Sanjeev Relia writes: December 2015 saw the critical infrastructure of a nation being disrupted by a cyber attack for the first time. Attacks supposedly carried out by Russian hackers cut power to more than 600,000 homes in Ukraine in late December. Prykarpattyaoblenergo, an energy company in the Ivano – Frankisvk region of Western Ukraine, claimed that a blackout in a large part of the area where it delivers electricity was caused by interference in its systems by a malware on 23 December 2015. Though the investigations are on to determine the exact cause of power failure, yet Ukraine’s security service and Government blamed Russia for the attack carried promulgated using the cyberspace. US agencies are helping Ukraine in analyzing the malware recovered from the company’s network to establish the fact that the blackout indeed was caused by hacking and whether it can be traced back to Russia. If confirmed, it would be the first international cyber attack to cause a power outage.
Cyber security experts across the globe have been warning that cyber attacks can cause such disruptions not only to power grids but also to other critical infrastructure such as telecom networks, banking services and air traffic control systems. The mere fact that a virus called BlackEnergy, has been discovered in the control systems of the power grid clearly indicates that a cyber attack can easily penetrate the firewalls and threat management systems installed to prevent critical services from such attacks. In the past too, digital footprints of BlackEnergy have been traced back to a well-known Russian group known as Sandworm.
A smart grid comprises of a number of automated systems such as Smart Metering, Smart Outage Management and Smart Demand Response system. All of the above can be targeted from the cyberspace to disrupt the grid. While we in India are still in the process of making our power grids “Smart”, we need to institute all necessary measures to guard against such malicious attacks on our critical infrastructure. This is just the beginning of cyber warfare. Unless we wake up to the need of the hour and ensure a safe and secure cyber ecosystem in the country, our critical infrastructure is likely to become target of such cyber attacks very soon.