The new art of war
As the world increasingly takes to online transactions and electronic systems controls, our corporate and critical national infrastructure may now be facing crippling cyber attacks
When Ranjana Rajagopalan went shopping on the Internet a few months back, an online UPI interface prompted her to initiate a test-transaction of Re. 1, to ensure that payments were going through. She did the needful and settled down in front of the TV, waiting for her package to arrive the same evening. The package did not arrive, but a flurry of text messages did. Through these five-six messages, Ranjana was horrified to learn that her bank account had been debited by Rs 20,000 each time, costing her over Rs 1 lakh before her banker could be reached on the phone and the account frozen after several frantic requests.
That's a small example, the human face of cyberattacks and minor financial misappropriation. Move up the value chain and things begin to get hairy and scary. Around the same time, someone made Rs 1-lakh-plus off Ranjana, at the height of the COVID-19 pandemic in June this year, the Indian Railways network became the victim of a severe cyberattack. It was hit by a malware APT 36 that stole data, including that on critical train and freight movements, instantly transferring it to foreign locations. In absolute shock, the Railway Board had no option but to immediately take its systems offline, unplug the Internet connection and scramble the password. Curiously, this cyberattack on the Railways happened just a day after the Indian government cancelled a 417-km signalling project worth Rs 471 crore with a Chinese company, in retaliation against the bloody intrusion and skirmishes in Ladakh.
Since these two un-connected incidents, the Government jumped into action and formulated a 'Cyber Crisis Management Plan' for countering cyber-attacks and cyber-terrorism, with a clear directive that the same be strictly implemented by all Ministries and Departments of the Central and State Governments. Mock drills have been conducted since then. And why not – after all, India's cyber-preparedness in nationally-critical sectors such as Finance, Defence, Power, Telecom, Transport, Energy and Space is at stake…
7 lakhs, and counting
As mentioned in the introduction, just three weeks back, the Ministry of Electronics and Information Technology said proactive tracking by CERT-In and improved cyber-security awareness among individuals and organizations across sectors has led to increased reporting of incidents. How increased? Well, Parliament was informed that citizens, commercial and legal entities in the country faced nearly seven lakh cyberattacks till August this year alone. Further, a technology report claims that 52,820,874 known local cyber-threats were detected and deleted in the country between January and March this year, an increase of 37 per cent increase in cyberattacks in the first quarter of 2020, compared to the fourth quarter of last year.
As a nation, it is not only our railway network that is at risk. Our power transmission grid, oil networks, dams and airports can also fall prey to cyber-criminals. Through Calendar 2019, media reports revealed that the country's power sector was facing a rising number of cyberattacks, with an average of 30 being reported daily. This led to a huge outcry and rising concerns that this critical infrastructure could be a target of vested interests or foreign powers seeking to paralyze our economy and stymie growth.
Today, India has an integrated national power grid, which makes the entire nation vulnerable in the event of someone breaching the carefully-crafted defences. This vulnerability is more crucial today, given the heightened tensions between India and China in the Ladakh region. And this begs the question – has the nature of modern warfare slowly and surreptitiously changed, with new and grave national security implications?
The US thinks so…
In its annual worldwide Threat Assessment Report, the United States' Office of the Director of National Intelligence gave a scathing insight into the cyber threat posed by various nations and entities. Hinting at a few nation states, in particular (we all know which ones these nations are), the report said these could now successfully target critical infrastructure, such as oil pipelines, electric grids, remotely-controlled and technology-dependent systems, causing 'disruptive effects' virtually anywhere in the world. This poses a serious threat to national security-readiness and institutions worldwide, the report added.
Today's world is increasingly driven by images, and we all saw many 5G patrol robots monitor human masks and temperatures in China as driverless vans sanitized Wuhan streets. These images were jarring in their comparison with the situation in New York and Paris, where piles of bodies of those struck down by the COVID-19 pandemic were heaped like cattle into waiting trucks. That's a stark visual reminder – of shifting global technology leadership.
Without intending to draw a straight parallel, who can forget the massive power outage in Mumbai earlier this week, which saw technical glitches lead to a shutdown on the power-transmission network, leaving millions without electricity for hours? The lack of power saw thousands of businesses down shutters and trains standing listless on railway tracks across the city, even as stock markets and the airport continued to function without interruption, given their adequate backup systems.
Analog in a digital age
To ensure that we have adequate fallbacks in place, we need to embrace a twin-pronged approach – while going digital is all good and fine, we need to continue to hang on to analog as well, across industry sectors. As and when our cutting-edge technology-based systems go down through attacks, it will be an analog that will save the day and keep the flag flying high and the nation's wheels turning.
For instance, the Government has outlined plans to completely electrify the entire Indian Railways network in the next three to five years. While a commendable move, one in keeping with the times, it will be analog (fuel-based locomotives) that would save the day in the event of a Mumbai-like power grid collapse. A thought to chew on is while we go electric, should we also introduce in a sufficient number Clean Emissions Technology-driven diesel locomotives? In the event of a temporary setback, these will protect and run our national economy and assets, without compromising our environmental goals. And these would ensure that during any setback, these lug-horses would reliably transport goods, commodities, troops and materials across the country.
Similarly, communications needs that are largely taken care of by today's 4G networks are great. But we need to retain either the good-old landlines or Ethernet-based systems to ensure continuity of services and protection against any unforeseen crisis or breakdown. In a systematic and targeted manner, all key sectors and services should identify potential weak-points and create back-up systems with such a thought process as the yardstick.
When in Rome…
"Jaisa des, waisa bhes…," crooned Dev Anand in the 1978 classic 'Des Pardes'. We have to face the truth – today's modern and evolved threats are very real and omnipresent. While we, as a nation, have been taking concerted steps to modernize our networks, systems and processes, there have been others who have been working equally hard at creating nefarious skill-sets, means and ways to derail our progress and put up impediments along our walk to a better tomorrow. Today then, since we find ourselves in Rome, we have to do as the Romans do (sic)!
The best in the world have fallen prey to cyber-attacks. To name but a few, technology giants Hewlett Packard and IBM were among a dozen Cloud service providers whose domain was systematically unravelled by nation state-backed hackers over a period of several years, which saw the former lose vast amounts of high-tech, biotech and pharma research, along with IP and financial security details. Further, plinths of personalized information on a slew of private businesses headquartered in the United States and the European Union was also pilfered.
Apart from the Indian Government's resolve on the Digital India front, what also stands us in good stead is that compared to the other nations mentioned, we are still at a nascent stage of Next-Gen technology adoption and implementation. Right now, we have the opportunity to put in place all required safeguards to protect our tomorrow. We just need to understand the immediate need to do so, and then wield the hammer and nail things into place.
The writer is a communications Consultant and clinical analyst. firstname.lastname@example.org. Views expressed are personal