On Monday July 30, 2012 at 2:30am, the entire Northern Grid of India went dark. Again the next day at 1:30pm, the Northern and the Eastern Grids failed. Due to the power supply failure, hundreds of millions of people, much more than the population of the US and Canada combined, suffered from a sudden darkening of the grids. NDTV.com reported that the power supply to as many as 19 states crashed, after three grids—the Northern, Eastern And North-Eastern—tripped. The Economic Times reported that in what is being called as the biggest ever power failure in India, half of the country was without electricity supply in the afternoon of Tuesday July 31, 2012. While various reasons have been attributed for the said failure, the fact remains that immeasurable hardships were experienced by millions, who were affected by the said event.
It took many hours to restore electricity completely in all the places across India on July 30, 2012. It was the worst blackouts in the history of independent India for the last one decade. Further, the said event brings to one's mind the frightening ramifications, should one see this event in a different light.
It is common knowledge that cyber terrorists and cyber criminals are today targeting critical information infrastructure of the countries in order to put pressure on them. Sovereignty of countries is sought to be undermined by impacting and prejudicially affecting their critical information infrastructure.
It is also no secret that India is the third most infected nation in the world as far as Stuxnet virus infected computers are concerned. (Stuxnet is a computer worm discovered in 2010 which targets Siemens industrial software and equipment, and targeted Iran’s nuclear programme.)
The Northern and Eastern Grid collapse brings to one’s mind the disastrous consequences that could face our nation, should our critical information infrastructure be attacked by a virus or computer contaminant like Stuxnet. Given the rapid growth of India over the last decade and half, India's growth story has been studiously followed. It is also possible that a lot of effort could be made by vested interests so as to prejudicially impact the sovereignty, integrity, security, defence of India, its friendly relations with other nations as also public order.
The Grid collapse brings before us a chilling trailer of what India and Indian citizens could face, should the critical information infrastructure of India be targeted by cyber criminals and cyber terrorists.
If a Stuxnet kind of virus is targeted at India’s critical information infrastructure, the consequences could be far more disastrous. Not only could the restoration of services take a far longer time but during the interregnum period of attack on critical information infrastructure, there is high possibility that other endeavours could also be attempted to weaken the sovereignty, integrity, security and defence of India.
Should a grid collapse takes place because of an attack from computer contaminants or viruses, or any deliberate intentional hacking of cybercrimes, then India is likely to have a tough challenge in its hands.
Currently, India still does not have any dedicated national policy on cyber security. India has no mechanism in place which will inform its relevant stakeholders and citizens of what needs to be done, should a situation like Estonia befall upon us.
The collapse of the grids, though it has happened due to different reasons, should also be a wake-up call for Indian policy makers to beef up the cyber security measures of Indian critical information infrastructure. Further, there is a need for coming up with appropriate national enabling cyber security policies that would inform citizens of what steps need to be taken, in the event of any cyber related emergencies.
The Indian Information Technology Act, 2000 as amended is ill equipped to deal with such exigencies. There is a need for further amending the Indian Information Technology Act, 2000 to make it even more stringent in respect of any unauthorised activity attempted or targeted at Indian critical information infrastructure and provide for deterrent punishment for such heinous crimes.
I hope this grid collapse is soon going to be behind us, but this needs to become a strong wake-up call to wake up the Indian policymakers out of their complacency. The need for implementing adequate and effective cyber security protection mechanisms and enabling legal regulatory framework in this regard is the need of the hour for India. The call of the time is to inculcate security as a way of life amongst Indian stakeholders and citizens.
It will be interesting to see how India responds to the various cyber security related challenges that it is facing in the context of cyberspace as also use of its critical information infrastructure.
The author Pavan Duggal is a leading expert and authority on Cyberlaw in Asia. He can be reached at his email addresses firstname.lastname@example.org