The world’s sole superpower is highly paranoid and has conducted numerous simulation games on its critical information infrastructure, but till date there has not been any significant instance of a cyber attack (or cyber-terrorism) targeting it.
This is not to say that threat does not exist. Probably, non-state actors do not currently possess the kind of capabilities required to conduct advanced cyber attacks. Nonetheless, even in the Indian context, a disruption on any critical information infrastructure, such as the Indian Railways computer network, Reserve Bank’s financial network or the National Stock Exchange’s system is likely to incur heavy financial losses as well as result in widespread chaos.
Industrial espionage
It is well documented that terrorists use the same infrastructure and technology that is freely available to plan and coordinate their violent actions. Whether it is satellite imagery through Google Earth, terrorist propaganda through Jihadist websites, or communication through electronic mail and instant messaging; the exploitation of ICT infrastructure by terrorist outfits is on the rise. We may impose certain restrictions, but technology is a double-edged sword, and the perpetrators of evil will always find a way of circumventing these checks.
Worldwide trends also indicate a rise in cyber-crime. With banks getting networked and offering conveniences like Internet Banking and Any Time Money (ATM), a new generation of white collar criminals are unleashing cleverer and more lucrative methods of stealing money.
In recent times, gangs of ATM thieves have been nabbed from India’s major cities revealing that the threat is not just restricted to foreign countries. In the information age, where information is power, cyber criminals are not always targeting financial networks; they may also steal information or classified documents. In fact, industrial espionage has taken a new form, with professional hackers coming onto the scene and pilfering secret information from business rivals or sensitive installations.
‘Insider’ threat
In India’s case, the most pertinent risk is taht of ‘Insider threat’. Several information security surveys have pointed out that the greatest information security threat to an organization is not from an adversary or a criminal, but from an insider. The insider may be a former employee, a disgruntled worker or someone who is just financially motivated. A case in point is the recent arrest of three former employees of the BPO, MphasiS BFL during April 2007 from Pune for allegedly stealing over $350,000 from four Citibank customers. Financial losses aside, the incident had an adverse impact upon the company’s credibility and reputation, especially amongst global clients.