The article underscores the threat of cyberattacks on the critical infrastructure and also suggests the steps to be taken to secure these infrastructures.

Cyberattack on the power grid

• On October 12 last year, Mumbai plunged into darkness as the electric grid supply to the city failed.
• Recently, a study by Massachusetts-based Recorded Future,  said that the Mumbai power outage could have been a cyberattack aimed at critical infrastructure.
• It was carried out by the state-sponsored group Red Echo.
• As recently as in February, the Centre’s nodal agency National Critical Information Infrastructure Protection Centre (NCIIPC) had reported concerted attempts by Red Echo to hack the critical grid network.
• CERT-In, is reported to have detected the ShadowPad malware in one of the largest supply chain attacks a month after the Mumbai outage.
• Many of the suspected IP addresses identified by NCIIPC and CERT-In were the same and most have been blocked in time.
• The Chinese focus in the past was stealing information and not projecting power, but the situation with India might be different.

Why critical infrastructures are so vulnerable

• As many of these critical infrastructures were never designed keeping security in mind and always focused on productivity and reliability, their vulnerability is more evident today.
• With devices getting more interconnected and dependent on the internet facilitating remote access during a pandemic, the security of cyber-physical systems has, indeed, become a major challenge for utility companies.

Critical information infrastructure protection

• For more than a decade, there have been concerns about critical information infrastructure protection (CIIP).
• In January 2014, the NCIIPC was notified to be the national nodal agency for CIIP and over these years has been working closely with the various agencies.
• In January 2019, the government also announced a National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS), with a budget of Rs 3,660 crore for the next five years, to strengthen the sector.

Way forward

• Most ministries and departments need better budget allocations for cybersecurity as well as a more robust infrastructure, processes and audit system.
• The Industrial Cybersecurity Standards (IEC62443) launched by the Bureau of Indian Standards (BIS), has to be adopted soon.
• For the power sector, a strong regulation on the lines of the North American Electric Reliability Critical Infrastructure Protection (NERC) policy could serve as a guide.

Consider the question “Discuss the importance of critical information infrastructure protection (CIIP)? Also mention the steps taken by the government in this regard.” 

Conclusion

Clearly, the incident is a wake-up call for better preparedness in terms of a more robust cyber security ecosystem in place. The new cyber security policy awaiting imminent announcement will hopefully cater to that.

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now