Cyber war – Where are we?

Photo(s): By pri.org
By Lt. General P.C. Katoch (Retd)
Former Director General of Information Systems, Indian Army

 

Cyber attacks in India have been on the rise over the years, particularly against government sites and Indian missions abroad despite several layers of security measures in place to protect against intrusions. In one instance, according to the Toronto based Munk Centre of International Studies, GhostNet – a Chinese network, had infiltrated networks of the Indian Government as well as of the Dalai Lama., Not that this is not happening world over, absolute cyber security being misnomer. The hot news has been Russia hacking the US presidential elections in Donald Trump's favour, including exposing some 60,000 e-mails of the Hillary Clinton campaign that were later released by WikiLeaks showing Hillary in poor light. In India, the PMO, MEA, MHA, NIC, DRDO, atomic installations, and military websites suffer hacking attacks periodically. Last year, as many as 32 lakh debit cards belonging to various Indian banks were compromised resulting in the loss of 1.3 crores, with one report indicating malware infected ATM of Yes Bank. Then, 'Virtual Terrorism' is a gigantic problem facing India; examples being discovery in 2014 of Mehdi Masroor Biswas, ISIS tweeter "@ShamiWitness" operating past several years, a former NSA stating more than 100 individuals involved in Mehdi like activities, and a National Investigation Agency (NIA) probe showing tech savvy Indian Mujahidin (IM) cadres use proxy servers (in US, Nepal, Canada, Pakistan, Netherlands, India) and complex code to chat with email accounts that disappear if not accessed in 24 hours, encrypted files and complicated code language. We also face a situation where China is a cyber-super power adept in refined skills to undertake, cyber espionage and sabotage, and Pakistan is increasingly a beneficiary of China's cyber warfare capabilities because of the expanding China-Pakistan anti-India nexus.

China's cyber warfare strategy focuses on controlling the information systems of the adversary during critical periods of confrontation and this is how China plans to negate superior US technology and obtain advantage in the physical battlefield. Therefore, in event of an Indo-Pak conflict, China is likely to assist Pakistan attack Indian command and control and other networks. Additionally, the Islamic State and Al Qaeda are refocusing to South Asia which increases the danger of cyber attacks. How the enemy is using social networks to destabilize regions is visible in J&K, rioting in Assam in recent past, plus the radicalization and misinformation campaign pan India. Moreover, 'Digital India' is increasingly networking the country including critical infrastructure like transportation networks, power grids and financial institutions through on-line integration, with more and more official data stored on-line. Requisite levels of cyber security apparently could not be catered for in the 'Digital India' project because the costs would have gone up exponentially. This gives the opportunity to our enemies, radicals and terrorists to undertake cyber attacks. What could perhaps be done is to execute 'Digital India' with adequate cyber security in phased manner rather than race for a deadline to complete 'Digital India' by 2019 and then start worrying about cyber security. Cyber War is a vital ingredient of hybrid warfare that is ongoing globally and what we have been facing past decades. Hence, focus must be maintained on this non-contact strategic asset.

In India, cyberspace is being looked after primarily by the National Technical Research Organization (NTRO) operating under R&AW. The Indian Computer Emergency Response Team (CERT) set up in 2004 under Department of IT is the nodal agency for responding to computer security incidents. In addition, the National Critical Information Infrastructure Centre (NCIIC) carved out CERT in 2013 is to protect assets in critical sectors like energy, banking, defence, telecom, transportation etc. The NSA is to oversee a public-private partnership to set up a cyber-security architecture. Logically, this would also be on the lines of the Counter Extremism Project (CEP), a non-governmental initiative, launched in 2014 with Israeli assistance to confront the growing threat from extremist ideology; seeking to refute social media messaging, and compile world's biggest database of extremist networks. Though a non-governmental organization, it works with governments exploiting the internet to, mobilize social media to counter extremist ideology by exposing the threat of extremists and mounting a global counter narrative. India needs similar public-private partnership to tackle this mammoth problem. It may be recalled that Zakir Naik would have continued to preach hatred without Bangladesh pointing out to us Naik's radical activities that came to light post the terrorist attack on a Dhaka café. Of late, India's young hackers have also come of age. They have reportedly been successfully accessing Pakistani governmental networks. As per one media report, even the network of the US Embassy in Islamabad was snooped into and an old US roadmap for South Asia was retrieved, albeit US naturally denied its existence. So, the basic capability is very much there, but what is needed is harnessing the youth talent, a well-thought out roadmap and most importantly it's implementation; often in India everyone knows what is to be done but where we lack is the execution part. Already, many institutions in India are running courses in hacking. We need to invest heavily in IT protection, least we become easy targets for adversaries, terrorists and criminals.

In addition to the National Critical Information Infrastructure Centre (NCIIC), we could also establish the following:

  1. 'National Coordination Centre for Information Sharing and Analysis' – to define the meta data and data standards for information sharing between the NCIP, the intelligence agencies and the public and private sector industry. This may be a part of NSC/NTRO.
  2. 'National IT Product Security Test Centre (NIPSTC)' to operate and maintain a National Evaluation and Certification Scheme for IT Security.

But hacking and protection of own critical infrastructure and networks is not all cyber warfare is about. It must have the essential proactive element. It is for this reason that the cyber warfare programs of both the US and China are led by the US Military and the PLA. In fact the PLA has gone a step further and combined intelligence, technical reconnaissance, electronic warfare, cyber warfare and space warfare under the newly constituted Strategic Support Force of the PLA, which has tremendous operational advantage. In our case, not only is the military kept away from the cyber-warfare program, little progress has been made with respect of the Naresh Chandra Committee recommendation of 2012 for establishing a Cyber Command in the military.

We must have an offensive cyber warfare policy and undertake systematic capacity building against adversaries including:

  1. Stop them from accessing and using our critical information, systems and services;
  2. Stealthily extract information from their networks and computers including vulnerabilities, plans and programs of cyber attack / war, forethought and prior assessment being vital since it only takes 300 milliseconds for a keystroke to travel halfway around the world;
  3. Penetrate their networks undetected and stealthy insertion of dormant codes, to be activated at opportune time for thwarting cyber attack (s);
  4. Manipulate and doctor radio transmissions;
  5. Destroy their computer networks, if and when necessary;
  6. Manipulate their perceptions by speeding up ongoing research in mind control sciences.