Monday, April 6, 2009

Prevent a cyber 26/11














Pic:Ankit Fadia, 23, is a cyber security expert. He helped police trace the email sent by terrorists soon after the 26/11 attacks on Mumbai.

Prevent a cyber 26/11
-by Ankit Fadia
The rising threat of terrorism has led to unprecedented levels of security at Indian airports, railway stations, hotels, ports etc. But the government does not seem to see the bigger threat, which will not come from AK-47s, bombs and rifles. The next big attack will be come from terrorists in the cyber world.

We live in a technologically interconnected world. Most of us cannot imagine even a single day without our cell phones, internet and ATMs. There is hardly any distinction between where our bodies end and technology begins. Would it be surprising then, if terrorists choose to attack India via the internet?

Let me share some facts about how real and damaging that threat can be If a terrorist group were to attack our stock market and financial infrastructure, it would cause widespread panic and losses to millions of people and organizations. Imagine yourself running helplessly from one ATM to another, trying to withdraw money from your account, only to find that the attack has forced banks to suspend online transactions.

Likewise, our telecom infrastructure. If it were flooded with malicious data, business and personal life would grind to a standstill. Terrorists could also target India's top businesses, hacking into their systems, stealing valuable intellectual property, sensitive information and company secrets. Even military networks can be targeted.

These scenarios are not from a Bollywood flick, but tangible threats that loom large. In May 2007, Estonia — a small but technologically sophisticated Baltic country — fell victim to a cyber attack. The unidentified terrorists bombarded the country's network with data traffic, clogging it and rendering major services unusable. People were not able to access financial utilities, communications and data services for several hours and some, for days together. What stops cyber terrorists from launching similar attacks in India?

Very little because, despite being an infotech power, India lags on cyber security. Neither the government, nor the private sector is adequately prepared to face a cyber attack. We have the necessary laws in place, but they are futile in the absence of trained security experts and police officials to enforce them. Recently, I was at a conference in the Capital, attended by numerous Delhi Police officials. During the question-answer session, one police official asked me: "All this is fine Mr Ankit, but yeh internet ki building kidhar hai?" According to him, the internet was a huge building and, in order to protect it from cyber terrorists, the police had simply to stand all around it, holding rifles and lathis to fight off viruses, worms and criminals! If this is the state of affairs in the police department of the national capital, one can't even begin to imagine the way it is in other cities.

The fact that few engineering colleges in India offer courses on cyber security is a major reason for the lack of cyber experts. The result is that when a private company website gets hacked, the incident is brushed under the carpet lest its brand image is tarnished. Worse, it's considered normal for most Indian government websites to get hacked regularly.

But the lack of trained professionals and a lax attitude are the least of India's concerns. The internet has no boundaries and allows cyber terrorists to hide behind geographic, political and diplomatic clouds. It is easy for a criminal to hide behind proxy servers and bounce off systems in unfriendly countries to stop security agencies from tracing the culprits. The dynamic nature of cyber security, coupled with the obsolete techniques used by the Indian forces, means it is a losing battle for India.

Let's not wait for a cyber 26/11 to happen. A willingness to make changes, a proactive approach with some nimble execution can fix the chinks in India's cyber security and drastically improve our preparedness to fight a cyber war.

No comments:

Post a Comment