A wake-up call: India must build resilience against cyber attacks

Digital infection started in Ukraine, but it has spread like plague across 60 countries

This week, yet again, the global economy was hit by cyber attacks that affected sectors as diverse as banking, the transportation industry, chocolate factories and oil refineries. Some attacks seemed designed to just cause disruption; others were backed by demands for ransom to be paid in bitcoin, a cryptocurrency. The digital infection is likely to have started in Ukraine, but it has spread like a plague across at least 60 countries. Some affected companies paid up while others managed to migrate to backups. But the attacks caused huge financial losses and physical damage. This is not the first instance of such malware attacks, yet the worst aspect is that such invasions are likely to happen again, thanks to a proliferation of linked computer systems and the increasing dependence on computerised systems in almost all walks of life. There will also always be unscrupulous hackers exploiting computer systems to make a quick buck, or just to cause chaos for the “Lulz”, as hackers call them.

 
It is apparent that some of the methods used were developed, with government approval, as tools for cyber warfare. Nation-states have used cyberwarfare extensively in the past decade. Stuxnet, a sophisticated and malicious computer worm, was reported to have crippled Iran’s nuclear establishment by physically destroying centrifuges. The Stuxnet attack was believed to be a joint operation funded and run by the Israeli and American security establishments. When Russia and Georgia had a brief conflict in 2008 over the disputed region of South Ossetia, Georgia’s information technology infrastructure was targeted by hackers who knocked the country off the Internet.  Since the start of its conflict with Russia, Ukraine has been hit by several waves of cyber attacks, targeting its physical infrastructure such as power grids.

 
Any 21st-century war is likely to have a large cyber component since all modern military equipment and communication systems are enabled with information technology (IT). Cyber attacks are useful weapons, offering a big bang for the buck. They require relatively little investment to cause large-scale disruption. What is more, such attacks enjoy plausible deniability. But unlike other weapon systems, nation-states cannot control and sequester the tools of cyber warfare. Any smart hacker can design, modify and release malware into the wild and it is impossible to prevent the spread of such malware. Not surprisingly, the ability to cause actual physical damage and chaos has obviously multiplied as civilisation becomes more IT-driven.

 

In this regard, India is at high risk. Quite apart from the defence establishment, Indian Space Research Organisation and big businesses, there is also the drive towards Smart Cities, Digital India, Aadhaar, and the newly unveiled goods and services tax (GST) regime, among other government programmes, where information technology and networking are integral to the structure. India is also enmeshed in multiple “dirty wars” and, therefore, an attractive target for cyber terrorism. India is also a soft target - many so-called smart systems are designed to be accessed by over a billion people.
 
Creating a cyber-security network to protect such assets is a multi-pronged task. It involves “hardening” key infrastructure elements such as the Aadhaar and GST databases so as to render them immune to attempts by hackers. It also involves educating private citizens and businesses to implement safe cyber practices. More importantly, it requires creation of backups to be seamlessly integrated, in case of a disaster.

 
While this is imperative, yet it is unclear if the government has embarked on any such cyber-security initiatives. There have certainly been no attempts to educate private citizens in safe practices, for instance. India’s cyber establishment, thus, remains highly vulnerable to disruption. The latest attacks should be a wake-up call.