Cyber Attacks on Critical Infrastructure — Prelims Strategy

Focus on memorizing specific institutional roles and legal provisions. NCIIPC operates under NTRO, not MeitY - this is a common trap. Remember Section 70 (protected systems) and 70A (NCIIPC establishment) of IT Act.

Create a matrix of sectoral vulnerabilities - power (SCADA), banking (SWIFT), healthcare (medical devices), transport (GPS/control systems). Case studies are crucial: Colonial Pipeline (ransomware, fuel shortage), Ukraine (state-sponsored, power grid), Stuxnet (air-gapped systems, physical damage).

Practice elimination techniques by understanding what each agency does NOT do - NCIIPC doesn't directly declare protected systems, CERT-In doesn't regulate critical infrastructure. Current affairs integration is key - recent incidents provide question material.

Focus on India-specific developments like power sector incidents, AIIMS attack, and policy announcements. Avoid confusion between different types of cyber threats - infrastructure attacks vs data breaches vs cyber warfare have different characteristics and responses.