Syllabus- General Studies 2(Cyber security)
A string of high-profile cyber attacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations. This has reinforced the need for improved defences against actual, and potential, cyber attacks by all countries across continents.
Frequency of attacks
Several high-profile cyber attacks were reported from the United States during the past several months.
- 2020 end– a major cyber attack headlined ‘SolarWinds’ rocked the U.S. It involved data breaches across several wings of the U.S. government, including defense, energy and state.
- Early 2021– thousands of U.S. organizations were hacked in an unusually aggressive cyber attack, by a Chinese group Hafnium, which had exploited serious flaws in Microsoft’s software.
- There after U.S. has witnessed three more major attacks:
- an audacious ransomware attack by Russia/East Europe-based cybercriminals, styled DarkSide, on Colonial Pipeline (which is the main supplier of oil to the U.S. East Coast), compelling the company to temporarily shut down operations. The siege was lifted after Colonial Pipeline paid out several million dollars as ransom to unlock its computers and release its files. There are reports of the ransom being received in bitcoins which was later seized by the U.S government.
- Another Russia-backed group, Nobellium, next launched a phishing attack on 3,000 e-mail accounts, targeting USAID and several other organisations.
- Early this month, JBS SA, the U.S. subsidiary of a Brazilian meat processing company, was the target of a ransomware attack; the company also paid a ransom in millions.
- Civilian Targets-These attacks were all primarily on civilian targets. Obviously cyber, which is often referred to as the fifth domain/dimension of warfare, is now largely being employed against civilian targets, bringing the war into our homes.
- Sole focus on military targets-Most nations have been concentrating till date mainly on erecting cyber defences to protect military and strategic targets, but this will now need to change.
- The obsession of military cyber planners has been to erect defences against software vulnerabilities referred to as ‘Zero-day’, that had the capability to cripple a system and could lie undetected for a long time. (The most celebrated Zero-day software of this kind to date is Stuxnet, which almost crippled Iran’s uranium enrichment programme some years back).
- Today, other Zero-day software, no doubt exist, though little is known about them. What is, however, evident is that a whole new market currently exists for Zero day software outside the military domain, and the world must prepare for this eventuality.
- Resources- Defending civilian targets, and more so critical infrastructure, against cyberattacks such as ransomware and phishing, is almost certain to stretch the capability and resources of governments across the globe, somewhat in the manner that nations have been forced to find the resources and the methods to deal with the COVID-19 pandemic.
- Distinction between targets- distinction between military and civilian targets is increasingly getting erased and the consequences of this could be indeterminate. For instance, the 2012 cyber attack on Aramco, employing the Shamoon virus, which wiped out the memories of 30,000 computers of the Saudi Aramco Oil Corporation, has ever since been one reason for the very frosty relations between different countries in West Asia and the Gulf region.
- Types of attacks- In the civilian domain, two key manifestations of the ‘cat and mouse game’ of cyber warfare today, are ransomware and phishing, including spear phishing.
- Ransomware attacks have skyrocketed, with demands and payments going into multi-millions of dollars.
- India figures prominently in this list, being one of the most affected. Also experts believe that of late, the recovery cost from the impact of a ransomware attack — in India, for example, has tripled — and mid-sized companies, in particular, today face a catastrophic situation, if attacked, and may even have to cease operations. Thus, the need to be aware of the nature of the cyber threat to their businesses and take adequate precautionary measures, has become extremely vital.
Banking and financial services were most prone to ransomware attacks till date, but oil, electricity grids, and lately, health care, have begun to figure prominently.
- Healthcare as target- with data becoming a vital element in today’s world, personal information has become a vital commodity. One of the more vulnerable areas where data tends to be linked to a specific individual is in health care. Compromised ‘health information’ is proving to be a vital commodity for use by cybercriminals. All indications are that cybercriminals are increasingly targeting a nation’s health-care system and trying to gain access to patients’ data. The available data aggravates the risk not only to the individual but also to entire communities.
- Motivation for cyber attacks vary:
- for (some) nation states, the motivation is geopolitical transformation;
- for cybercriminals, it is increased profits;
- for terror groups, the motivation remains much the same, but the risk factor may be lower.
However, it is ‘insider threats’ — due to discontent with the management or for personal reasons — that could well become an omnipotent reality.
Why Data Protection is necessary?
As data becomes the world’s most precious commodity, attacks on data and data systems are bound to intensify.
- Reportedly, we create more than three quintillion bytes of data everyday (some put it at over 2.5 quintillion) — with several billion devices interconnected to billions of end point devices exchanging petabytes of sensitive data, on the network.
This is only bound to grow. Ensuring data protection could, hence, prove to be a rather thankless task, complicating the lives of Information and other security professionals.
The data life cycle can broadly be classified into-
- data at rest (when it is being created and stored),
- data in motion (when it is being transmitted across insecure and uncontrolled networks), and
- data in use (when it is being consumed).
Constant exposure lends itself to ever increasing data thefts and abuse. With mobile and cloud computing expanding rapidly, and also given the nature of the on-going pandemic, cybersecurity professionals are now engaged in building a ‘Zero Trust Based Environment’, viz.,
- zero trust on end point devices,
- zero trust on identity, and
- zero trust on the network to protect all sensitive data.
Innovation-Building deep technology in cyber is essential. New technologies such as artificial intelligence, Machine learning and quantum computing, also present new opportunities. Nations that are adequately prepared — conceptually and technologically — and have made rapid progress in artificial intelligence and quantum computing and the like will have a clear advantage over states that lag behind in these fields.
Awareness- Pressure also needs to be put on officials in the public domain, as also company boards, to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
Question- The rising cyber attacks on civilian targets has proved that a cyber security policy needs to be relooked. Elucidate.