The recent cyber attack on Ukraine’s power grids is indicative of
the cyber space becoming the most useful tool for perpetuating
geopolitical rivalries. Many countries are rapidly expanding their
offensive cyber capabilities, and it appears the militarisation of cyber
space is complete.
The Russia-Ukraine/U.S. geopolitical rivalry in Europe is now
spilling onto a new battlefront—cyber space and critical infrastructure.
On February 12, Ukraine’s energy and coal industry
ministry hinted that Russia was responsible for a series of cyber
attacks against the country’s electricity distribution network
when saboteurs hacked into the networks of the three power companies in
Western Ukraine—Prykarpattya Oblenergo, Chernivtsi Oblenerho and Kiev
Oblenergo—on 23 December 2015, which disrupted energy supplies in eight
provinces, affecting more than 80,000 people.
The hackers’ attack was well planned and coordinated—simultaneous to the disruption of power supplies, the saboteurs launched
a sort of “distributed denial of service” (DDoS) attack on the power
utilities’ call centres which prevented people from reporting on
the power outage. The electricity was eventually restored, but not
before the utilities, incurring the brunt of the irate customers.
Stopping short of directly attributing the attacks to Russia, the Ukrainian officialsstated
the hackers had used services of a Russia-based Internet company and
made calls from within Russia to coordinate the attack. As per
investigators, the December 23 attack was in the works for six months,
with the hackers resorting to social engineering methods—spear phishing
to cull critical information from emails of the targeted group of
Internet users—to gain access to the utilities’ computer networks.
Technical analysis of the attacks by Internet security firms has determined that a version of widely-available malware KillDisk may have been used for penetrating the utilities’ computer networks. This version was specifically designed to sabotage
the Industrial Control Systems or SCADA (Supervisory Control and Data
Acquisition) Systems which are used for managing operations at critical
infrastructure. What made the attack even more lethal was KillDisk’s
ability—as its name suggests—to wipe or overwrite critical files of the
Windows Operating System and computers’ hard disks, causing them
to crash. This malware was used in association with a widely-known
hacker tool called BlackEnergy, extensively used by the Russian
hackers for breaching the energy companies’ computer networks worldwide.
It is also suspected to be used for industrial espionage.
The attacks that took place are the first known instance
of disruption in power supplies caused by cyber attacks and
have certainly amplified concerns on the vulnerability of the critical
infrastructure to cyber sabotage. Attribution for cyber attacks is
a risky proposition, but the uneasy relationship between Ukraine and
Russia ever since the latter took over Crimea in 2014, may bear out the
former’s contention. In fact, anti-Russian activists had allegedly sabotaged
power lines in November 2015, causing widespread blackouts in Crimea,
which may have provided the motive for the Russian hackers attacking
Ukraine’s energy grids. Whether this hacking forms part of the
larger warfare remains to be seen, but we have seen previous instances
where cyber means have been used to achieve larger political objectives,
with the perpetrators maintaining deniability:
- In 2014,North Korea accused the United States of attacking its computer networks and shutting down the Internet for many days. This incident followed after the United States accused North Korea of hacking into the Sony Pictures’ servers to steal corporate and employee data.
- In 2009-10, Iran blamed the United States and Israel for launching theStuxnet virus that targeted Iran’s nuclear reactors. In retaliation, Iranian hackers supposedly launched a massive cyber attack on the world’s largest oil company—Saudi Aramco—erasing critical corporate data from its 30,000 computers.
- In 2008, the Georgian government accused Russia of launching DDoS attacks against its computer networks while both countries fought for control over the territory of South Ossetia. The attack had disabled almost 90% of official Georgian website domains.
- In 2007, Russia was suspected of having carried out a series of DDoS attacks on websites of the government, political parties, news organisations, and banks in Estonia.
Fortunately, India has not witnessed a major attack like the above,
but that is not a reason for complacency. The country remains a major
target of hostile countries and rogue elements, with attacks aimed
mainly at its critical infrastructure and stealing sensitive data. To
mitigate these cyber threats, India has taken incremental steps by: (a)
announcing a broad policy framework in the form of the National Cyber
Security Policy; (b) appointing a national cyber security coordinator;
and (c) setting up the National Critical Information Infrastructure
Protection Centre. Cyber security is also a major item on India’s
diplomatic agenda as it has set up cyber security dialogues with
countries such as the United States and Russia. It is also set to sign
an information security agreement with Russia, aimed at addressing
bilateral cyber concerns.
It is clear that, by taking advantage of the attribution problem and
cost effectiveness, major cyber powers are investing heavily in
offensive cyber capabilities, paving the way for militarisation of cyber
space. India, therefore, needs to step up its response and
operationalise a cyber security strategy that will take all stakeholders
on board and incorporate defensive and offensive capabilities.