A decade later, cyber criminals are far more powerful and secretive but not all critical infrastructure is strong enough to resist a cyber attack.
In 2015, hackers got control of Ukraine’s power grid, plunging thousands of homes and establishments in dark for hours. There was speculation that the attack was a warning against nationalisation of power plants owned by a Russian tycoon.
In 2010, India was the third worst-affected country by computer worm Stuxnet. According to reports, of the 10,000 infected Indian computers at the time, 15 were located at critical infrastructure facilities. These included the Gujarat and Haryana electricity boards and an offshore oil rig of state-owned petroleum explorer ONGC.
The domestic electrical equipment industry has been raising concerns over contracts awarded to Chinese companies for installation of supervisory control and data acquisition systems (SCADA) for power distribution that can lead to foreign control over a sector critical to the country’s growth. SCADA is a computerbased industrial automation control system that practically makes factories and utilities run on their own. In an electrical system, SCADA maintains balance between demand and supply in the grid.
Chinese firms have bagged SCADA contracts for more than 18 cities. Companies such as Harbin Electric, Dongfang Electronics, Shanghai Electric and Sifang Automation either supply equipment or manage power distribution networks in these cities.
The government has taken note of the vulnerability of India’s power frid to cyber attacks. According to reports, the government plans to lay down product-wise technical specifications and regulations to ensure that only audited and tested equipment are connected to the electricity grid. It also plans to develop a testing facility for cyber security where sourced equipment can be tested for malware before installation and periodically after commissioning.
An attack on electricity grid can be more debilitating that a military attack since electricity is the life of the nation. Defence, telecom, banking and transportation are the other important parts of critical infrastructure which are vulnerable to cyber threats.
In June this year, a terminal at India’s largest container port, Jawaharlal Nehru Port Trust, was hit by a cyber attack. The terminal with a capacity to handle 1.8 million standard container units ground to a halt. The attack was mounted through a malware called Petya.
An IIT Kanpur study shared with Parliament’s Committee on Finance this year said attacks from the ‘Equation group’—which a WikiLeaks reports said was a clandestine CIA and NSA programme—infected India’s telecom and military sectors and research institutes.
The government is planning to create a new tri-service defence agency for cyber warfare. This Defence Cyber Agency will work in coordination with the National Cyber Security Advisor. It will have more than 1,000 experts who will be distributed into a number of formations of the Army, Navy and IAF.
China is increasingly being seen as a possible source of any future threat to India’s critical infrastructure. In August, the government directed 21 smartphone makers, most of which are Chinese, to inform it about the procedures and processes they follow to ensure the security of mobile phones sold in India, following reports of data leakage at a Chinese telecom company.
A cyber attack on critical infrastructure could be a preferred mode of attack in a future war. It can cripple a nation without firing a single shot.