The biggest Cyber Security breach that no one is talking about: Lessons for India
Those in the realm of cyber world must be knowing about some of the big cyber securuty breaches that ha staken place in past few days. Internet has become the most riskiest and unsafe place to spend time if one is still having doubts. No one is sacrosanct here and we guess almost all top systems are being compromised or can be compromised. We will come to that but before let us take a quick review of what all has happened .
It happened at the US department of ENERY that manages nuclear warfare and other strategic systems. The US treasury and commerce departments are among the other targets of the sophisticated, months-long breach, which has been acknowledged by the authorities. Both Presidents Trump and BIden have asked for strict actions. America’s top cyber agency, the Cybersecurity and Infrastructure Agency (Cisa), gave a stark warning on Thursday, saying that addressing the intrusion would be “highly complex and challenging”.
It said “critical infrastructure” had been damaged, federal agencies and private sector companies compromised, and that the damage posed a “grave threat”.The hack began in at least March 2020, and those responsible had “demonstrated patience, operational security, and complex tradecraft”, the Cisa said.
Termed as SunBurst, the hackers send pop up messages , on laptops or phones: “Update is available, click here to download.”. So when, in the spring, a pop-up message hit the screens of IT staff using a popular piece of software called SolarWinds, around 18,000 workers in companies and governments diligently downloaded the update for their offices. This malware is now sitting in many systems across the US administration that is sending information to their masters and even monitoring mails.
The list is long and the risks pretty known. It could lead to unwarranted and unknown situations between nations as the principal conspirator in this case is beleived to be hackers from Russia. Besdies China and Iran are also quite active on this front. It can be just a matter of time when something BIG gets triggered due to some hacking incident.
India’s Position:
In India we have a Critical infra team ( office) and also CERT which overlooks the cyber security situation. Besides there is a position at NSA that also looks cyber security from a national security point of view.
So far so good. But when we have thousands of weak communication equipments installed in many government, public institutes and else where can the cyber hacking be still thought of secure. When we have FIREWALLS and other defensive mechanisms to prevent cyber hacks running on foreign software can we be safe ? When we don’t have our own dedicated systems and servers can we be called as Safe.
Obviously, we are sitting on a cyber security emergency situation where any thing from national power grid to banking transactions or communication network can get stuck and FAIL.
Solution:
Cyber security has to be termed as national priority and Emergency services for security considerations. It has to be brought under new rules and regulations with more power. Not a single piece of foreign (China) piece of component must be allowed to be installed in any public or government office.
WE also recommend that government must convene a meeting of the REAL TECHNICAL EXPERTS in the domain . This committee must recommend a proper system that has to be started being implemented. There are many things to be done and it will take some time to reconcile and seal the gaps and leaks. Every minute delayed is like a catastrophe being invited.
Dr Asheesh Shah
Samanvaya
