India aspires to be the digital hub of the world in the coming years. We are already making giant strides towards achieving that but have we really built enough firewalls to prevent ourselves from a major cyber attack? Let’s recall the July 30 and July 31, 2012, the two days when India faced its worst blackout, leaving over 700 million Indians in about 20 states without electricity, including the capital city Delhi.
The blackout may have been due to the infrastructural failure, but did you know such blackouts can be forced upon us by some mischievous hackers sitting in any part of the world? Are we ready for another chaos? The vulnerability also could be leveraged by the state's enemies to strategically cripple the country’s movement in the state of war. So, it becomes critical for modern cyberwarfare.This episode gave an espionage to cybercriminals on the circumstance a country can face due to such operational failures.
Not just a hypothetical threat: Why power grid espionage has to be taken seriously?
According to India's federal power ministry, the blackout was caused due to certain states over droning power beyond their respective quotas causing the tripping of three grids in a cascade effect. On the other hand, criminal and state-sponsored attackers globally have studied the effects of how a blackout could cause a massive economic impact bringing a nation to a standstill.
Definitely, India did overcome the 2012 crisis however, India still has a long way, it has to pay more attention to the cyber crimes targeted towards power grids and other such sensitive areas like telecom. With the government's vision of building 100 smart cities in India, where each aspect would be centralized using new technology like IoT, SCADA (Supervisory Control and Data Acquisition), Automation and Machine Learning. It would create infinite user data that would be stored in the cloud which might expose the infrastructure to a number of vulnerabilities.
A terrorist could use an electromagnetic pulse to disrupt electronic equipment, knocking out the power grid, causing any country anything over 1 to 2 trillion dollars. Further, it will take over a decade to fix the issues as per the report of a former US Representative Roscoe Bartlett. These sort of attacks on power grids and energy plants are not isolated or unique.
Implementations or Solutions
No doubt India is thinking about cyber security but securing every aspect from the design stage is crucial to restrict any data breach or cyber attacks in the future. Improving cybersecurity across private and government bodies becomes crucial given the increase in cyber espionage.
Indian lawmakers should ensure that not only as a country we get a law that tightens the cybersecurity for power grids but also put a halt on the backdoored hardware supplied by a few Asian countries. Many hardware manufacturers were found backdooring the hardware which could be used to remotely control critical systems. Imagine a scenario, where such hardware is installed in one of the smart city infrastructures, it would become vulnerable to cyber attacks by state-sponsored hackers or malicious actor who can then control the critical infrastructure remotely causing huge damage to the country.
Further, the government and private institutions should pay attention to create awareness around cybersecurity. As, cybercriminals are targeting employees within companies and government bodies by attacking them using social engineering attacks such as phishing, vishing, smishing etc. and later infecting their devices with certain malware in order to get into their infrastructure. To ensure proper protection of the critical infrastructure that we are planning to build, it's important to pay equal attention to People, Process and Technology and quantify the cyber risks for power plants.