Plans afoot for PSU cyber defence

A computer virus is the Internet equivalent of biological warfare. And a state that boasts public sector units aiding moon missions and ordnance output cannot be nonchalant to the growing malware threat.

Jharkhand’s Cyber Defence Research Centre (CDRC) has decided to tie up with half a dozen “highly vulnerable” PSUs, which have a collective turnover of nearly Rs 100,000 crore, and equip them with robust security mechanisms to thwart attacks from viruses like Stuxnet, Duqu and their malicious ilk. The CDRC will also monitor a PSU’s preparedness and educate it against digital breach.

According to officials at the Dhurwa-based centre, systems and networks of various PSUs — such as HEC, SAIL and CCL — have been studied and analysed over the past couple of months.

“The survey has brought forth many a handicap in combating worm attacks. We are, currently, compiling vulnerabilities under parameters like vital information storage, firewall installation, in-house mails among others,” said IG (operations) S.N. Pradhan, who also heads the CDRC.

Among the PSUs in Jharkhand, SAIL and HEC use hi-tech applications, making them more susceptible.

Engineering major HEC has supplied a key computer-controlled machine to the ordnance factory in Kanpur for indigenous manufacture of firearm barrels, including that of Bofors guns. India’s maiden moon mission — Chandrayaan I — too lifted off from a launch pedestal manufactured by HEC.

SAIL, on the other hand, is the country’s largest steel company. With a turnover of Rs 50,348 crore, it is among the five Maharatnas of India’s central public sector enterprises.

Though Pradhan refused to identity the PSU that is most vulnerable, he confirmed that almost all were “poorly equipped”.

“On paper, they have firewalls to protect classified information, but in reality they are absolutely prone to cyber terror. The best firewall is one that denies entry of unknown subjects into any website at every stage. But in case of PSUs here, in-house mail practices are also suspect,” he added.

Speaking about threats to PSUs, a CDRC expert said computer worms like Stuxnet and Duqu, which were discovered in 2010 and 2011, have the potential to crash systems and control or scuttle production.

“Stuxnet spreads through Microsoft Windows and is designed in such a way that it primarily attacks Siemens supervisory control and data acquisition (SCADA) systems. For instance, if a turbine is installed at a dam and controlled by SCADA, Stuxnet can remotely control the rotational speed. If speed of the turbine is increased, there may be floods,” the official explained the magnitude of disaster malwares were capable of.