Indian power systems and seaports targeted by Chinese malware: U.S. firm

Spread the love

A recent grid failure in Mumbai may have been caused by Chinese malware, as per the report. Chinese state-sponsored actors may have deployed malware into Indian power grids and seaports. Last year, border tensions between India-China began escalating and culminating in a deadly clash along the Line of Actual Control (LAC).

The alleged cyber intrusion was revealed by U.S. cybersecurity and intelligence firm, Recorded Future, according to the New York Times.

What China says, it refuted reports that it had initiated cyber attacks against India’s power grid resulting in massive power outages, and also claimed that it is firmly opposed to such irresponsible and ill-intentioned practices.

About Cyber attacks:

  1. Cyber-attacks are defined as “deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks.”
  2. Cyber exploitation or cyber espionage, on the other hand, refers to the penetration of adversary computers and networks to obtain information for intelligence purposes; this is espionage, not a destructive activity.
  3. Cyber-attack weapons are easy to use and they can generate outcomes that range from the simple defacing of a web site to the stealing of data and intellectual property, espionage on target systems and even disruption of critical services.
  4. Likewise, cyber-attack as a mode of conflict raises many operational issues.
    1. For example, how will a country know whether it is the subject of a deliberate cyber attack launched by an enemy government?
    2. How will it prove this?
  5. Proving attribution in cyberspace is a great challenge. It is extremely difficult to attribute cyber-attacks to a nation-state, since collecting irrefutable evidence has proved elusive in almost all cases of this nature in recent years.
  6. The very nature of botnets and zombies makes it difficult to do so. This has led many analysts to conclude that the Internet is the perfect platform for plausible deniability.
  7. Cyber attackers can support military operations. They can disrupt the target’s command, control, and communications.
  8. They can support covert actions to influence governments, events, organizations, or persons, often disguising whoever is launching those actions.
  9. Valuable information and state secrets can be obtained through cyber espionage.

Cyber-attacks can be carried out in a number of ways.

  1. Computer-network attacks
  2. Supply-chain attacks
  3. Attacks on radio networks for GPS and wireless networks
  4. Social-networking-led attacks

Types of cyber threats against nations:

  1. Cyberattacks can be launched against the critical infrastructure of nations that includes telecommunications, energy, financial networks, transportation systems, and water distribution, among others.
  2. Taking advantage of vulnerabilities in these systems, attackers can disable them and disrupt essential services.
  3. An attack on the air traffic control system could not just wreak havoc with flight schedules but also, in the worst case, cause crashes.
  4. The effects are the same as if the infrastructure were bombed or attacked by some other physical measure, without the enemy coming in by air, sea, or land. Likewise, financial networks can be targeted to disrupt a nation’s economy.
  5. Banks, stock exchanges, trading, online payment systems, and other transactions of all kinds can be brought to a grinding halt as if these were physically bombed. This is cyber war or information warfare.
  6. The effects are similar to what would be achieved by Weapons of Mass Destruction (WMD).

Necessity of Cyber-Security:

  1. Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.
  2. Companies have a lot of data and information on their systems. A cyber attack may lead to loss of competitive information (such as patents or original work), loss of employees/customers private data resulting into complete loss of public trust on the integrity of the organization.
  3. A local, state or central government maintains huge amount of confidential data related to country (geographical, military strategic assets etc.) and citizens.
  4. Unauthorized access to the data can lead to serious threats on a country.

As we choose to stay connected, we are moving towards proliferation and assimilation of larger data sets, interacting with one another (big data, machine learning, Artificial Intelligence, Internet of Things); this opens the entire ecosystem to larger threats from social deviants.

It is on the individuals as well as the body corporates to preserve the confidentiality, integrity of data, while ensuring that accessibility to the very data is not compromised on any front.

Conclusion:

Cyber space infringement is a battle that we fight on everyday basis. India needs stringent laws and policy in place to combat these issues.

The extant legal framework does not sufficiently address the concerns of the sector, and there is an imminent requirement to have a comprehensive legislation in place to address the concerns.

The proactive vigilance observed by the body corporates and private individuals, is also being supported by the insurance industry, where cyber-security insurances have garnered immense popularity, and are augmenting the lack of an effective legal regime.

As we welcome the impending legislation, companies in the healthcare and the banking & financial services sector are ensuring that they rely on their own technical and organizational security measures to ensure that the data available with them is not corrupted or is subject to any unwarranted and unauthorized access.

It is often said that the future is a click away, it is important that the click does not lead to any pernicious portal.

Leave a Reply

Your email address will not be published. Required fields are marked *