Cyber attacks are rising and the only defence is security, but what exactly is cyber security and how vulnerable are we to these attacks?
It may come as a shock to many but the fact is that India has witnessed around 80 million cyber-attacks and threats so far. In the first three months of 2022, we witnessed some 200,000 cyber-attacks every day and they are increasing with every passing day. The quantum of the attacks is enough to become alarmed and take preventive measures. But the fact remains that our cyber security has not kept pace with cyber warfare which has grown in its scope and techniques in leaps and bounds.
Most of us understand cyber security on the personal level, online bank fraud or leaking of pictures on a smartphone, cloning of the ATM card, and so on. Most of them are designed for financial bungling by an individual or a group having some understanding of how digital stuff works. But the fact is cyber-attack is huge in their scope and application. Indeed it can hack your credit card and skim the amount but it can also destabilize the whole banking system of a country, cause a crash in the stock market or even paralyze the economy. And this is just the economic aspect of the cyber-attack. When it comes to its military aspect it can be far more devastating than we can imagine. It can launch a missile attack, and cause nuclear plants to shut down or go haywire. To put it briefly cyber war can be far more deadly than conventional war as it can be waged by a few men sitting anywhere in the world and attacking its targets.
To stop it one has to be prepared not with arms and ammunition but with high-end digital security that not only detects the invasion in time but also effectively gives a fitting reply. To do that a robust ecosystem is required and we are still lagging on that front. It is not that the government is not concerned, it is but the tangible results are not coming. So clearly the situation is very alarming. Think of cyber frauds as miniature cyber-attacks. Everyday financial fraud is happening and rising. Innocent people are losing their life's savings. Cooperative banks, nationalized banks financial institutions are being targeted and thousands of crores of rupees are being skimmed by the scammer yet we are unable to put up a system in place which can stop them.
Imagine these are small-time hackers/scammers with limited resources and knowledge base and we are incapacitated against them. Imagine the scenario when a spirited group or country decides to wage a full-fledged cyber war. The government is taking steps to counter it but I am afraid they are not adequate. A robust ecosystem to counter such attacks is missing. We still do not have a roadmap or a comprehensive plan to deal with such situations. No protocols to follow in such a scenario. In an earthquake-like situation where no one knows what to do.
We are pitted against hostile neighbors who know our weaknesses they can jolt the whole country, they can spread rumors, incite riots to meddle with your election process and even make or break your government. So in a way, it can destroy the whole country in a fraction of a second which is very scary. So we are usually taking a very simplistic view of cyber-attack and focusing on small things whereas we must be preparing for the big cyber-attacks as I mentioned earlier that are right now missing.
It is true in a way that no foolproof system can protect you from cyber-attacks. Because it is impossible to make one. There is no such thing as a device or program that if you deploy that you would be secure. You must be vigilant enough to read data that is coming to you. Suppose a pop-up window opens on your mobile how you react to it matters. It may just be an innocuous notification or it could be a smart mischievous program designed to hack your system if you click it you have given it total access and opened the gate of your citadel. Fishing, flushing, etc. are minor things the bigger attacks happen on a much larger scale and years of planning go into them.
I will cite just one example of it, the cyber attack which happened last year on our nuclear plant in Tamil Nadu. A North Korean hacker group penetrated the system. While investigating we checked some 70,000 logs and found that a person had used his personal email to send information to the intranet, that is he connected the intranet with the internet through a duct by that email.
The hackers were looking for that moment and made the most of it. It turned out that they were tracking the whole thing for over three years and waiting for the right time which they got
that day and that was the judgment day. Without going into details for security reasons I just want to put a
long story short a little complacency can ruin you, individually or nationally.
(This is first of a two-part series.)
(Author is Chief Strategic officer and aerospace security, & member Global Advisory Committee, International Solar Alliance. He is also an eminent expert for counter-terrorism for West Asia & Middle East countries. The views expressed are personal)