-protest against it.
Besides, it is important toset a global benchmark. The national cybersecurity strategy should be seen by India as an important opportunity to implement international law in cyberspace. This can turn the global discussion towards India’s strategic interests and capabilities.
Moreover, the National Cyber Security Strategy should not only clarify the position on non-binding norms but also in relation to the areas targeted by cyber attackers such as health care system, power grid, water supply and financial system. Legal liability should also be included on the line.
There is a need to create opportunities to develop software for cybersecurity and security of digital communication. The Indian government may consider incorporating the cybersecurity architecture in its Make in India program. Also, there is a need to create unique and suitable hardware on the Indian pattern, which can meet the local requirements.
Another important measure is Public-Private Partnership. Given the mutual distrust and vulnerability of the public and private sector, any solution to protect critical infrastructure involves sharing responsibilities and information through public-private partnerships.For this, the focus should be on building an institutional framework, expanding capacity, tightening security standards and developing frameworks related to reporting cybersecurity incidents.
Looking at the future of technology under Industrial Revolution 4.0, an integrated and comprehensive system approach will be successful to protect critical infrastructure from cyber attack.