2020 has not only shown what environment can do to the humankind, it has also made us realize what Cyber attacks are capable of, and if we compare the disastrous impacts of both, we’ll come to an unerring conclusion that latter is unquestionably more threatening to Man. World Economic Forum recognized this fact and included Cyber-attacks in Top 10 risks in terms of likelihood and impact in its Global Risks Report 2020.

This year, Israel and Iran engaged in an unofficial Cyber war which has already escalated to a height never before seen in the cyber world and still the scope for more remains with Hacking groups proclaiming the ‘worst is yet to come’. After more than a decade of Stuxnet’s arrival, Iran is again under the scanner and this time it is even more deadly!

Stating the most recent headlines – “Iran group claims attack on 28 Israeli railway stations” of 31st July 2020. This group – Cyber Avengers claim that they hacked into more than 150 industrial servers of railways in Israel, affecting 28 trains and subway stations. The attack was purportedly carried out between 14-24 July 2020 and severely damaged the infrastructure. The motto was to showcase how hackers could have led to collisions of trains, had they wished for.

This simply states how a bunch of hackers in 10 days could have possibly killed more than what a Global Pandemic killed in half a year across the globe. Even more worrying part is that it is one of the attacks in series of attacks which are taking place between Israel and Iran since April 2020 when Iran allegedly hacked into the Water and Sewer treatment plants of Israel. At that point also, millions of lives were in danger since attackers could have released more than the stipulated amount of Chlorine in water to make in poisonous and that could have killed a huge population.

Israel replied in the same tongue and on May 9, Shahid Rajaee Port in Bandar Abbas near the Strait of Hormuz remained down for almost the entire day. The port suffered massive Denial of Service attack. Some reported that Iran’s ports were badly affected for several days post this attack.
Also, Natanz Nuclear Facility in Iran suffered fire and explosion in first week of July which too is attributed to a cyber-attack from Israel.

Both nations officially denied any involvement in any of the cyber-attacks, nor could they identify the source of these attacks. But what if these were actually state-sponsored cyber-attacks? What does it mean for the rest of the world?

India and China, Israel and Palestine, USA and North Korea, Hong Kong and China, North Korea and South Korea – these are some of the developed nations on loggerheads. Needless to say, they possess massive cyber power and most have their own cyber army which is as discrete as any special investigative agency. The purpose of these agencies is to collect crucial information pertinent to national security, but can they be offensive in times of war?
The answer is absolutely Yes. These are no less than combat armies battling in their war rooms and having their war machines – the computer. The extent to which they can penetrate is directly proportional to the vulnerable devices being used by government in a country. Be it traffic signals, Hydro-electric power plants, Airports, missile systems, nuclear power systems and all the other electronically controlled equipment. The amount of destruction that each attack can incur is unfathomable. They can poison the air or water, they can open the gates of dams, take down the power grids, play with nuclear reactors or launch the missiles on random targets even by sitting thousands of kilometers away.

Combine these with espionage, honeytrap, phishing and social engineering and we get the ability to hack the unhackable.

So, what’s the solution, can we avert the ticking time bomb? Answer is again Yes, Governments need exhaustive security testing of every critical system deployed, every IP address and every port in it. This needs to be in policies for continuous evaluation. Best industry practices should be followed and applied. Legacy hardware, software and protocols need to be ditched. VAPT, Red Teaming and bug bounties of all government assets should be announced. Thorough log and monitoring must be in place to detect even a small anomaly. Creating Zero-trust policies to avoid any espionage risk. Train the employees well to avoid phishing attempts. At last, consider Cyber Security as an integral part of software development and application deployment to avoid any 0-days.

Even if we consider the first world nations, this task seems mammoth but when national security and lives of your people are at stake then there must not be a single mistake in a bid to foil any attack. If it has to be done and if it can done, then it must be done.

However dark the world of hacker seems, there are always those who bring the light and the ones bringing them must be honored, respected and celebrated

Author : Piyush Goyal