Most critical infrastructure companies in India are government-run organisations with few private enterprises owning this space.

A quick look at security attacks reveals that critical infrastructure across the globe has been under attack the last one year.

Is India geared to tackle a security attack?

“India is no different from others in protecting its critical infrastructure,” says Pamela Warren, Cybercrime Strategist and Director of Global Public Sector and Critical Infrastructure Initiatives at McAfee. Sharing a McAfee report titled ‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar' she points out how vulnerable critical infrastructure around the world is to cyber attack by citing the Stuxnet attack, which transformed the threat landscape by sabotaging industrial control systems. “Power, oil, gas and water emerged as first targets for a serious cyber attack,” she adds.

Whether it is cyber criminals engaged in theft or extortion or foreign governments preparing sophisticated exploits such as Stuxnet, cyber attackers have targeted critical infrastructure. Denial-of-service attacks on energy networks increased, notes the McAfee report. And vulnerabilities only seem to be growing.

Many power companies are implementing ‘smart grid' technologies that give their IT systems more control over delivery of power to individual customers.

The primary concern for those within the electricity sector has always been maintaining a steady supply of power and efficient system. Even today, many companies in the power sector use vendor-default passwords and grid modernisation efforts are in the same tradition, creating new security holes.

“Without better security, this increased control can fall into the hands of criminals or ‘hacktivists', giving them room to modify billing information among others. Security incidentally, is not a priority for smart grid designers,” Jim Woolsey, a former Director of Central Intelligence says (in the report).

The report findings show that governments too continue to play an ambiguous role in cyber security, sometimes helping the private sector and at other times ignoring it. Findings show that India and Mexico registered a high rate of extortion attempts and those aimed at power systems is said to be spreading. “A lot of companies are buying vulnerability management software, but do not understand the data they have. We are coming up with a gameplan on data protection” says Pamela Warren.

Emphasising the importance of protecting critical infrastructure, she poses, “by 2015, there would be at least 50 billion connected machines. What are we going to do today to secure these devices?”

“The average cybercriminal may not target your car or mine. His target could be something else. You can embed security to the cyber grid, so the smart device picks the signal, is able to control,” she sums up.

>lnr@thehindu.co.in

comment COMMENT NOW