Tag:GS 3 || Security|| Internal Security Threats|| Cyber Security

Why in news?

The Nuclear Power Corporation of India (NPCIL) admitted to a malware attack on one of the computers in Kudankulam nuclear power plant, Tamil Nadu.

What was the attack about

The NPCIL stated that since early September 2019, computer systems at the Kudankulam nuclear power plant have been infected with malware.

Dtrack is said to be responsible for the NPCIL infection.

Dtrack is a Trojan virus that creates computer network backdoors.

that creates computer network backdoors. This was originally developed and used by state-backed North Korean hackers.

There are a number of Dtrack variants, however, and the code may have been modified by a different group.

Other Recent Attacks

There have been multiple Ransomware assaults on electric power billing systems across the world.

Known cyber attacks on Indian power sector assets include the – November 2017 malware attack on the Tehri Dam in Uttarakhand. Ransomware attack on West Bengal State Electricity Distribution Company in May 2017. Attack on Rajasthan’s DISCOM (February 2018) Attack on Haryana’s DISCOMS (March 2018)

Kudankulam is high on the list of such targets because it is both parts of the nuclear program, as well as the power grid.

Looming Threat

Power grids, in addition to being vulnerable to conflicts with any other country, are a tempting target for terrorists.

to conflicts with any other country, are a Researchers at cyber-threat estimate that a large number of resources could be vulnerable to attacks on India’s national power grid.

that a large number of resources could be vulnerable to attacks on India’s national power grid. Cyber-attacks have become increasingly common in nuclear facilities and other resources in the power sector.

and other resources in the power sector. Some attacks have been carried out by actors of the state , while others have been carried out by cybercriminals to steal data or to extract ransom.

, while others have been carried out by It is believed that the infamous Stuxnet attack on Iran’s nuclear sector in 2010 has delayed its nuclear program for years.

has delayed its nuclear program for years. An aggressive cyber-assault could obviously lead to a national outage.

Challenges to ensuring security

The Indian Computer Emergency Response Team (CERT-In) claims to be aware of these vulnerabilities.

In many instances, advisories are also stated to have been given.

However, its scope is limited, as the organization that owns the asset is responsible for protecting it.

It’s also true that a lot of power grid equipment is vintage.

They are based on vulnerability-based obsolete chips that can not be repaired.

obsolete chips that can not be repaired. The connection of all regional grids to the national grid makes it easier for any area to supply power on demand .

. It also makes the entire network more susceptible to cyber-attack infection.

Measures in this regard

The government has been trying to set up a system for cyber-protection of infrastructure.

The National Critical Information Infrastructure Protection Centre (NCIIPC) is proposed to be the coordinator.

Dedicated sectoral CERTs, such as CERT-Thermal-NTPC and CERT-Transmission-POWERGRID would be responsible for guarding power assets.

would be responsible for guarding power assets. However, the government has to address the bureaucratic hassles in assigning responsibility.

Way forward

The government’s strategic priority should be to ramp up security across the power grid.

across the power grid. To deter catastrophic cyber attacks, a comprehensive strategy must be developed and implemented.

must be developed and implemented. Periodical ‘Backup of Data’ is a solution to Ransomware.

is a solution to Ransomware. Using Artificial Intelligence (AI) for predicting and accurately identifying attacks.

for predicting and accurately identifying attacks. Using the knowledge gained from actual attacks that have already taken place in building effective and pragmatic defence.

Mains model question

Examine India’s vulnerability to cyber threats, especially to its critical infrastructure, along with steps taken by the government in this regard

References