In India, cyber sabotage of critical infrastructure has exploded in recent years. Whether it is illegal bank transactions or long-term cyber-attacks that cause power outages that shut down a city, such problems have become commonplace across the nation. While financial loss has been the primary damage, cyberattacks on critical infrastructure can cause serious problems, including service disruptions or physical threats to humans.
It is a clear and present danger that adversarial states and rogue non-state actors can cripple India’s critical infrastructure through cyber attack. The National Critical Infrastructure Protection Centre (NCIIPC) and the Computer Emergency Response Team (CERT) of India, two government bodies that monitor malicious cyber activity, have documented several attacks on India’s critical infrastructure. Over the years, the scale and frequency of these attacks have only increased. During the COVID-19 outbreak last year, National Security Advisor Ajit Doval stated that attacks targeting the defense and critical infrastructure had spiked.
According to a study from Claroty, 56% of IT and OT security professionals at industrial enterprises have reported an increase in cyber security threats since the start of the pandemic, and 70% have observed cyber criminals employing new tactics in the same time frame. For critical infrastructure organizations to effectively protect themselves and their customers, they must take a multi-pronged approach.
Critical infrastructure cyber attacks continue to rise
A surge in cyber attacks was observed in India during the lock-down imposed in the aftermath of Covid, when digital services were rapidly adopted across the country. According to a Cisco report titled Cyber security for SMBs: Asia Pacific Businesses Prepare for Digital Defense, 74% of small and medium businesses (SMBs) in India experienced cyber attacks in the last year. The government has taken several measures to improve cyber security systems, according to the home ministry. In addition, CERT-In has been issuing alerts and advisories regarding cyber threats and vulnerabilities as well as countermeasures to protect computers and networks on a regular basis.
As a result of the recent attacks on our critical infrastructure, there is a clear need for cybersecurity and assurance for all of our utility providers and players. Critical infrastructure organizations must take a multi-pronged approach to effectively protect themselves and their customers.
Five aspects of cyber security for critical infrastructure enterprises to consider
- Cyber Hygiene: Like IT, good cyber hygiene is essential for Operation Technology (OT). For OT environments to be secure, it is imperative to have control of segmentation, firmware and software patching, multi-factor authentication (MFA), password management, and asset management. Being aware of the problem and the different ways an attack could affect your business is essential. The threat landscape is constantly changing, enterprises and government agencies have to be proactive about keeping up to date with new attacks and communicating those insights.
- Collaboration: Cyber crime can only be combated through collaboration today. Equinix shares best practices and experience with threats with our information sharing and analysis center, which provides information to our customers via customer service managers. The Equinix ecosystem allows our community to share threat intelligence with peers, third party vendors and law enforcement so that we can all be better prepared to address risks.
- Education: About 88% of data breaches are the result of errors made by humans, according to Stanford University researchers and a major cybersecurity company. In order to keep your company secure, it is imperative your employees understand that security is a shared responsibility.
- Technology: You must align your investments in technology with the future needs of your company when anticipating, preventing, or minimizing attacks. Understand how the company will grow, and make an informed investment.
- Operational Efficiencies: Be sure to work closely with stakeholders when making technology investments in order to understand the impact of your decisions on business units and to ensure they are aware of the importance of protecting data and applications. In order to prioritize risk mitigation, proactive threat hunting and vulnerability management are important security operations. During an attack, these vital operations must be conducted collaboratively and a comprehensive understanding of dependencies will help decrease response times and improve operational efficiency.
Over the past few months, cyber attacks on India’s digital landscape have increased in scope and sophistication, affecting the economy and national security as well as sensitive personal and business data. Up until June of this year, more than 6.07 lakh cyber security incidents were reported to the Indian Computer Emergency Response Team (CERT-In). It certainly serves as a wake-up call for India in regards to stronger policies. The government could not have chosen a better moment to reinforce the need for stronger cyber security than through the National Cyber security Policy soon to be released.
Digital ecosystems are driving growth as organizations capitalize on access to digital marketplaces and digitally subscribe to new capabilities. Digital service integration, com-passable business, process automation and the need to drive accelerated innovation and digital collaboration are driving increased interconnection adoption. Service Providers are accelerating their interconnection growth as they expand capacity in regional aggregation points, scale to deliver new digital services, and offer new forms of as a Service models alongside public cloud offerings.
A robust and secure infrastructure designed with security must be embedded in all of the technology tools and platforms in the planning stage. This will ensure secure interconnection to hybrid clouds which is essential when collecting operational technology data at the edge and sharing or migrating IoT data and workloads across multi-sites and multi-clouds.
All government agencies, especially key infrastructure agencies such as Power Grid, Ports, and other strategic installations, must comply with Cyber Secure Standards. As India creates a resilient cyber deterrent network, more sophisticated and complex threats are emerging fast.
Therefore, it needs to rapidly keep pace. In order to enhance its cyberspace capabilities, India cannot afford to delay the formulation of its cyber strategy. Although this is a daunting task, it is definitely doable, and if national security is at risk, there is little choice.
(The author Manoj Paul is Managing Director at Equinix India and the views expressed in this article are his own)