Cyberattack: The Invisible Threat

When one tries to think of threats at a community or an individual level, the notions of security concomitantly flood in the mind, thinking of all kinds of security measures, ranging from traditional notions of security to non-traditional notions of security. Since, the threats evolve with the time and new threats, subsequently give rise to new problems both to individuals and masses, the need for new forms of security is needed to curb and minimize the effects of such new threats. You all might have heard about poisoning the water supply of the Florida city where hackers gained access to the city’s water supply system and tried to mix harmful chemicals into it. This was an ‘invisible’ attack where no person was physically present and everything was done remotely. The chemical which was intended to mix is called sodium hydroxide and is used to control the acidity of the water but dilution of more from the same can poison the water. Several attempts were made by the hackers to poison the water but none were successful. Another dominant ‘invisible’ cyberattack that people cannot forget is the Ransomware Attack where billions of dollars were paid to hackers in the form of ransom to restore the computer's sensitive data and files. If I may ask you about some kinds of threats and risks that persist in our world, some of you would broadly categorize the risks in five categories namely, environmental risks, economic risks, societal risks, geopolitical risks and lastly, technological risks. With all such major threats already existing in our world, human survivability comes into danger when the support from machines and technological devices turns into danger.   

Suppose if someone enters the territory of another country and willfully indulges in illicit activities, then under various rules and norms that person, if caught, is executed.  Moreover, fraudulently, if he gets any data, sensitive in nature, such a situation can escalate some form of war (may be cold or hot in nature) between the two countries. But suppose that data or any sensitive information goes in the wrong hands, undeniably it can create situations of real havoc. People cannot forget the Paris G 20 summit held in 2011, where hundreds of computers were infected with a malicious file sent via email culminating in the access of confidential data of the summit to unknown entities. The Aadhaar data leak in India in 2014 and subsequent years had risked the privacy of millions of people. Hacking and interference with the US presidential campaigns in 2016, cyber-attacks on Ukraine in 2017 are other few instances from the long list. To prevent aforementioned physical or cyber intrusion, palpably, all countries take adequate security measures. As I already mentioned, threats evolve with time, so the referent.

Cyberspace, according to the U.S. Strategic Command is “a Global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, Telecommunications networks, computer systems and embedded processors and controllers” (US Strategic Command 2009,8; Richelson 2016). Undeniably, this domain too has equivalent standings as others like air, water and land. In cyberspace, as the debates suggest, the sources of any threats can emerge from physically or environmentally or in any other forms induced and managed remotely by digital interference. Few States’ potential and advancement in the digital world can act as a source of threats to others. To understand it unambiguously, it can be framed as possession of nuclear weapons by some states which in turn act as threat to others. Any kind of misunderstanding and miscalculation can result in serious repercussions. The referent will ostensibly be, if defined unidirectionally, the users and networks but multi-directionally, it would cover a state or states and their sovereignty. 

On 2 July 2020, the fire broke out at Iran’s well known Shahid Ahmadi Roshan Natanz Nuclear Complex where significant damage was reported but without any human casualties. Reports suggested that the incident happened due to cyberattacks carried out by Israel (reported by Al-Jareeda daily). This was the same computer worm identified as the first cyber weapon, the ‘Stuxnet’ or the cyber worm used against Iran’s nuclear plant. In December 2015, Ukrainian companies which distribute electricity were accessed remotely. This gave complete control of the electric grid to some unknown actors and resulted in the complete shutdown of electric power to more than a hundreds of thousand people. Cybersecurity experts and the government blamed Russian groups behind this cyberattack and claimed that these cyberattacks were intended to completely disrupt the conditions in Ukraine. Such hacks done on critical infrastructures for instance the power lines in Ukraine demonstrates the delicacy of such matters. 

Imagine, while moving the lens from small scale cyberattacks like digital frauds, privacy violations, personal data leakages and breaches, to the most essential and critical infrastructures such as attacks on Hydroelectricity dams, Nuclear Power Plants, Hospitals and its machineries, Electric Grids, Chemical Industries etc. Attacks on such critical infrastructure can create havoc and loss of life. Government data is extremely valuable to hackers, supported either by opposition parties within a county or any rival countries. Undoubtedly, when it comes to the purpose of security for the countries, it becomes absolutely necessary to protect their data, information networks and various valuable and sensitive databases from getting compromised and harmed. Both safety and survivability of individuals and the state is prone in such a situation. Moreover, possibly the data breaches of some sensitive information and hacking to critical infrastructure as mentioned can escalate the problems globally and threaten all the states. This might also increase chances for full-fledged war. Probably, that is one reason that states never have indulged in a full Cyberwarfare since there exist some sort of deterrence in Cyberspace too. 

Arriving at the means of securitization, this can be an individualistic or collectivistic approach where if any individual’s security is in danger he can reach out to cyber experts. But if cyberattacks threaten the sovereignty of any state from within or outside the country by targeting its critical infrastructure and sensitive information, then air gaping (disconnecting devices from any network or internet) targeted systems and computers would be suitable. Unfortunately, few countries (mainly authoritarian in their nature) under the name of protecting national security and sovereignty, exploit cybersecurity laws. Strict imposition of surveillance on people, hidden keywords-based censorship on online contents, and espionage for their personal use on citizens as well as people outside the borders are few ways by which people’s political and civil rights are curtailed. The state becomes the guarantor (and exploiters in some authoritarian regimes) for providing security from any sort of cyberattacks and digital threats arising from both domestic and foreign land. Cybersecurity cells are established to keep a check on all unlawful activities.

 

References :-

1.  “What Is Fraud Detection? Definition, Types, Applications, and Best ..” n.d. Accessed February 4, 2022. https://www.toolbox.com/it-security/vulnerability-management/articles/what-is-fraud-detection/.
2. Park, Donghui, and Michael Walstrom. “Cyberattack on Critical Infrastructure: Russia and the Ukrainian Power Grid Attacks.” The Henry M. Jackson School of International Studies, March 15, 2021. https://jsis.washington.edu/news/cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/#:~:text=In%20February%202016%2C%20U.S.%20Deputy%20Energy%20Secretary%20Elizabeth,companies%20was%20attacked%20from%20Russian%20Internet%20networks.%20. 
3. Malwarebytes Labs. (2021, February 10). Hackers try to poison Florida City’s drinking water. https://blog.malwarebytes.com/hacking-2/2021/02/hackers-try-to-poison-florida-citys-drinking-water/
4. “Was It Stuxnet 2.0? Cyberattack on Iran’s Natanz Nuclear Facility”, n.d. Accessed February 5, 2022. https://cisomag.eccouncil.org/cyberattack-on-iran-nuclear-facility/.