Strengthening India’s cybersecurity starts with securing critical infrastructures
The opening ceremony of the Pyeongchang Winter Olympics made headlines – but not just for outstanding performances or vibrant displays. A cyberattack on the latest Winter Olympics resulted in a 12-hour disruption, leaving attendees from across the globe unable to retrieve or print purchased tickets during the momentous event 1]. The outage demonstrates how disruptive cyberattacks can be – often much worse than a slew of frustrated guests, especially when involving more critical infrastructure.
In 2014, the Indian government established the National Critical Information Infrastructure Protection Centre (NCIIPC) to regulate and protect the nation’s Critical Information Infrastructures (CIIs). CIIs are defined by the Information Technology Act of 2000 as vital computer resources that, if incapacitated or destroyed, will leave a debilitating impact on national security, economy, public health or safety across both public and private sectors .
Although many CIIs are primarily owned and operated by the private sector, such as banks and commercial facilities, the role of government is equally important when evaluating how best to protect organizations and industries from attack. Here are three key areas governments should focus on when implementing a cybersecurity strategy –
· Take charge with national recommendations – Securing our critical infrastructure requires coordinated efforts from various government agencies as well as the private sector. However, governments should take the lead and issue standards and best practices on the most effective approach.
For example, last year, the Singapore Cyber Security Agency held Exercise Cyber Star with 11 designated Critical Information Infrastructures (CII) to put the country’s cyber incident management and emergency response plans to test. This was done through a series of simulated cybersecurity incidents, planning sessions and workshops  and served as a good platform for the organizations and agencies to assess their cyber-readiness and knowledge-share on best practices. Assessing the current state of readiness is the first step to implementing an effective cybersecurity plan.
· Be aware of weak lines between OT and IT – Operational Technology (OT) is a system that monitors and controls physical devices and processes, such as how much electricity is generated through transmission lines. Traditionally, these functions were run on man-operated equipment. With the growth of Internet of Things (IoT) devices, many OT systems are now equipped with IP addresses to enable remote access streamline control operations. This transition means that OT and IT networks are increasingly connected and security standards must be kept up-to-date to ensure proper barriers between the networks.
Successful measures include improved access control and encryption, which helps prevent hackers from gaining access to IT networks and enables quick control of OT that could result in disruptions or ransom of essential services like electricity, water and public transport.
· Stay adaptable as IT landscapes evolve – A recent study found that 92% of businesses leaders in India believe that organizations need to adopt a digital-first mindset to drive growth . As such, we will soon start to witness private and public sector organizations moving toward digitalised business models that rely on the latest advanced technology trends. From the growth of IoT to moving into public clouds and artificial intelligence, IT operations and security must adapt to keep pace with the newest advancements, all while mitigating risks.
While attacks on critical infrastructure can have dire consequences, they are akin to attacks that have already hit other industries and can be managed with existing best practices. New or improved technologies can also help enhance the protection of critical infrastructure assets. Voice and video analytics platforms powered by machine learning, for instance, provide a number of capabilities, including crowd control, gauging expected motions and identifying objects and individuals whether stationary or in motion.
Critical infrastructure protection is essential to the security of India. While daily operations among the private and public sectors continue to differ, a collective effort is required to securely build India’s digital economy and achieve the Smart Cities Mission by 2020. Information sharing and collaboration between the public and private sectors are equally vital to securing the nation’s critical infrastructure.
 Hackers Targeted the Winter Olympics Opening Ceremony to ‘Embarrass’ South Korea, TIME, 13 February 2018
 Guidelines for Protection of Critical Information Structure, National Critical Information Infrastructure Protection Centre, 16 January 2015
 11 critical information infrastructure sectors tested for first time in national cybersecurity exercise, Channel NewsAsia, 18 July 2017
 92% Indian leaders at the forefront of advocating ‘Digital Organizations’ for business growth – reveals Microsoft Asia Digital Transformation Study, Microsoft News Center India, 28 March 2017