Published
on
By
With the rise of technology, the nature of crime has also transformed. Crime becomes more lethal and untraceable. Cyber security expert warns about the new nature and domain of cybercrime in 2023.
Cyber Attack on Hospital
Cyber-attacks on hospital systems can have serious consequences, as they can disrupt the delivery of healthcare and potentially put patients’ lives at risk. Hospitals are often targeted by cybercriminals because they may have valuable personal and financial information about patients and because the consequences of a successful attack can be severe.
In a cyber-attack on a hospital system, the attacker may try to gain unauthorized access to the hospital’s computer systems and steal or manipulate data, disrupt the operation of medical devices, or disrupt the delivery of healthcare. The attack may also involve ransomware, where the attacker holds the hospital’s data hostage and demands a ransom to restore access.
It is important for hospitals to have strong cybersecurity measures in place to protect against cyber-attacks. This may include measures such as firewalls, antivirus software, and secure passwords, as well as ongoing training for staff on how to recognize and prevent cyber-attacks.
Scanning QR Code
Scanning a QR code has the potential to compromise your personal data if the QR code is linked to a malicious website or if it is used to steal your personal information. It’s important to be cautious when scanning QR codes, especially if they are from unfamiliar sources.
It’s also a good practice to check the URL of the website that the QR code leads to, to make sure it is a legitimate website and not a phishing site or other type of scam.
It’s also a good idea to use a QR code scanner app that checks for safety and has some sort of building security checks, also updating your device and QR scanner app on regular basis will make sure you have the latest security patches.
It’s a good practice to avoid scanning QR codes from untrusted sources and only scan QR codes from sources that you know and trust.
Cyber-attack on Supply Line
A cyber-attack on a supply chain can have significant consequences for the affected organizations and their customers. These types of attacks can disrupt the flow of goods and services, leading to delays, lost revenue, and potentially even damage to a company’s reputation.
In a supply chain cyber-attack, attackers typically target the systems and networks that companies use to manage and track their inventory, orders, and shipments. For example, an attacker might target a company’s enterprise resource planning (ERP) system, which is used to manage inventory and production, or a transportation management system (TMS), which is used to track shipments and deliveries.
The attacker can gain access to these systems through a variety of methods, such as exploiting vulnerabilities in software, phishing scams, or other forms of social engineering. Once they have access, they can steal sensitive information such as customer data, financial data, and intellectual property, or disrupt the normal operation of these systems. This can lead to delays in deliveries, stakeouts, and unplanned downtime in production.
It’s important for organizations to take steps to protect their supply chains from cyber-attacks, by implementing measures such as security awareness training for employees, regular security audits and penetration testing, and the use of advanced security technologies such as firewalls, intrusion detection, and prevention systems, and security information and event management (SIEM) tools.
In addition, organizations should also be proactive in monitoring for signs of an attack and be ready with incident response plans, which can help minimize the damage of a successful attack and help with a faster recovery.
Cyber-attack on electric cars/vehicle
A cyber-attack on an electric vehicle (EV) can have serious consequences, potentially compromising the safety and privacy of the vehicle’s occupants, as well as the integrity of the EV’s systems and networks.
One way that attackers may target an EV is by exploiting vulnerabilities in the vehicle’s electronic control units (ECUs), which are the computer systems that control various aspects of the vehicle, such as the powertrain, brakes, and steering. Attackers could potentially take control of these systems and manipulate the vehicle’s behavior, potentially causing accidents or other dangerous situations.
Another way attackers may target an EV is by exploiting vulnerabilities in the vehicle’s communication systems, such as the onboard diagnostics (OBD) port, or wireless connectivity systems, such as Bluetooth or cellular networks. This can allow attackers to gain access to the vehicle’s systems and data and potentially steal sensitive information such as location data, driving history, and personal information of the occupants.
To mitigate the risk of cyber-attacks on EVs, it’s important for manufacturers to design and build vehicles with security in mind. This includes the use of secure coding practices, regular software updates to address known vulnerabilities, and the use of robust security protocols to protect the vehicle’s communication systems.
It’s also important for EV owners to be aware of the risks and take steps to protect their vehicles. This can include keeping their vehicles’ software up to date, being cautious about connecting their vehicles to unfamiliar networks or devices, and not leaving sensitive information such as personal data in the vehicle.
As the trend of Electric cars is getting more popular and advancement in technology is increasing, Cybersecurity in Electric cars will be a crucial area to ensure the safety and security of both vehicles and their occupants.
Cyber-attack on Electric Grid
A cyber-attack on an electric grid can have serious consequences, potentially causing widespread power outages and disruptions to the electricity supply. Electric grids are complex systems that rely on many interconnected components, including power generators, transmission and distribution systems, and control systems.
One way that attackers may target an electric grid is by exploiting vulnerabilities in the control systems, such as supervisory control and data acquisition (SCADA) systems and other industrial control systems (ICS) that are used to monitor and control the grid. Attackers can use malware, phishing scams, or other techniques to gain access to these systems and manipulate the grid’s behavior, potentially causing power outages or other disruptions to the electricity supply.
Another way that attackers may target an electric grid is by exploiting vulnerabilities in the communications systems that are used to transmit data and control signals between different parts of the grid. This could include exploiting vulnerabilities in the networks that connect power plants, substations, and other grid components, or by targeting the systems used to manage the grid’s transmission and distribution systems.
To mitigate the risks of cyber-attacks on electric grids, it’s important for utilities and grid operators to take a proactive approach to cybersecurity. This includes implementing robust security measures such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) tools. Additionally, regular security audits, penetration testing, and employee training on cybersecurity are important.
It’s also important for government agencies, utilities, and grid operators to work together to share threat intelligence and coordinate incident response efforts. Furthermore, Industry Standards and regulations such as NIST-CIP, IEC62443, and others provide guidelines for protecting industrial control systems like those used in the electric grid.
Given the critical importance of electric grids to our daily lives, ensuring their cybersecurity is a vital step towards protecting our communities and infrastructure from potential cyber threats.
The Curious case of Estonian Cyber Capabilities: Lessons for Pakistan
Is Russia losing the cyber warfare?
Muhammad Shahzad Akram is a Research Officer at the Center for International Strategic Studies (CISS) AJK. He holds an MPhil degree in International Relations from Quaid I Azam University, Islamabad.
Maritime Cybersecurity: A Potential Threat to India’s National Security
Jeffrey Sachs: Who really blew up the Nord Stream 2 pipeline?
The Iranian Success in Grey Zone Deterrence to counter the U.S.
The Global Footprint of Chinese Cyber Warfare and Espionage
Ukrainian Cyber-defense and lessons for Pakistan
Cyber Security Concerns: A threat to India’s National Security
Published
on
By
India has a huge coastline of 7516.6km comprising 13 major ports (including one private port) and more than 200 minor ports across the coastline. It is a very known fact that the maritime sector is very crucial for India’s security, stability, economy, and sustainable development. India conducts around 70 percent of its total trade by value through the sea. India is strategically placed in the Indian Ocean, which gives it greater access to trade with the world’s major shipping routes. India’s seaborne trade has grown at a rate that is twice the 3.3% rate experienced globally. India is now focusing on strengthening its maritime sector through the upgradation of safety and security standards at the ports, enhancing port capacity and operations, and automation. It is placing emphasis on automation and technology upgradation through projects like SAGAR and Sagarmala. With digitalization in place in almost all the port operations and in the surveillance of the maritime waters, as shown in figure 1, the maritime domain is vulnerable to cyber threats ashore and afloat.
Figure.1 Technology in the Maritime Sector
With Information and Communication Technology (ICT) coming into use, increasing reliance on seaways, and the growing importance of the data as a weapon in the hands of the state, all these pave the need for better cybersecurity management systems in the maritime sector.
The maritime business, its ships, and its cyber environment are all protected by a variety of tools, policies, security concepts, safeguards, guidelines, risk management techniques, actions, training, best practices, assurance, and technologies.
Maritime cyber risk can be referred to as the extent to which the technology in use could be attacked, that could result in the loss or compromise of information.
Pirates and opposing nations have been a menace to the maritime transportation business for thousands of years, but as the sector has developed and technology has been more thoroughly integrated for enhanced efficiency, so too has the magnitude of possible cyber threats. Now, even using something as simple as a USB flash drive, or even an unsecured Wi-Fi, the hacker can get access to the critical systems of the vessel, thereby obstructing the entire port operations. For example, a suspected ransomware attack on the Management Information System (MIS) crippled the operations of the Jawaharlal Nehru Port, Mumbai, in 2017 and again in 2022.
Though the primary motive behind cyber threats is profiteering, there are several aspects that motivate a cybercriminal to conduct a cyberattack on the port or vessel operations. This includes espionage, activism, terrorism, warfare, and others.
The various kinds of cyberattacks on the maritime sector involves malware, trojans, botnets, advanced persistent threats, ghost shipping attack, cryptocurrency hijacking, and other. In addition to these cyber threats, the maritime domain is vulnerable to cyber terrorism as well. The awareness in the maritime sector over cyber terrorism is very minimal or negligible, with very little emphasis given to it. Chinese cyber activity is a major security threat to India. China is also using cyber technology in its South China Sea Anti–Access/Area Denial (A2/AD) strategy. The A2/AD strategy denies freedom of movement and navigation to rival powers by increasing defense systems that threaten their ships/submarines.
The technologies like the Automatic Identification System (AIS), ECDIS, GPS, information systems, Industrial Control Systems, and other operational technologies have played a crucial role in enhancing the efficiency of port and vessel operations. Nevertheless, these technologies are of no exemption to cyberattacks as every technology comes up with its own loopholes. For example, the adoption of AIS is compulsory for any vessel to ensure its safe navigation, but as it is unencrypted and unauthenticated, the maritime sector is vulnerable to spoofing, water holing, social engineering, and other cyberattacks. It is also important to identify the human role in operating such technologies, as it is noted that human error and equipment flaws are primary reasons behind the success of these cyberattacks.
Maintaining the integrity of supporting systems, protecting ship systems from physical assault, and making the maritime sector resilient to both internal and external threats are all critical. Protection from various cyberattacks is necessary to prevent a breach of the network and its systems. Proper countermeasures and in-depth defense strategies must be deployed for each attack to prevent an attack from taking advantage of a flaw or vulnerability in the technology.
Primarily, it is important to promote awareness among the staff or the crew to identify cyber threats and on responding to such threats and, for example, alerting the officials if any malicious or unusual mail or notification is identified in the system.
Block chain technology can be an efficient solution as it allows for a continuous monitoring system and provides real-time status on the ship’s security. It also enables secure communication and storage of data in the control centers. It helps in avoiding loss of data and data modifications by unauthorized users.
The AIS and GNSS systems must adopt encryption and authentication measures which are given zero attention to this date.
With the vast coastline, it is not possible for India to secure the coastline through manpower. Israel based startups, in order to effortlessly secure the maritime IoT ecosystem, Cydome Security offers a cyber solution to handle this precise problem. The company’s solution is intended for systems with links to coastal infrastructure as well as guidance, sensors, control, and command.
Fighting fire with fire is one way that organizations can aid in stopping such intrusions: AI-driven security systems can successfully foresee and thwart AI-driven threats in real-time with appropriate data.
It is crucial to note right away that there is no magic solution for marine cybersecurity. An interconnected era has been retrofitted with a history of outdated shipboard equipment, leading to a shattered and vulnerable maritime environment.
It is in India’s interest to take a leading role in negotiations and developments with global countries, given its crucial position in the Indian Ocean Region and the need to protect itself against China’s growing threat in that region. In order to take shipping on to the next level of connectedness, strong cybersecurity is imperative.
Published
on
By
I Doubt Therefore I Survive”- Michael Richard Daniell Foot, British Intelligence Historian.
Since world war US always had upper hand in conducting sub/ unconventional warfare especially Covert Psyops, Americans have always heavily invested in sinister designs- the famous MKultra progaramme of using high psychotic drugs- LSD to psychologically weaken Human’s mental state and force confessions out of them. Also, Its aim was to develop mind-controlling drugs for use against the Soviet bloc. The project attempted to produce a perfect truth drug for interrogating suspected Soviet spies during the Cold War, and to explore other possibilities of mind control. CIA’s Subversion techniques and plans into the Soviet’s camp and other communist camps are also one of the greatest security headache for Soviets. The problem was that Soviets espionage/ Intelligence temperament was not that ruthless, hard and developed as CIA’s. Eventually, this became a reason of how and why US’s psychological operations substantially harmed Russian/Soviets’ influence too much. If we leave Vietnam, the scores of US in espionage circles, activities of de-installing regimes and squeezing Soviets sphere of influence and even now squeezing Russia’s sphere of influence are much higher than of Russia. Further, this also becomes a strong reason why Russians were not able to swiftly retort to these activities in a fashion in which US does or the tit for tat temperament was not proactively seen from the Russian or Soviet’s side. In other words, they struggled to match and register covert successes in countering US’s influence in substantial sense. A story of one of the greatest female speies and phenomenal covert operations led by US and west which set the stage rolling for “espionage” in global politics.
We mostly idealize male as spies, because of their endurance and the tradition or culture of talking only about male spies, the amount of glorification/popularization which a male spy gets is somewhere reduced to less when the story of female spy comes in. Though the mindset is now changing and people are now equally focusing on both the cases, However, it has been observed that stories of female spies are still struggling to get glorified or talked about in some parts of the world. The tides changed their directions when a female spy- Virginia Hall, regarded as one of the greatest female spy whose contribution led to Allied Forces Victory in World War-II. In America she is regarded as one of America’s greatest heroes.
The Past
She was born on 6th April 1906 in Maryland, attended Roland Park country school, later for her higher studies she went to Barnard College(Columbia University) where she learned French, Italian and German and later moved to Geroge Washington University to peruse Economics. Virginia Hall’s life was filled with roller coaster rides with dramatic twists and turns. She had a dream to become the first female Ambassador of the United States. She even started to work towards her dream by taking up the job of a clerk at the consular office in Warsaw Poland and later in Turkey. She didn’t know that a major setback is still waiting for her. In an accident she lost her left leg, However, this accident didn’t slow down Hall’s dream, She was firm and determined to achieve her dreams and serve for her country.
Making of A Spy
Later, She applied for Foreign Services and her application in the foreign services was turned down because of disability and her gender(Females were rarely hired at that time). Repeatedly her applications were turned down over and over. However as usual her determination and refusal to comprise with her dreams were fueling/ not letting her dreams die. Later she moved to France for employment, where During World War-II in February 1940 (the early period of war) she become an ambulance driver for France Army, after the defeat of French she again moved to Spain for employment where she accidentally met British Intelligence Official name Geroge Bellows. Bellows got amazed by her communication and thinking skills and gave her the number of a “friend” who was working in Special Operations Executive(SOE), United Kingdom secret operations unit in World War-II. After getting in touch with “friend” she joined the SOE in April 1941.
The First Job
She gets the training in SOE and sent to France by France Section of SOE. She was given a cover of a reporter/ journalist for New York Post which enabled her to interview people, gather information from surroundings which can be useful for intelligence/ military officials of Allied Forces. Gradually she became an expert and learned how to arrange contacts, logistics, and who to bribe to get information and get the required work done. She also learned how to distribute and supervise wireless sets among agents and the network of SOE. Despite the French occupation by the Germans, she managed a long tenure as a spy-transmitting information to London about German which highlights her operational brilliance and. She also sensed danger and refused to attend a meeting of SOE Agents and later French Police raided the meeting place and SOE agents got arrested.
The Journey with Americas
After successfully planning an escape of the SOE agents from jail, when Hall returned, she was declined to serve in France because she and SOE networks were almost compromised, and sending her again would be too much risk. After this, Hall got in the contact with OSS(predecessor of CIA) and joined American Intelligence at the low rank. She was sent to France again by OSS. This time she was given a cover of poor peasant women, she used to roam around the various places and often changed her disguise to a milkmaid and prepared Cheese and sold cheese to German Soldiers. Hall was tasked to prepare resistance force known as Maquis and set up Anti- Nazi The environment in France, which would help Allied Forces during Invasion. Hall continued to gather information about German Soldier’ locations and finance Maquis and help to set up resistance force which later helped Allied Forces in planning effective Invasions- Operation Jedburgh. No doubt with an artificial leg, she ruled the helm of Spy Networks, and in those times when females were rarely hired for jobs. German described her as “Most Dangerous Allied Spy” She successfully established Anti Nazi resistance which eventually led to the collapse of the Nazi and victory of Allied Forces, It was Hall with whom help Allied Forces were victories over the Axis Powers effectively. Hall broke all the stereotypes in the spying network who believe that Females are not that smart witted to survive in the Intelligence Word. She was awarded Distinguished Service Cross in 1945 and earlier she was also awarded prestigious British Medal. Later She becomes the first female to work in CIA, she was given desk jobs in CIA and due to her age she couldn’t perform well in the tests which were mandatory in CIA and after a brief period of time she resigned and took retirement at the age of 60. She lived with her husband Paul Barnesville, Maryland, until her death in 1982. She always refused to talk/write about her World War-II or in-field experience which led to the curiosity of many. The way she believed in her instincts, intuition, and with the brilliant skill set despite one leg has made her one of the greatest spies of all time.
Published
on
By
Turning the pages of history concerning the gradual progress of humankind, right from the ancient to the modern world, a common connecting link can be found. It is called War. But what makes this fact more interesting is the perpetually changing nature of war. It is an expression of numerous variables of history and their complex combination in which war plays a major role that cannot be undermined.
Theoretically, the epistemological framework of wars has been categorised into five generations. The present-day modern world is witnessing 5th-generation warfare. It relies heavily on the weaponisation of cyberspace and the magnanimous data generated by various States. Every imaginable fact that can be noted, quantified and stored digitally can be considered potential data. This all-encompassing and pervasive nature makes data a crucial asset of a state. This asset, if compromised due to a lack of security, can cause severe damage.
Cyberwarfare, in this regard, is a phenomenon that uses this cyberspace which is primarily a realm of data, by states and non-states actors to spy or block access to critical data stored online. This is followed by demanding a ransom from the victim for access to data, often compromising the confidentiality, privacy and security of individuals and states.
China is a prominent actor in world politics that has significantly used cyberwar as an instrument of state policy. It follows in letter and spirit the philosophical ideas shared by Sun Tzu in his famous book ‘The Art Of War‘ as a road map to achieve political gains. The strategic approach of China is dovetailed with the core philosophy of Sun Tsu. He says in his book, “To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.” China is striving to inflict maximum damage to its adversaries by facing minimum or no loss on its part through the strategic application of cyber war.
The dual task of frequent cyber attacks and espionage by the Chinese is materialised through a state-sponsored hacking group institutionalised by Bejing. It is called the APT41. The alleged group works hands and gloves with the Chinese Ministry of State Security. The group is accused of unauthorised access to protected computers, stealing highly confidential information and data from government and private enterprises, money laundering, and theft of identity. The Chinese have followed a worldwide approach to targeting major countries across the globe. This article discusses five such countries.
India.
The recent cyber attack on AIIMS Delhi is an emblematic expression of China’s desperate move to inflict harm on its adversaries. The origin of the attack was traced to Hong Kong. In this attack, out of the 100 servers, 40 were physical, and 60 were virtual. The hackers were able to penetrate five servers. The servers were rendered dysfunctional by the hackers. Fortunately, it was reported that the data was recovered. The CERTin has instigated a thorough investigation on this issue along with NIA.
In a similar instance, the Galwan clash vis-a-vis India and China and the Mumbai blackout that took place in October 2020 are also profoundly linked. It was found that the blackout was a case of cyber attack induced by China as a strategic response to the Galwan Valley incident. China, through this measure, attempted to send a clear signal of its cyber capabilities to India. It was a warning that if India ups the ante in border clashes, then its major cities could come to a standstill.
The United States
A recent disclosure by the US government found that a whopping $20 million was stolen by hackers that had close affiliations with the Chinese government. This money was associated with the U.S . Covid relief benefit and is one of the first pandemic frauds that was initiated by the Chinese as an instrument of state policy.
The U.S. has also been a witness to the Microsoft exchange cyber attack by China. The incident was a testimonial to the fact that how the Chinese government is following the realist approach to world politics. This incident was condemned by the UK, Canada and NATO in unison.
The issue of cyber espionage as a long-term goal of the Chinese government shows the gravity of the situation. Beijing has resorted to these measures to gain leverage in the changing geopolitical scenarios. It strongly considers the U.S. as a major hurdle to achieving its political leverage at the international level.
Russia
Despite being a strong partner and sharing a deep relationship with Russia, China has attempted cyberspying on Russia. The Israeli-American cybersecurity firm named Check Point made a remark in this regard. Emails containing malware were sent to prominent scientists of major military research institutes in Russia to gain access to technology and information.
The Xi era in China has witnessed a sharp rise in cyber espionage, theft of information and intellectual property with the use of highly sophisticated technology by the Chinese. The state-sponsored nature of these acts further complicates the issue. The prime motive of the Chinese is to gain a strategic advantage in the realms of data and military capabilities.
The U.K.
The Chinese government’s exploitation of the technological ecosystem to gain a strategic advantage is not new. This is rightly addressed by the director of GCHQ, Jeremy Fleming, in a rare public speech at the Royal United Service, a prominent think tank. He states that China’s rise is increasingly becoming a major security issue.
The conventional ideas of war have been challenged, and the battleground has shifted to cyberspace. Due to its technical clout, China has become a significant threat to other states in cyberspace due to increasing cyber espionage activities. This issue is addressed in the latest report by NCSC, which warned that Chinese state-sponsored hackers are the biggest security threat to the U.K.
Australia
Following a global approach, the Chinese have also placed their malicious virtual footprint in Australia. The quest was to seek vital information about the Australian defence and energy.
Proofpoint, an American cyber security firm, unfolded about the “Red Ladon” (TA423) group linked to China that was involved in a fake Australian publication. The group infected the employees’ computers with malware to snoop into confidential information.
A phishing scam was reported, and it was found that the Chinese government were striving to decipher information related to the South China Sea in areas of defence, navy and energy. With the desire to keep itself abreast of the strategic changes, the Chinese have tried to gain access to sensitive information.
Conclusion
Carl Von Clausewitz states, “War is not merely a political act but a real political instrument, a continuation of political intercourse, a carrying out of the same by other means.” The Chinese have used cyberspace to carry out political intercourse through other means.
Undoubtedly, China is following a panoramic approach worldwide concerning cyberspace. Its footprint is prominently visible across the globe, covering most of the major states that are key players in the international forum. The increasing weaponisation of data and cyberspace by China is certainly a major threat to India’s national security on multiple fronts.
The use of espionage and cyberspace for prospective cyberwar shows the critical importance of protecting data rapidly turning into a nation’s strategic asset. The swift-changing nature of war with the prime focus on data emphasises how the vulnerabilities in the protection and management of it can be used as a loophole left to be easily exploited by other states to gain strategic advantage. This stands very specific with respect to China and its approach to exploiting cyberspace.
Music gives a soul to the universe, wings to the mind, flight to the imagination, and life to everything. —…
International cooperation, discussion and agreements are needed to ensure safe, secure and peaceful outer space. At present, there are more…
US-China rivalry will affect various states, which have good relations with both (China and U.S). After the disintegration of the…
Chinese-style modernisation has given a shot in the arm of the maxim “The Socialist Road is the broadest of all”…
An alternative approach of development stemming from the cosmo-visions of the Quechua peoples of the Andes’s sumak kawsay, the Aymara…
During the course of the conflict in Russia-Ukraine, Ankara has managed to preserve its strategic autonomy and has avoided siding…
In his recent landmark address to Russia’s parliament, President Vladimir Putin cited the war in Ukraine and US/NATO involvement in the…
Germany inspects Lithuania
Russian invasion: Why collective responsibility is not so “collective”?
Perpetual Presence: How 5G will Change the Digital Marketing Landscape Forever
Takeaways from the sixth Quad ministerial hosted by India
Human Trafficking: A Global Security Concern
Beyond Froyd: Crafting a Love Story between Humanity and Tech
A Western option in the South Caucasus after the Russian invasion of Ukraine
Bangladesh’s paramilitary capabilities and future prospects
Copyright © 2023 Modern Diplomacy
Leave a Reply