The Indian government and major critical infrastructure sectors of the country are vulnerable to cyber-attacks as a group of researchers have found out that there are several flaws in industrial control system (ICS) devices used in the critical sectors.
Critical infrastructure in an industrial sector, whether it's transport, electricity, water, finance, health care, or communications. These are the physical and cyber systems that are so vital to any country. Any attack on these infrastructures will weaken the economic security or public health or national security of a country.
Media reports have been claiming that India has not been prepared to tackle cyberattacks on critical infrastructure. The reports claim that a week-long power outage in Mumbai was caused due to infrastructure failure along with cyberattacks.
However, the power minister of the country has rubbished the media's claims and stated that cyberattack was not responsible for the power failure at all.
The power minister of Maharashtra on the same day mentioned that the Mumbai Cyber Police investigation had suggested a possible cyberattack on critical infrastructure. The cyberattack aimed with the intent to disrupt the power supply.
National Critical Information Infrastructure Protection Centre (NCIIPC) has also reported cyberattacks by Red Echo to hack the critical grid network.
The National Critical Information Infrastructure Protection Centre (NCIIPC) has been set up by the Ministry of Electronics and Information Technology. The NCIIPC is responsible for critical information infrastructure protection (CIIP) of the nation’s IT infrastructure including but not limited to, financial sector, power grid, government computer networks, and systems.
The government also announced a National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS). The CPS is a system, which comprises of computational devices and their physical components that are connected through the network. Examples are healthcare, smart grid, manufacturing, and supply chain management systems. CPS requires an interdisciplinary approach to address cybersecurity challenges in industrial control systems and supervisory control and data acquisition technologies.
The Bureau of Indian Standards (BIS) has approved the first set of cybersecurity standards. The standards will now help to safeguard critical infrastructure in India from destructive cyber-attacks. BIS has collaborated with Indian companies, the government and global cybersecurity companies to establish these standards.
Critical infrastructure has become increasingly vulnerable to cyber-attacks. The power grid ecosystem is a major target of such cyberattacks. The power grid, which includes generation, transmission, and distribution substations, is a critical part of the economy, and its stabilization is of vital national interest.
There are many critical infrastructures which have become more vulnerable to cyberattacks than ever before. These critical infrastructures include power supply systems, water treatment plants, and oil pipelines etc. It has recently found that these infrastructures are not built properly for protection against cyberattacks. These traditional infrastructures were designed to deliver performance and reliability instead of protection against cyberattacks.
The government should adopt the BIS Industrial Cybersecurity Standard. The adoption of this standard will make it safer for everybody if the government doesn't do something bad to us. It's going to cut down on cyber threats and help keep everyone safe.
Ministries and Departments need better budgetary allocations for cybersecurity. The government also need a robust infrastructure, processes and audit system to strengthen cybersecurity. In this direction, the government welcomes new partnership with private sector and IT companies in order to make India hack proof.
India can take examples from the North American Electric Reliability Critical Infrastructure Protection policy. The implementation of the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) policy can bolster the power sector and help strengthen its communication system that acts as a nervous system for the entire sector.
India is now one of the biggest economies in the world. Recently, it was ranked on top of the list for e-waste. The digital revolution and cybercrime are a top priority of India and its intelligence agencies are working day and night to protect its critical infrastructure including Aadhaar, banking systems, power plants, railways etc. However, a counter cyber terrorism policy paper from India is long overdue. It is time for India to release its new cybersecurity policy addressing wider challenges in a connected world.