By Sanjeev Relia
On 23 February 2015, the head of the US National Security Agency and US Cyber Command Admiral Mike Rogers said: “Nations such as China and Russia have enough offensive cyber capabilities to one day carry out a ‘Cyber Pearl Harbor’ attack”. What he was indicating was that surprise cyberattacks on America’s critical infrastructure — such as power and telecom and the financial sector — can render them completely inoperative. A recent example was the ‘Sony Hack’, which though not targeted on critical infrastructure, showed the power of a small state in challenging the might of the US and causing financial losses to a private company, Sony Motion Pictures. Cyber Pearl Harbor is a term which was first used by Secretary of Defence Leon E. Panetta in October 2012, while talking about cyber security to the business executives in New York.
As a nation gets more and more dependent on information technology and networking, it also exposes itself to the risks emanating from cyberspace. As per a report “Emerging Dynamics and Challenges of Internal Security in India,” published jointly by PHD Chamber of Commerce and Industry and KPMG India in June 2013, the internal security ecosystem in India is impacted by seven factors. Two of these seven are protection of critical infrastructure and cyber security.
Till a decade back, the responsibility of ensuring security of the nation was with the government of a country and its armed forces. However in cyberspace, most assets belong to private companies and the responsibility of their security also lies with companies who own them. Thus, with the emergence of cyberspace as a new frontier, private infrastructure companies too have become a partner in the national security framework. The security of Nation’s CII today requires the interaction of multiple governmental departments and agencies, as well as operational collaboration across national, state, local, nongovernmental organisations, and the private sector.
India’s National Cyber Security Policy 2013 talks of creation of a secure cyber ecosystem in the country and has appointed National Critical Info-Infrastructure Protection Centre (NIIPC) as the nodal agency for coordinating the task of CII protection. What have been the outcomes of steps instituted by NCIIPC yet remains to be seen. One thing though is clear. Unless we collectively invest time, effort and money for cyber security and protection of CII from the cyberspace, it’s a matter of time before infrastructure in India too will be subject to devastating cyberattacks. It’s time private industry joined hands with the government agencies to protect our national assets and CII.