It appears that the hacking of Sony pictures in which corporate data has been destroyed and compromised has exposed the new dimension of a kind of Cyber warfare. According to FBI, the hack was attributed to North Korean Government and the motive was the prevention of the release of a Hollywood movie involving a theme of assassination of a North Korean leader. Of course North Korea has denied the charge.
The issue highlights the potential for damage to corporate business assets arising out of such state sponsored high impact attacks. Such attacks can occur on other corporates in future as a targeted attack as a part of Cyber terrorism.
Indian corporates face the specific risk of Pakistan sponsored attackers intending to damage the Indian economic infrastructure.
It is time therefore for Indian Companies to initiate appropriate security measures to ensure that they can ensure business continuity if such debilitating attacks are targeted at them.
Apart from hardening of the security on an ongoing basis, most companies need to revisit their Disaster Recovery Programs (DRP). Many companies need to establish a DRP where there is none and upgrade if they have a basic facility.
As a result of this new threat perception and the necessary mitigation measures, the cost of maintaining the IT infrastructure would increase significantly.
The Government of India needs to therefore think what is its responsibility in providing a security blanket to Indian Corporates against such attacks coming from enemy states. It appears that this is a National Defense Responsibility rather than an information security responsibility of an individual company.
There are two immediate actions that the Government may contemplate.
1. First requirement is to provide some kind of a defense cover to the Indian corporates by offering financial support directly promoting higher cyber security investments by corporates. This could be in the form of setting up a National Secured Data Center at different parts of the country where in companies can be provided DR hosting facilities at a reasonable cost.
2. Second is to recognize that such attacks on private citizens of one country by another state actor is “Terrorism” and handled as such by the international community India should join an international consortium with US to develop a “Global Cyber Security Force of Democratic Nations” that can attack and bring down the rogue states who mount cyber wars on the citizens of other countries. This should be discussed during the visit of Mr Obama to India during the next month.
The Sony attack is a defining moment in the global cyber security and we cannot afford to ignore the event as the next such attack can come upon one of our own global players.