Half of India's critical infrastructure providers cyber attack victims

Symantec’s 2010 Critical Infrastructure Protection (CIP) Survey findings reveal that nearly 50 percent of India’s critical infrastructure providers are victims of cyber attacks. The attacks are said to have become more frequent and increasingly effective.

Researchers have in recent months said quite a bit about Stuxnet, the first computer worm to impact critical infrastructure such as nuclear power plants, water treatment facilities, and other factories.

“This reaffirms that cyber attacks have evolved to extremely sophisticated activities capable of compromising utilities, Government and private infrastructure, and corporate intellectual property,’ says Gulshan Rai, director general, Indian Computer Emergency Response Team (CERT In).

iStockAnalyst reports that the providers of critical infrastructure are invariably from industries that are of importance either to a nation’s economy or society that if their cyber network is attacked and disabled, it would have a significant societal impact and could pose a threat to national security as well.

“CIP is not limited to protecting Government and Defense infrastructure, but extends to both publicly and privately-run infrastructure such as telephone networks, power generation and distribution, oil refineries and gas pipelines,” says Shantanu Ghosh, Vice-President - India Product Operations, Symantec.

According to him, present day advanced threats require a comprehensive and risk-based approach that encompasses security, and disaster recovery, along with information management technology to maintain true network resiliency.

Ghosh said that Symantec was working intensively with CERT-In. to identify Stuxnet-infected systems and sanitizing them besides monitoring the online threat landscape to ensure that India’s critical assets are secured.

The director of Business Software Alliance (BSA), India, Lizum Mishra, observed that cyber criminals were increasingly exploiting new and unpatched software vulnerabilities to attack systems and steal confidential information. “Rampant use of non-genuine or counterfeit software aggravates these threats, making systems vulnerable to targeted attacks. In the case of critical infrastructure, it is even more important for industries and Government organizations to prioritize information security to prevent falling victim to malicious threats.”

To ensure resiliency against critical infrastructure cyber attacks, Symantec recommends prioritization of risks and defining policies that span across all locations, enforcing policies through built-in automation and workflow; by taking an information-centric approach and protecting information proactively; leveraging solutions that allow businesses to ensure only authorized personnel have access to systems; implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status; securing endpoints, messaging and Web environments.

While corporations enforce policies to ensure critical infrastructure protection, the government should continue to put forth the resources to establish critical infrastructure programs, partner with industry associations and private enterprises to raise awareness of CIP organizations and plans.