Tuesday, September 27, 2011

Cyber Attacks Are Affecting Indian Critical Infrastructure

These days information and communication technology (ICT) has become an indispensable part of our day to day life. Many critical infrastructures have now been connected with ICT in one form or another.

This is the reason why we need to ensure critical infrastructure protection in India and critical ICT infrastructure protection in India. We also need to strengthen the cyber security of India and the best way to do so is to formulate the national cyber security policy of India.

Cyber attacks and cyber threat are increasing against India. However, cyber security in India is not up to the mark and is ailing badly. There are many factors for the poor performance of Indian cyber security and lack of adequate expertise is one of them.

Whether it is strategic government department’s computers or critical infrastructure, all of them are under constant cyber attack risks. Take the example of the recent cyber security incidence that has affected the Indira Gandhi International Airport (IGIA) security systems.

Three months ago, a ‘technical snag’ had hit operations at the state-of-the-art T3 terminal at IGIA. It now turns out it was caused by a “malicious code” sent from a remote location to breach the security at the airport.

A hunt has been launched to nab the perpetrator with the CBI registering a case under the IT Act and IPC. Investigators say that the “malicious code” was in the form of “attack scripts”, which means a programme was written by an expert to exploit the system’s security weakness.

While the efforts of CBI is praiseworthy yet when it comes to timely and appropriate actions, CBI does not score well. For instance, the case of CBI’s website defacement has not been investigated in the manner it was required. Cyber crimes investigations in India need to be improved to make effective investigation and get desired results.

In the present case of IGIA as well the news of the cyber attack has come after three months and this has weakened the case to a great extent. We need timely detection and effective cyber crime investigation capabilities in India to deal with cyber attacks and cyber crimes. Indian government must conduct effective trainings and courses for cyber crimes investigations in India.

Coming to the present case, the check-in counters, transfers counters and boarding gates at the IGI are operated using the Common Use Passengers Processing System (CUPPS), maintained by Aeronautical Radio Incorporated (ARINC). The CUPPS operates on a common software-and-hardware platform that integrates all information such as an airline’s reservation system, the expected time of departure and the capacity at waiting lounges. The problem in CUPPS started at 2.30 am on June 29 due to which check-in counters of all airlines at T3 became non-operational.

“This forced the airlines to opt for manual check-in and as a result passengers had to wait. There are around 172 CUPPS counters and only a third were functioning online,” said an official. The investigation revealed that someone had hacked into the main server of the CUPPS and introduced a virus.

It took nearly 12 hours to restore the system. The CBI was also called in as officials suspected it was a security breach. “We found that there were serious security lapses,” said a CBI official.

The agency had also asked for details of records of CUPPS and staff handling the system. “Once we receive the details, it will be analysed to see if any official is involved. It appears that someone sitting at a remote location had operated the system. We have registered a case under the IT Act and other relevant section of the IPC,” added the CBI official.

Indian critical infrastructures are under strong cyber attacks and we need to take this seriously. In cyber crimes and cyber attacks cases taking months to investigate them means loosing the case. We have to develop real time cyber security capabilities in India to avoid such failures.

No comments:

Post a Comment