January 2011

Caution—cyber missiles are coming!

Views: 402

The threat potential of Stuxnetlike malware hitting and crippling industrial plants  and utilities is very high for India

In February 2010 when International Atomic Energy Agency (IAEA) inspectors were busy preparing the quarterly report on Iran’s nuclear program, it started registering a strange problem. The country had pulled the plug on about 1,000 of the 8,692 installed centrifuges at its Natanz plant.

According to a December 23, 2010 report released by the Institute for Science  and International Security (ISIS), while Iran’s centrifuges areknown to break   nd to be replaced frequently, the pace of breakage in February 2010 exceeded expectations and occurred during an extended period of relatively poor  centrifuge performance.

By mid-November, Iran was forced to temporarily halt the enrichment process  at Natanz due to widespread fluctuations in centrifuge operations, the ISIS report reveals.

While the country continued to avoid talking about the issue throughout 2010,  the severity of the problem compelled the Iranian President Mahmoud  Ahmadinejad by the end of November 2010 to admit that a computer virus had  indeed caused problems with the controller handling the centrifuges at its  Natanz facilities. This was Stuxnet, the new cyber weapon that goes beyond  cyber espionage and denial-ofservice type of attacks against Web services and has the capability to cause real-world damage to physical assets.

Stuxnet is a computer worm that is believed to be specifically written to attack  Supervisory Control and Data Acquisition (SCADA) systems used to control and  monitor industrial processes. Worse, it also has the capability to reprogram the programmable logic controller rootkit.

Imagine the potential damage that perpetrators of malware like Stuxnet can  cause by remotely taking over industrial operations and by making machinery  open or close a valve of gas or water lines, increase or disrupt power supply to a  particular grid, or cause a blast at a nuclear power plant, undetected by the  plant’s operators because the virus manipulates the reporting dashboard to  show that instructions are being followed.

Strangely enough, while many countries are pursuing Critical Infrastructure  Protection (CIP) initiatives, with the US leading the pack with the proposed  National Centre for Cybersecurity and Communications, or N Triple C, within  the Department of Homeland Security, India is yet to wake up to the perils of  the lack of it.

While sources suggest that Indian Computer Emergency Response  Team (ICERT) had recently held a meeting of all critical infrastructure stakeholders in the country, the country’s National Disaster Management  Authority (NDMA) and its constituents—the National Disaster Response Force,  National Disaster Mitigation Resource Centres, and National Institute of Disaster Management—are yet to be roped in.

All this despite the fact that India is one of the top three countries infected by  something that The Christian Science Monitor calls the world’s first known  ‘cyber missile.’ The country also needs to remember that Stuxnet is possibly  just the first highly visible sign of cyber warfare and as security firm Symantec  warns, India, and the rest of the world, should be ready for additional attacks  targeting critical infrastructure in 2011.

Comments

comments

Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top