This week, yet again, the global economy was hit by cyber attacks that affected sectors as diverse as banking, the transportation industry, chocolate factories and oil refineries. Some attacks seemed designed to just cause disruption; others were backed by demands for ransom to be paid in bitcoin, a cryptocurrency. The digital infection is likely to have started in Ukraine, but it has spread like a plague across at least 60 countries. Some affected companies paid up while others managed to migrate to backups. But the attacks caused huge financial losses and physical damage. This is not the first instance of such malware attacks, yet the worst aspect is that such invasions are likely to happen again, thanks to a proliferation of linked computer systems and the increasing dependence on computerised systems in almost all walks of life. There will also always be unscrupulous hackers exploiting computer systems to make a quick buck, or just to cause chaos for the “Lulz”, as hackers call them.
It is apparent that some of the methods used were developed, with government approval, as tools for cyber warfare. Nation-states have used cyberwarfare extensively in the past decade. Stuxnet, a sophisticated and malicious computer worm, was reported to have crippled Iran’s nuclear establishment by physically destroying centrifuges. The Stuxnet attack was believed to be a joint operation funded and run by the Israeli and American security establishments. When Russia and Georgia had a brief conflict in 2008 over the disputed region of South Ossetia, Georgia’s information technology infrastructure was targeted by hackers who knocked the country off the Internet. Since the start of its conflict with Russia, Ukraine has been hit by several waves of cyber attacks, targeting its physical infrastructure such as power grids.
Any 21st-century war is likely to have a large cyber component since all modern military equipment and communication systems are enabled with information technology (IT). Cyber attacks are useful weapons, offering a big bang for the buck. They require relatively little investment to cause large-scale disruption. What is more, such attacks enjoy plausible deniability. But unlike other weapon systems, nation-states cannot control and sequester the tools of cyber warfare. Any smart hacker can design, modify and release malware into the wild and it is impossible to prevent the spread of such malware. Not surprisingly, the ability to cause actual physical damage and chaos has obviously multiplied as civilisation becomes more IT-driven.
In this regard, India is at high risk. Quite apart from the defence establishment, Indian Space Research Organisation and big businesses, there is also the drive towards Smart Cities, Digital India, Aadhaar, and the newly unveiled goods and services tax (GST) regime, among other government programmes, where information technology and networking are integral to the structure. India is also enmeshed in multiple “dirty wars” and, therefore, an attractive target for cyber terrorism. India is also a soft target - many so-called smart systems are designed to be accessed by over a billion people.
Creating a cyber-security network to protect such assets is a multi-pronged task. It involves “hardening” key infrastructure elements such as the Aadhaar and GST databases so as to render them immune to attempts by hackers. It also involves educating private citizens and businesses to implement safe cyber practices. More importantly, it requires creation of backups to be seamlessly integrated, in case of a disaster.
While this is imperative, yet it is unclear if the government has embarked on any such cyber-security initiatives. There have certainly been no attempts to educate private citizens in safe practices, for instance. India’s cyber establishment, thus, remains highly vulnerable to disruption. The latest attacks should be a wake-up call.
It is apparent that some of the methods used were developed, with government approval, as tools for cyber warfare. Nation-states have used cyberwarfare extensively in the past decade. Stuxnet, a sophisticated and malicious computer worm, was reported to have crippled Iran’s nuclear establishment by physically destroying centrifuges. The Stuxnet attack was believed to be a joint operation funded and run by the Israeli and American security establishments. When Russia and Georgia had a brief conflict in 2008 over the disputed region of South Ossetia, Georgia’s information technology infrastructure was targeted by hackers who knocked the country off the Internet. Since the start of its conflict with Russia, Ukraine has been hit by several waves of cyber attacks, targeting its physical infrastructure such as power grids.
Any 21st-century war is likely to have a large cyber component since all modern military equipment and communication systems are enabled with information technology (IT). Cyber attacks are useful weapons, offering a big bang for the buck. They require relatively little investment to cause large-scale disruption. What is more, such attacks enjoy plausible deniability. But unlike other weapon systems, nation-states cannot control and sequester the tools of cyber warfare. Any smart hacker can design, modify and release malware into the wild and it is impossible to prevent the spread of such malware. Not surprisingly, the ability to cause actual physical damage and chaos has obviously multiplied as civilisation becomes more IT-driven.
In this regard, India is at high risk. Quite apart from the defence establishment, Indian Space Research Organisation and big businesses, there is also the drive towards Smart Cities, Digital India, Aadhaar, and the newly unveiled goods and services tax (GST) regime, among other government programmes, where information technology and networking are integral to the structure. India is also enmeshed in multiple “dirty wars” and, therefore, an attractive target for cyber terrorism. India is also a soft target - many so-called smart systems are designed to be accessed by over a billion people.
Creating a cyber-security network to protect such assets is a multi-pronged task. It involves “hardening” key infrastructure elements such as the Aadhaar and GST databases so as to render them immune to attempts by hackers. It also involves educating private citizens and businesses to implement safe cyber practices. More importantly, it requires creation of backups to be seamlessly integrated, in case of a disaster.
While this is imperative, yet it is unclear if the government has embarked on any such cyber-security initiatives. There have certainly been no attempts to educate private citizens in safe practices, for instance. India’s cyber establishment, thus, remains highly vulnerable to disruption. The latest attacks should be a wake-up call.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%