Sunday, November 20, 2011

Is SCADA The New Cyber Attack Battlefield For India?

The supervisory control and data acquisition (SCADA) has been in limelight these days. This is because malware are specifically designed these days to target SCADA systems. It is not the case that malware were not used in the recent past to target SCADA systems but their sophistication and intensity has increased tremendously these days.

SCADA generally refers to industrial control systems (ICS) like computer systems that monitor and control industrial, infrastructure, or facility-based processes. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

An attack upon SCADA is essentially an attack upon the critical infrastructure of a nation. Recently, cyber criminals used SCADA to burn out a public utility water pump in United States. Malware like Stuxnet and Duqu have further created nuisance for US and other nations. These incidences have also forced the defense advanced projects research agency (DARPA) of US to further strengthen its offensive and defensive cyber capabilities.

In the Indian context, the critical infrastructure protection of India is not in good shape. There is neither an implementable cyber security policy of India nor there is any critical ICT infrastructure protection policy of India. Even the Indian nuclear facilities may not fully cyber secure.

As more and more ICT would be used for critical infrastructures like SCADA, the risks of cyber attacks sabotaging the same are great. India has already received enough hints about the possible cyber warfare, cyber espionage and attacks upon its critical infrastructure. It is high time for India to protect its critical infrastructure from local and foreign cyber threats.