New Age Cyber Risk – Deep Threat to Nations Critical Infrastructure

Let’s Imagine a situation, where a group of hackers gains access control of power infrastructure and stops the power grid. Immediately millions of homes and businesses will become dysfunctional, communication equipment’s will stop working, banks, hospitals, air traffic and many  vital component of our day to day dependence will come to a stands still. We are living in a world where Critical infrastructure systems e.g. power generation plants, water treatment plants, electricity production, distribution, transportation, public services, telecommunications, critical manufacturing sectors and other platforms are deeply interconnected to form the energy grid. These systems are more complex and connected than ever before. Earlier, in a not so digitised world, power grids and other critical infrastructure operated in isolation but in todays times, these infrastructure are interconnected than ever before.

Targeting of critical infrastructure is a part of warfare strategies, little below the threshold of actual war and may support the strategic objectives of the enemy states. In the digitally interconnected era, cyber-attacks will acts as an efficient means of achieving the objectives of the enemies in a very cost effective way, with lethal outcomes and ineffective complicated web of accountability, falling short of punishing the groups/actors backed by the enemy states. 

In December 2015, we witnessed the first known power outage caused by a large scale cyber-attack when various utilities companies in Ukraine were hit by BlackEnergy malware, leaving hundreds of thousands of homes without electricity for six hours. Apart from electricity, dams are source of city and industrial water supplies, hydroelectric power. In 2016, an alleged Iranian sponsored cyber attack was carried out against Rye Brook Dam in New York, in which the hackers hacked the control of  industrial control systems within the dam, but were unable to cause the damage due to scheduled maintenance of the dam.

According to the various published report, a large number of cyber-attacks has been observed on Indian power sector and seaports. India has seen various intrusion activity against Indian establishment from Chinese state-sponsored groups. According to various published reports, the malware attack on the Kudankulam Nuclear Power Plant (KKNPP), has been attributed to the North Korean state-sponsored threat group known as Lazarus.

Similarly Cyber-attack on nuclear reactors, could have very serious consequences for the humanity. According to U.S. government reports, US Government has accused Russia of conducting a series of cyberattacks aimed at U.S. and European nuclear power plants and other critical infrastructure.  Another alarming example is the Stuxnet attack on Iran’s uranium enrichment facility, generally attributed to the U.S. and Israel.

We are living in a deeply interconnected financial world where Assets are increasingly becoming digital. According to various estimates, Global Financial Services Market is expected to reach $28 Trillion by  2025. Financial Industry is witnessing rapid growth in digital payment services, which are multiplying due to increasing penetration of internet and mobile usage in the society. Heightened technology use invariably increases the vulnerabilities in the system.  Various large financial services companies have suffered a cyber-attack in the past years, while experiencing an increasing rise in hack attempts since the beginning of the COVID-19 pandemic.

Recently, the financial systems of the National Stock Exchange (NSE) were closed for a day because of the slow network caused by a telecommunication glitch. As per the press release by SEBI, the disaster recovery plan did not help the NSE in efficiently restarting its operations.  The disruptions clearly showed that the stock exchange was brought down not just because of simple telecom service failure but probably a digital attack by Chinese. Enemy states are increasingly using the cyber tactics to cause significant damage to opponent country, without resorting to full fledge war. We live in times, where war and rules of engagement with adversary has to be redefined, to include any attempt of subversion on Nations critical infrastructure. In the future, countries infrastructure will be more integrated digitally. Any attempt of cyber misadventure or cyber aggression can cause havoc on the impacted communities and may push the impacted nation to adopt more extreme measures, which may not be good for communities, nations and humanity.

Related articles