Even as contradictory claims emerge from the Centre and the Maharashtra government over the involvement of Chinese actors in the Mumbai power outage of October last year, the allegations have put the focus on the need for India to be better prepared to protect its critical infrastructure against globally rising cyber attack attempts on key infrastructure.
Cybersecurity experts pointed out that this is particularly significant given the increasing interconnectedness of sectors and proliferation of entry points into the internet, which could further grow with the introduction of 5G networks.
As per reports. A National Cyber Security Strategy is being formulated by the Office of National Cyber Security Coordinator at the National Security Council Secretariat.
A strategy document prepared by an inter-ministerial task force involving representatives from different central government ministries and departments has now been forwarded to an Empowered Technology Group for consultation.
Once the process is through, the document will be placed before the Cabinet Committee on Security for deliberations and approval.
Hackers targeting critical infrastructure is not a new trend but experts believe that propensity for damage is more than ever, especially with countries investing in cyber offensive capabilities.
In 2015, in what was the first known successful cyber-attack on a power grid, hackers compromised systems of three energy distribution companies in Ukraine thereby disrupting the electricity supply.
“Critical infrastructure is getting digitized in a very fast way — this includes financial services, banks, power, manufacturing, nuclear power plants, etc. Because of these a lot of security issues arise. We just saw the SolarWinds hack, which impacted national critical infrastructure in the US. Most countries are not prepared for combating the sophistication of attacks that are happening,” Saket Modi, co-founder & CEO of cybersecurity firm Safe Security said.
“A lot of countries have started taking advantage of this. They’re spending an unprecedented amount of money and are building armies. Israel is a good example, they say that there is a fourth unit in the defense system, which is for defense and offense. Most countries though are not prepared", said Saket Modi.
"India not being an exception but there is a need for a high level of preparedness because an attack can have a great impact on the economy, safety, etc,” Modi added.
For the Mumbai incident, while the Centre has denied that the outage was a result of a cyber attack by Chinese group Red Echo, the Maharashtra government — citing an analysis of Maharashtra Cyber Police’s report by Maharashtra State Electricity Board’s (MSEB) Supervisory Control and Data Acquisition system — said: “there is some evidence to point at probable cyber sabotage on MSEB servers”.
In addition to the Mumbai incident, Chinese actors are also said to be involved in the cyber attack on IT systems of vaccine makers Serum Institute of India and Bharat Biotech.
There were 6.97 lakh cybersecurity incidents reported in the first eight months of 2020, nearly equivalent to the previous four years combined, according to information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), suggesting a surge in cyber incidents.
The surge in number is perceptive since 2018 – 2.08 lakh reported incidents of cyber attacks– and 3.94 incidents reported in 2019. In 2017, the number was 53,117 and 50,362 in 2016.
Consequently, there is also a need for an updated cybersecurity policy in the country, which the Ministry of Electronics & Information Technology is expected to come out with soon. The current cybersecurity framework put out by the government dates back to 2013.
“It is important for the corporates or the respective government departments to find the gaps in their organizations and address those gaps with the help of next-generation security solutions," said Sunil Sharma, managing director – sales (India & SAARC), at cybersecurity firm Sophos
He also added, "It is essential that there is a layered security system, wherein security threat intelligence sharing is happening between different layers,”