In the last two decades, we have seen unprecedented investments in expanding India’s infrastructure across sectors. Railways, highways, ports, power plants, manufacturing, communications, to name a few, have all witnessed significant capacity enhancements. The newly augmented capacity has contributed its might in moving the wheels of the Indian economy and in attracting investments thereby raising India as a nation to reckon with.
Such unprecedented growth has also brought with it challenges and opportunities. Securing this infrastructure and the growth story behind it has become a priority and has presented a unique challenge to all stakeholders. India’s ability to secure critical infrastructure will, in many ways, be connected with its ability to grow and expand the economy and meet the aspirations of its future generations.
Based on the study and analysis of threat intelligence data collected from Subex honeypot network within the country, critical infrastructure (CI) continues to attract a significant percentage of attacks directed against the country. While smart cities were the most attacked sector last quarter, banking and finance got attacked the maximum number of times this quarter. In addition to traditional cyberattacks designed to listen to financial transactions, hackers are expanding their capabilities to target various aspects of banking such as cash dispensers (ATMs), PoS devices, connected kiosks, and mobile ATMs.
Hackers are extremely persistent and constantly trying to exploit vulnerabilities. With new actors and entities daily entering the fray, we do not have time on our side. India needs to urgently ramp up its defences and cyber resilience posture. At a foundational level the components of this posture can be summarised as below:
- Higher investments in threat research around critical infrastructure
- Evolving a cyber hygiene standard for all stakeholders connected with the sector
- Encourage whitelisting of cybersecurity vendors to prevent supply chain contamination
- Carrying out periodic reviews, drills, and audits of standards and security guidelines
- Gamify, codify and collaborate wherever possible
- Study and adopt best practices from other nations
Considering the immense expectations that arise from a cybersecurity perspective, it is essential to adopt a holistic approach to securing data, infrastructure, devices, perimeter, and other aspects connected with critical infrastructure. An integrated cybersecurity platform-driven approach that addresses risks and threats related to the Internet of Things (IoT), Information Technology (IT) and Operational Technologies (OT) is therefore recommended. This will help cybersecurity managers and teams to get a unified view of their risk exposure and threats across all points of vulnerability.
This integrated platform should be fed by up-to-the-minute global and relevant threat intelligence. It should also be able to adopt several risk mitigation and cyber resilience models. Further, it should have artificial intelligence capabilities that can evolve with each attack. Usually, there are many agencies involved in managing a critical infrastructure asset. This platform should be agile enough to enable these agencies to draw information to asses the state of the infrastructure to plan and deploy appropriate interventions.
Cyber securing India’s critical infrastructure presents a formidable opportunity for various stakeholders. On one end, it is an opportunity to collaborate and create new avenues for growth for businesses. On the other hand, it is also an opportunity for India to emerge as a model nation and a leader in this space. Since India is blessed with a skilled workforce and a growing entrepreneurial base, it becomes easy for us to scale up and capitalise on this opportunity.
India, as a nation, has been at the forefront of adopting new technologies and is leading the way in mass deployment of new technologies. While it may take a while to overcome the dependence on foreign vendors for hardware, in the software sector this can happen faster. India has a skilled talent base and local companies that provide innovative solutions in the cybersecurity sector. All that is needed to become a cybersecurity powerhouse is for the industry to get enough support from various stakeholders around policies, research and budget allocation. Indigenisation will go a long way in encouraging Indian companies to scale and even become a significant earner of foreign exchange for the nation.
Written by Vinod Kumar, managing director and CEO of Subex. Vinod is responsible for leading the strategic direction for the company and driving its execution by fostering the right culture of leadership and talent development.