DailyPost 2256
AIIMS RANSOMWARE ATTACK
The issue is not that is has happened, the real issue is what was done for not allowing to happen. Ransomware in wide and varied versions and fail-safe attacks that they have perfected have been sending chill down the spine of authorities, managements, IT and cyber security companies themselves. That most or nearly all the attacks go literally undetected* from the final results point of view. Do you remember if of ransomware hacker facing trial, leave aside conviction? That second attacks post the first ransomware hack has also become the norm. The fate of world business leaders like Colonial Pipelines and JBS only last year is all too well known. Ransom had to be paid. If all this is a music to your ears, our fate can be no different.
Hacking is the new normal, but what have we done to ward if off. Best practices, booklets, conferences, toothless government policies and anti-virus companies have brought us here, there is no need to take us any further. The direction we are in, we will reach the nemesis on our known. You can coin a new term Data Nemesis. It means somebody sits on your data and dictates terms. The global venom called REvil was supposedly liquidated by Russia at the request of US early this year, but appeared again in an unimaginable location, at Dibrugarh in oil India’s headquarter. They had demanded Rs. 57 crores as ransom.
National Critical Information Infrastructure Protection Centre (NCIIPC) was created in 2014. The list of critical information infrastructures should have been a common knowledge now and also the efforts being taken to protect. Does AIIMS fit into guidelines, framework and what benefits accrues to this iconic medial facility to keep it safe? Besides keeping it safe, what is of utmost importance is keeping it functional. No organisation can run with the IT infrastructure is taken over by hackers. The National Cyber Security Policy came in 2013. Presumably, nearly a decade hence we would be more cyber secure. In the conundrum of politics, governance and business, cyber security does not fit into anybody’s scheme of things, they don’t have the vision to understand it hits them all.
The Supreme Court gave a fundamental right to Privacy. The later public exposure of Pegasus and the plight of the Data Protection Bill has its own story. What will it deliver even if the new one is passed? Digital Laws don’t operate as physical laws in the moral of the story. Can we bring the requisite change? Today the health data of the decision makers is in question. As per the news reports, the severs have been down for sixth consecutive day at AIIMS, Delhi after getting hacked. Hospitals globally have been hacked earlier as well inclusive of NHS, UK during WannaCry. Health data of 3-4 crore patients could have been compromised, AIIMS servers have data of several VIPs; top notch politicians, bureaucrats, judges etc. Rs. 200 crores have been demanded as ransom. Resilience is the cardinal principle today, was it missing and to what extent, backups et al. Was capability to restore back services at the earliest missing? Is an attack of this nature not an ignominy?
LIP SERVICE TO CYBER SECURITY SEAL THE LIPS AT TIMES OF SUCH HACKS!
Sanjay Sahay