Cyber Security – CERTs, Policy, etc

Cyberattacks reveal vulnerabilities in critical infrastructures


From UPSC perspective, the following things are important :

Prelims level : Ransomware

Mains level : Paper 3- Threat of cyberattacks

The article highlights the threat posed by cyberattacks to our critical infrastructure and suggest the ways to deal with the the ever evolving threat.

Civilian targets of cyberattacks

  • Several high-profile cyberattacks were reported from the United States during the past several months.
  • These attacks were all primarily on civilian targets, though each one was of critical importance.
  • Obviously cyber, which is often referred to as the fifth domain/dimension of warfare, is now largely being employed against civilian targets.
  • Most nations have been concentrating till date mainly on erecting cyber defences to protect military and strategic targets, but this will now need to change.


  • Defending civilian targets, and more so critical infrastructure, against cyberattacks such as ransomware and phishing is almost certain to stretch the capability and resources of governments across the globe.
  • The distinction between military and civilian targets is increasingly getting erased and the consequences of this could be indeterminate.
  •  In the civilian domain, two key manifestations of the ‘cat and mouse game’ of cyber warfare today, are ransomware and phishing, including spear phishing.
  • Banking and financial services were most prone to ransomware attacks till date, but oil, electricity grids, and lately, health care, have begun to figure prominently.
  • Ransomware attacks have skyrocketed, with demands and payments going into multi-millions of dollars.
  • India figures prominently in this list, being one of the most affected.
  • Compromised ‘health information’ is proving to be a vital commodity for use by cybercriminals.
  • All indications are that cybercriminals are increasingly targeting a nation’s health-care system and trying to gain access to patients’ data.
  • The available data aggravates the risk not only to the individual but also to entire communities.
  • Cybercriminals are becoming more sophisticated, and are now engaged in stealing sensitive data in targeted computers before launching a ransomware attack.
  • Also, today’s cybercriminals, specially those specialising in ransomware and similar attacks, are different from the ordinary  criminals.
  • Many are known to practise ‘reverse engineering’ and employ ‘penetration testers’ to probe high secure networks.

Way forward

  • The need to be aware of the nature of the cyber threat to their businesses and take adequate precautionary measures, has become extremely vital.
  • Cybersecurity essentially hinges on data protection. 
  • As data becomes the world’s most precious commodity, attacks on data and data systems are bound to intensify.
  • With mobile and cloud computing expanding rapidly cybersecurity professionals are now engaged in building a ‘Zero Trust Based Environment’, viz., zero trust on end point devices, zero trust on identity, and zero trust on the network to protect all sensitive data. 
  • Building deep technology in cyber is essential.
  • New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities.
  • Pressure also needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.

Consider the question “Several high-profile cyberattacks across the world have exposed vulnerabilities in the critical infrastructure of even advanced nations. In light of this, examine the challenges posed by cyberattacks and suggest measures to deal with these challenges.” 


The threat posed by the cyberattacks highlights the need for improved defences against actual, and potential, cyberattacks by all countries across continents.

Notify of
Inline Feedbacks
View all comments