HOW VULNERABLE IS INDIA TO CYBER WARFARE ATTACKS IS THE CHALLENGE FACING NATIONAL SECURITY PLANNERS.

Ranjit B Rai

The Institute of Defence Studies and Analysis (IDSA) held a two day long conference on Digital Age & Cyber Space from 28th August 2018 in New Delhi in partnership with  the Institute of Policy, Advocacy and Governance(IPAG) headquartered in Dhaka in Bangla Desh.  The aim of the conference was to, “Maximise Benefits, Minimise Risks and Unleash Creativity”, of the cyber domain and was addressed by nine Indian cyber experts and many more from think tanks in USA, Belgium UK, Singapore and France.

The speakers engaged with a lively audience, which included companies that work on cyber security for institutions, and Government, and professional virus solution providers and hackers in industry who also work for National Security. Cyber is a new speciality and jobs are well paid as work in Cyber challenges the practitioners who are expected to re-interpret the existing models of enterprise security, and to think out of the box.

At the outset it is known that India unlike China, lacks a national Internet network with large server capacity to make firewalls, restrict Google and Gmail like services, and yet provide its citizen’s internet, like China does through its Weinbao like services. China has set up internal gateways for security with fusion centres for intelligence and has a large budget for cyber operations and an army of young hackers. Cyber operations are getting connected with artificial intelligence (AI) for automatic surveillance of threats.

USA hosts large Government servers and satellites while private players like Google in USA have massive cyber network capacity to generate revenue which is open to public worldwide, and Indians are big users.  India does have small secure intra net networks for its critical infrastructure and the military has Navnet and Afnet and the Indian Air Force has telnet with secure smart phones as a protective deterrence mechanism. Most countries are adopting and readying cyber attack measures and exercise these in trials but these are clouded in secrecy.  Cyber is a dark subject.

Ex NSA cyber operative Dave Aitels claims Russia has a cyber division as a pivot of active strategic measures which he calls CYBER-INFOOPS for FSB and GRU intelligence agencies. He writes it is a remnant of former massive Soviet Union measures to police it’s people,  and is miles ahead of the times, even for information warfare on social media and is well budgeted . This may have been used to target the US Presidential elections, under investigation in Washington DC by Robert Muller. 

CEO Amitab Kant of Niti Ayog which BJP has set up for catalysing economic development, in his keynote address outlined with facts and figures how India has become one of the largest internet user in the world. He listed the many internet led facilities BJP Government has set up, pushed personally by Prime Minister Narendra Modi including all subsidies and payments by Government to bank accounts by internet, under Digital India which has accelerated growth and eradicated black money.  He supported and suggested the need for a larger indigenous set up to safeguard India’s cyber security, in co-ordination between Government and Industry. In passing, he used the term Cyber Command leaving that to the military.

Gulshan Rai a cyber specialist and currently Chief Information Officer in PMO in his Key note address admitted there was a lack of national network but he assured India was well safeguarded with intranet and Nicnet networks and much was classified and much needed to be done to educate the public on safe internet use age and plans were afoot to expand the scope. This was comforting. India can take a cue from Israel where Cyber and Coding is becoming a subject in high schools with its Mahshimim type programmes.

The world of Cyber is now dubbed as the fifth domain of warfare after the known four, which are land, sea, air and space warfare, because today the internet connects the world and it is vulnerable to hacking and attacks to render it damaged or unworkable. A military will feel lost as the attack on its infrastructure will not be physical,  and is difficult to  identify as cyber flows through Information Technology (IT) in real time transmissions of messages and data, and orders to the computers in machines and weapons, can be disruptive.

The internet conveys all messages through fibre optic cables, and space through satellites which eighty percent of the world’s 7.6 billion people use. These include Email messages, purchase orders and such in unclassified or encrypted classified form, which are generated from electronic devices. The devices include the family of computers and smart phones and Ipads, and satellites in space, and servers that use networks all over the world. Hence IT security has becomes every one’s business to keep data and devices safe.

The cyber domain is unique in that it  can be closed in a circuit of computers called intra-net with dedicated and linked computers or can be interdependent on networks of information technology(IT) provided by Government  as in China and by private telephone companies as in India and democratic nations.  The infrastructure of IT for transmission includes the Internet servers, telecommunication networks, office and private computer systems, and embedded processors and controllers. For critical infrastructure and industries like conventional and nuclear power plants. For military communications it is essential to have closed loop intranet.

The interdependent networks are open to  attack by viruses, worms and injection of malware called memes to deny service to the target user and if it is on the military then it amounts to an attack among other means, short of war. The attacker is invariably anonymous as internet has no national boundaries and can create online threats on targets. This is what causes challenges for policymakers and militaries looking for definitive responses to threats.

Society at large is  dependent on net work providers for exchanging the masses of data in emails, apps, instagrams and twitter and on Facebook that moves on open and commercial networks, on payment for its use. It is a big money spinner which makes Google, Facebook and such very solvent with advertising and use age. Technology is galloping and policy makers find it difficult to keep up with technology and tend to make laws to curtail breaches which technology tries to beat and terrorists are using for effect.

At this stage it would be relevant to state that banks use secure password systems with double biometric securities in varied forms, yet internet banking frauds are common, mostly due to negligence or prey to high level hacking and some breaches are not reported. The United States has a large intranet closed communication secure system for its Foreign Service and Embassies and the secure computers are without pen drive slots or disk drives situated in office premises.

In a now publicised breach Secretary of State Hillary Clinton used a non intra-net network for messages from her home and on the move, which got hacked, and she had to answer for that in the elections. On 28th August, 2018 President Trump tweeted with confidence that, ‘Hillary Clinton’s Emails many of which are Classified Information on her private Email server got hacked by China.’ This shows how susceptible even leaders can be, to not appreciate how the internet works and the need to be careful in its usage.

Militaries focus on defensive and offensive cyber-war solutions and that is where  the army of hackers come in as employees of the state. They defend the state from hacking and practice attacks on foreign networks and websites, and enter them to cause damage or spread mis-information.  More the need for a national network.

Cyber is non-kinetic, asymmetric and non attributable but damaging so militaries have to plan for  Cyber warfare which may not have territoriality, but  has no limits to proportionality of attacks so as Charles Dickens said, ‘these are the best of times and the worst of times’ for militaries in cyber warfare, the fifth domain of warfare. Singapore has set up an agency to protect its information technology (IT) infrastructure against cyber-terrorism and cybe’r-espionage, called the Singapore Infocomm Technology Security Authority (SITSA).

India has nominated NTRO to oversee efforts to safeguard the nation against IT technology security threats, and Intelligence breaches, and give leads to its Intelligence services, especially for anti national activities and anti terrorism.  Police has also set up cyber centers for crime.  India needs to start thinking of setting up its own cyber-military industrial complex, to face the information age with offensive superiority, as India is a big supplier of soft ware to the world.

Leave a Reply