Skip to main content

Taking a byte out of cyber threats

Cyber attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism. The world was possibly made aware of the danger and threat posed by cyber weapons with the advent of the Stuxnet Worm in 2010, which resulted in large-scale damage to Iran’s centrifuge capabilities. Two years later, in 2012, a bank of computers belonging to the Saudi 

 

Aramco Oil Company were targeted, reportedly by Iranian operatives, employing malware that wiped out data on 30,000 computers. A few weeks later, Iran was again believed to have been behind a targeted attack on the Qatari natural gas company, RasGas. The string of instances appear to have provoked then United States Defence Secretary, Leon Panetta, to utter the warning that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.

Static response

In the decade that followed, and while preparing for a ‘potential Pearl Harbour’ type of strike, including seeking ways and means to retaliate in the eventuality of such attacks, the West seemed to lose its way on how to deal with the emerging cyber threat. Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response. The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber attacks but no changes in methodology have been seen. In 2021, cyber attacks that attracted the maximum attention were SolarWinds and Colonial Pipeline in the U.S., but these were merely the tip of a much bigger iceberg among the string of attacks that plagued the world. Estimates of the cost to the world in 2021 from cyber attacks are still being computed, but if the cost of cyber crimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion. What is not disputed any longer is that soon, if not already, cyber crime damage costs would become more profitable than the global trade of all major illegal drugs combined.

Sectors that are vulnerable

As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns. Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little publicised fact is that the vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.

According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.

Far more than merely apportioning costs linked to cyber crime is the reality that no organisation can possibly claim to be completely immune from cyber attacks. While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world. Comprehending the consequences of this reality could be devastating.

For instance, despite all talk about managing and protecting data, the reality is that ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets. Statistics in this regard are also telling, viz., that new attacks are taking place every 10 seconds. Apart from loss of data, what is also becoming evident is that ransomware criminals are becoming more sophisticated, and are using ransomware to cripple large enterprises and even governments. Talk of the emergence of ‘Ransomware as a Service’ (RaaS) — a business model for ransomware developers — is no mere idle threat.

The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber attacks. A conservative estimate is that a rash of attacks is almost certain to occur on home computers and networks. Additionally, according to experts, a tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages. Furthermore, even as Identity and Multifactor Authentication (MFA) take centre stage, the gloomy prognostication of experts is that Advanced Persistent Threats (APT) attacks are set to increase, with criminal networks working overtime and the Dark web allowing criminals to access even sensitive corporate networks.

Scant clarity

Unfortunately, and despite the plethora of such evidence, cyber security experts appear to be floundering in finding proper solutions to the ever widening cyber threat. There is a great deal of talk among cyber security experts about emerging cyber security technologies and protocols intended to protect systems, networks and devices, but little clarity whether what is available can ensure protection from all-encompassing cyber attacks. Technology geeks, meanwhile, are having a field day, insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks. Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats. Constant references to the Zero Trust Model and Micro Segmentation as a means to limit cyber attacks, can again be self-limiting. Zero Trust does put the onus on strict identity verification ‘allowing only authorized and authenticated users to access data applications’, but it is not certain how successful this and other applications will prove to be in the face of the current wave of cyber attacks. What is most needed is absent, viz., that cyber security experts should aim at being two steps ahead of cyber criminals. This is not evident as of now.

Unique challenges

Missing from the canvas is that cyber technology presents certain unique challenges which need particularised answers. Instead of attempting to devise standard methodologies, and arrive at certain international norms that govern its use, a decade of misplaced effort by the West in preparing for a ‘potential Pearl Harbour type of strike’ has enabled cyber criminals to gain the upper hand. While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalisations, resulting in a decade of lost opportunity.

This situation needs to be reversed. A detailed study of the series of low- and medium-level proactive cyber attacks that have occurred during the past decade is clearly warranted. It could reinforce the belief that when it comes to deterrence in cyber space, what is required is not a piece of ‘grand strategy’: low and medium tech, low and medium risk targeted operations could be just as effective. A related aspect is to prevent individual companies from attempting their own tradeoffs — between investing in security and maximising short-term profits. What many companies and even others fail to realise is that inadequate corporate protection and defence could have huge external costs for national security, as was evident in the SolarWinds attack.

Defence and backup plans

Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data. The emphasis should be on prioritising the defence of data above everything else. Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.

On the strategic plane, understanding the nature of cyber space is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’. This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.

The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked. Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.

 

Comments

Post a Comment

Popular posts from this blog

Fossil Fuel Steam Generator

Hello, I welcome you all in this course on Power Plant Engineering. Today, we will discuss Fossil Fuel Steam Generators. Now, fossil fuel is the fuel which is made in billions of years when the vegetation is buried under the ground and in millions of years may be 100 or 200 million years; this vegetation is converted into the mineral oil or the coal or the natural gases. And this source of energy is non-renewable source of energy. And the major drawback of this source of energy is that; when the heat is liberated at the same time when we burn this fuel heat is liberated at the same time carbon dioxide is also liberated and which causes the global warming. However, in India more than 60 percent power generation is through the burning of fossil fuels. Now, topics to be covered today are; first of all, we will do the classification of steam generations and then we will discuss the working of a few of the classical steam boilers namely Lancashire Boiler, Cornish Boiler, Cochran Boiler and ...
Post a Comment
Read more

Coal Handling

 Hello, I welcome you all in this course on Power Plant Engineering. Last lecture, we discussed about the Properties of the Coal and in this lecture, we will discuss about the Coal Handling. Now, topics to be covered in today's lecture are Outside plant handling of the coal, storage of coal inside the plant, inside plant handling of the coal, coal transfer from one place to other from the coal mines to the power plant side and Pulverized coal handling. So, these topics we will be covering in today's lecture. In a thermal power plant, bulk of the coal has to be used. I will give you an idea. For example 2000 megawatt plant, it is a I mean quite large size of the plant approximately 5 million ton coal has to be consumed per year. 5 million tons means approximately 2000 tons per day on the basis of 250 days, right. So, quite large amount of coal has to be handled. So, this coal has to be brought from coal mines to the plant site, right and from plant site and it has to be stored b...
Post a Comment
Read more

History of AI from 40s - 90s

  Alright, so, welcome to the AI course, from today we are going to talk about the technical aspects of AI. And before I start I want to mention that while I am going to be presenting the course, I have I am really standing on the shoulders of giants in other words, there are a lot of lot of people who have taught AI taught AI really, really well taught AI probably much better than me, taught AI I have learned AI lot from them and so on so forth. And I have learned from many such people and the slides that I will be using will be stolen from different places of course with you know, some, some permission, some permission, I would say. And so, because of that, you know, we will be sort of taking interesting bits from wherever I found and combining them in the course, I should also point out that I am going to credit all the people that have taken slides from in the first slide, not on individual slides, but you know, I really, really thank them for developing this course for me and ...
Post a Comment
Read more

Mountings and Accessories-I

 I welcome you all in this course on Power Plant Engineering. We have amply discussed in the previous lecture about the steam generators. And now we will discuss about Mounting and Accessories of steam generators. Mountings are important in a steam generator; I will give you an example for example in a car, proper control of a car or monitoring of a car steering is required, brakes are required without them you cannot run the car right. For carrying the luggage, the carrier is required. So, these are all mountings of the car. Similarly, in case of the boilers, mountings are required for the proper operation and safety of the boiler because safety of the boiler is very important. And in India we have an act IBR and in it was introduced in 1925 and all the boilers operating beyond a particular range. For example, the volume of the shell is more than 25 liters, it is covered under IBR; if the pressure any pressurized storage of steam is covered under IBR. Any pipe which has diameter m...
Post a Comment
Read more

Machine Learning

 welcome to machine learning for engineering and science applications I am Balaji Srinivasan I am in the mechanical engineering department hi I'm gonna put the Krishna mood I am in the department of engineering design and both of us are from iit madras so if we look at various applications that all of us are using already in real life for example this is Amazon's recommender system some of you might have seen Amazon echo which is a speech recognition system of course everybody has used Gmail spam classifier and this is Google Lexus this is a latest self-driving car all of these use machine learning algorithms in one way or the other our purpose in this course is to try and utilize the same algorithms for more general problems for example medical image diagnosis or for speeding up CFD computations we look at the course aims basically we will try to understand some of the basic machine normal learning models thoroughly with specific emphasis on deep learning which is the current ...
Post a Comment
Read more

Longitudinal Dynamics

  so we will continue with what we were doing in the last class we were looking at a broad picture or perspective of vehicle dynamics so we were looking at how we are going to approach the subject of vehicle dynamics we said that for us though there is a vehicle it has its components and so on when we are studying vehicle dynamics we said the center of this whole thing is the mathematical model so mathematical model comes from our good old euler-newton equations and this has an input and an output remember that when we looked at the dynamics okay which is defined by using these mathematical equations they are classified into what we called as longitudinal dynamics lateral dynamics and vertical dynamics okay we said that we classify the dynamics what we are going to study using this mathematical model into a longitudinal lateral and vertical dynamics we also said that for these of understanding its effect we may most of the times delineate or decouple them and study them in isolatio...
Post a Comment
Read more

Boiler Performance

Hello, I welcome you all in this course on Power Plant Engineering. We have amply discussed about the boilers normal boilers high pressure boilers their mountings and necessaries. Now today we will discuss about the performance of the boiler. Because performance of the boiler is a very important parameter to assess the efficiency of the power plant right and for example, if we if we take a car. So, before we purchase a car, we assess the performance of the car and the performance of the car is assess how much mileage it is giving per liter how much kilometers it is covering . In similar way, the boiler performance is also assessed and there are different parameters to assess the performance of the boiler. Now, the first parameter is evaporation rate. How much water is getting converted into this? So, there are certain units for evaporation rates for example, this is kg per hour. Now, kg per hour per meter square, kg per hour per meter square; because there are different boilers having ...
Post a Comment
Read more

Mountings & Accessories-II

 I welcome you all in this course of Power Plant Engineering. Today, we will continue to discuss the Mounting and Accessories of steam generators. Topics to be covered today are the boiler mountings, remaining boiler mountings. Some of the boiler mountings we have already discussed in the previous lecture, and some of the boiler mountings will be discussing in the current lecture, and some of the boiler accessories we will be discussing here. So, let us start with a boiler mountings. There is a fusible plug which is required in almost all fire tube boilers. If fire tube boiler is a boiler, where in the shell the water is filled and there is a tube that maybe 1 tube or maybe 2 tubes or 3 tubes which are carrying the hot fuel gases which are burned in the combustion chamber of the boiler and these hot gases are surrounding by the water. Water is not filled up to the top, it is filled up to the certain level, right, in certain level is maintained. And, when these gases they when they ...
Post a Comment
Read more

Material Property Landscape

So far, we have looked at the materials that changed the history. So, we looked at wood, ceramics, fiber and cloth, and so on. So now, let us look at the concept of what do we mean by material science and what do we mean by materials engineering. Or, in other words, let us see what is -- how these two fields of study have been classified. So, the material science per se actually deals with the structure-property correlations. So, basically, what is the structure and what is the property that is obtained in the material through that structure? So, material science deals with the structure-property correlations, while materials engineering deals with designing or engineering of the structure of a material for specific application. So, basically it relies on structure-property correlations, and it takes from there, and then tries to design structures or components for a material -- of a material, for a specific application in mind. So, what do we mean by structure? A structure is nothing ...
Post a Comment
Read more

Coal Properties

Hello, I welcome you all in this course on Power Plant Engineering. Now we have discussed boilers and the performance of the boilers in the previous lectures. Now the coal is used in the thermal power plant. Coal is the main fuel which is used in the thermal power plants. And today we will discuss about the properties of coal. And we will discuss topics to be covered today are first of all discuss about the coal, analysis of coal, classification of coal, we will talk about the Indian coal and coal beneficiation. Now, regarding the coal is the oldest fuel which is used in the power plant. Actually oldest fuel is the wood; I mean which is used for heat generation or in power plant also earlier the wood was used, but coal is the main I mean for the commercial power generation the coal is the oldest fuel. And the earth has sufficient reserve for the coal for the another let us say 20, 30 years. So, still we can go for the coal based power plants. Shifting earlier many of the power plants w...
Post a Comment
Read more