India steps into the big league of nations which have had their critical infrastructure attacked – and the attack is publicly announced by a third party.
The nation also lives up to it’s reputation of expertise in opacity, denial, obfuscation, double-speak. Oh yes, and that our bureaucrats and political leaders know best because we citizens are scum who can be fed any crap.
The same game has been played out over the past 48 hours or so since the shit hit the fan (so to speak) when a tweet by an Indian security professional highlighted another tweet by a foreign researcher. The bad news highlighted by these folks was – Kundankulam Nuclear Power Plant (KKNPP) has been attacked and certain processes in the steam generation system have been compromised.
Now why does it always have to be a foreign researcher who will be heard and our desi guy is given the “ghar ki murgi” treatment and cold shoulder. Remember Messrs Elliot and UIDAI,, and don’t forget UIDAI making an ass of themselves, or the dare by the TRAI chairman – these are all perfect stories for Kapil Sharma’s show.
How not to react to a cyber incident
This is something no one knows, or understands, especially these Government entities. These babus think that any thing types on their letterhead with a rubber stamp and signature will be God’s proclamation via their medium, even if you can smell the trash written light years away.
So KKNPP puts up it’s “you don’t know who i am” hat and asks Mr Ramdoss to DOS the world that is speaking badly about the Kundas. And Mr Ramdoss throws his BIG status of Training Superintendent & Information Officer at everyone telling them to cease and desist from such falsehood. He proclaimed that the Kunda kundalinis are all safe and secure and that no one can touch them because they are stand alone and not connected to the outside world.
Know ye all, that KKNPP and all other Indian NPP Control Systems are in a state of nirvana (a.k.a air-gap)
This is exactly how NOT to react to a cyber incident. You do not ask someone who is (seemingly) untrained in crisis management and communication to make pubic statements. You do not put someone who has no clue about cybersecurity to stand up and talk balderdash. Even if you do this, you give him / her a proper briefing. You do not put out a statement in reactive mode, just to spite the world which has just exposed the holes in your u’pants.
