Critical infrastructure on target: A cyber attack that could be worse than war

(2).jpg
Cyber criminals are more powerful and secretive but not all critical infrastructure is strong enough to resist a cyber attack.
It was as if a Hollywood movie was playing out in Estonia in 2007. The country faced a massive attack. Suddenly, the vital infrastructure came crashing down. Without a sign of the enemy. No bombs exploded. No one invaded the country. From newspaper websites to banks to power system, everything collapsed. The massive cyber attack created chaos all around for several days.
A decade later, cyber criminals are far more powerful and secretive but not all critical infrastructure is strong enough to resist a cyber attack.
In 2015, hackers got control of Ukraine's power grid, plunging thousands of homes and establishments in dark for hours. There was speculation that the attack was a warning against nationalisation of power plants owned by a Russian tycoon.
In 2010, India was the third worst-affected country by computer worm Stuxnet. According to reports, of the 10,000 infected Indian computers at the time, 15 were located at critical infrastructure facilities. These included the Gujarat and Haryana electricity boards and an offshore oil rig of state-owned petroleum explorer ONGC.
The domestic electrical equipment industry has been raising concerns over contracts awarded to Chinese companies for installation of supervisory control and data acquisition systems (SCADA) for power distribution that can lead to foreign control over a sector critical to the country’s growth. SCADA is a computerbased industrial automation control system that practically makes factories and utilities run on their own. In an electrical system, SCADA maintains balance between demand and supply in the grid.
Chinese firms have bagged SCADA contracts for more than 18 cities. Companies such as Harbin Electric, Dongfang Electronics, Shanghai Electric and Sifang Automation either supply equipment or manage power distribution networks in these cities.
The government has taken note of the vulnerability of India's power frid to cyber attacks. According to reports, the government plans to lay down product-wise technical specifications and regulations to ensure that only audited and tested equipment are connected to the electricity grid. It also plans to develop a testing facility for cyber security where sourced equipment can be tested for malware before installation and periodically after commissioning.