“Cyber warfare is the biggest threat to national security which will render even the intercontinental ballistic missiles (ICBM) insignificant as a security threat,” said former President Dr A.P.J. Abdul Kalam at a military function at Hyderabad recently. “Cross-border cyber crimes not only blurred physical and national borders but also could lead to actual war,” he added. Former US Defense Secretary Leon E. Panetta says, “We’re not talking simply about a website going down for a couple of hours, a cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyse the nation,” he claimed.

The US intelligence community’s annual review 2013 of world threats states that cyber attacks and cyber espionage presented a greater threat to the US national security than Al Qaeda. China is being branded the Cyber Espionage Capital of the World. British Prime Minister David Cameron has vowed to “robustly” fight efforts by other countries to steal state secrets. German Chancellor Angela Merkel literally admonished President Barack Obama during his recent visit to Germany for the US state-sponsored cyber espionage.

Nitin Desai, a former Internet advisor to UN Secretary General Kofi Annan, and now Chairman, IDSA Cyber Security Task Force, says, “Preserving functionality is going to be the real challenge for cyber security and cyber defence. It cannot be done by using defence forces in the traditional way, but has to be done in partnership with affected civil agencies. How do we make that kind of partnership functionally effective? This is going to be a major challenge.” The US has set up an Independent Cyber Command, the UK has its GCHQ, China has a large presence and is already active. Dr Gulshan Rai, Director General, Computer Emergency Research Team (CERT), says, “Half a million modems in our country are compromised.” We buy technology from various sources but by carefully monitoring the procedural aspect, we can reduce the breaches by 30-35 per cent. Another issue is how to improve the physical security of the cyber assets. One way is through mock drills and the response is improving gradually. Lt General (Retd) Aditya Singh, former GOC-in-C Southern Command and former member National Security Advisory Board, says, “War has taken a new frame in the 21st century. Are we safer today than the previous century which saw two World Wars and the nuclear stockpiles? Terror attacks on the World Trade Center, Parliament of India, Mumbai, and now the massive cyber threat. Trillions of emails are exchanged daily. Facebook has 900 million users and there are 200 million tweets every day. By 2015, there will be twice the number of devises connected to Internet than there are people and that the usage of Internet is forecast to go up by nine times in India. Therefore, you have a cause to worry and there is a need to build a proper national response.”

“We are in a cyber-war with unclear boundaries and dearth of governing laws. The governments, Internet, companies and citizens are grappling with how best to limit risks,” says US cybersecurity expert Timothy H. Edgar. “What constitutes use of force in cyberspace and what targets are allowed under international law? While suspected nuclear facilities can be inspected, how does one examine everyone’s computer in a given country to ensure covert hacking isn’t under way?” he questions. Espionage and attack have put cyberspace in military domain, even though potentially at risk are power grids, water systems, financial institutions and many other civil functions. John E. Savage, who once worked at the US State Department, says, “The $10 trillion are transferred daily via undersea cables and any compromise could halt the entire economy.” The defence for a break-in is a good lock, a sentry, and criminal laws to punish the offender. Internet is a free-way with no highway patrolling and hence the problem.

Major Cyber Operations

The US military and China have been dominating cyber operations. Operation ‘Flame’ in 2007, a piece of malware beset thousands of computers in the Middle East, particularly Iran. Modules that could be remotely reprogrammed, that were capable of a variety of covert operations including infect computers, collect computer screenshots, log keystrokes or just record Skype conversations. Flame often disguised itself as a ‘Windows Update’. In 2010, a worm named, Stuxnet, described as “one of the most resilient and sophisticated piece of malware ever”, most likely originated from the United States or Israel, is credited with the destruction of uranium-enrichment centrifuges at Iran’s nuclear facility. Since the beginning of Israeli military offensive in Gaza in December 2012, Israel claims to have faced 44 million cyber-attacks on their government websites. China has not confined its cyber espionage to the US. This February, both the European Aeronautic Defence and Space Company (EADS) and German steelmaker, ThyssenKrupp, were allegedly attacked by Chinese hackers who, it was reported, made off in May 2012 with floor plans of the Australian intelligence agency’s new building in Canberra. The recent revelation by Edward Snowden, the whistleblower for the “PRISM” data mining operation of the US global cyber espionage activities against China and India and also some of its North Atlantic Treaty Organisation (NATO) partners, has shaken the world out of slumber and deprived the West of the moral high-ground. On December 4, 2010, Pakistan Cyber Army hacked the website of India’s Central Bureau of Investigation (CBI).

Defence contractors are eager to get into this cyber war. Raytheon, General Dynamics, Lockheed Martin, BAE Systems, Cassidian (EADS), Thales, Northrop Grumman, General Dynamics are all scouting for “computer network exploitation specialists”. The US dominates the global cyber security market and is likely to spend $93.5 billion ( Rs. 5,61,000 crore) between 2013 and 2023 (56 per cent of the global market). The Asia-Pacific region will be the second with 14 per cent share in 2023.

Options for India

Who does not know of the Indian naval war room leak case? Former Chief of the Air Staff Air Chief Marshal S.K. Sareen feels that “with increased networking, large volume of operational data and plans in soft form, the risks have increased exponentially. The operations rooms need to be made cyber secure. Foolproof backups including hard copies are required. Not a pin should leave the secure zone. Strict data handling, storage and classification policies need to be enforced with exemplary punishment.” Vijay Latha Reddy, Deputy National Security Advisor, says, “We have what most countries don’t have which is human resource. Secondly, we are secure because we are not so extensively connected. We therefore have an opportunity to leapfrog. Trouble is that it is a moving target and it is going to keep moving.” In 2007, Pakistan spent $3 million ( Rs. 18 crore) on establishing a centre for cyber crime. Pakistan Interior Ministry said Pakistan urgently needs a centralised, aggressive and proactive command for cyber and information warfare.

We need to remember that armed forces are trained to fight a kinetic war and value skills such as physical strength, marksmanship, and to lead combat units under fire. The soldier will initially display reluctance as he did to electronic warfare. Addition of a cyber-branch in each service to conduct service-specific tactical offensive/defensive operations, secure networks and advice on policy formulation is the need of the hour. Cyber Command should conduct strategic operations on a global scale.

Tri-Services Cyber Command

In the four-year tenure as head of the US Cyber Command, General Alexander has overseen a massive expansion in its capabilities. It has been allocated huge resources while other intelligence agencies are seeing their budgets relentlessly squeezed. Cyber work is cloaked in the highest secrecy, but the fingerprints are visible across the world. Cyber is becoming so critical to the mission that Academic Dean Andrew Phillips of the US Naval Academy puts it on par with the Navy’s four other fighting domains: land, sea, air and space. Thirty-six midshipmen will major in cyber operations later this year, the first time the US Naval Academy is offering the option. China has 1,200 research labs downloading tetrabytes of defence information. The Chinese as part of the preparation of battlefield have hardened their networks.

A National Association of Software and Services Companies (NASSCOM) report entitled ‘Securing Our Cyber Frontiers’ released in April 2012 by P. Chidambaram, the then Home Minister, recommends establishment of a Cyber Command within the defence forces. The Hindu reported that India, the information technology superpower, has cyber security workforce comprising a mere 556 experts deployed in various government agencies. Compare this to China with 1.25 lakh experts, the US has 91,080 and Russia has 7,300 as mentioned in a note reportedly prepared by the National Security Council Secretariat. The government has decided to recruit 4,446 experts to be deployed in different departments. The armed forces will get a majority of the experts (1,887), followed by the National Technical Research Organisation (695) and others. A government-private sector plan being overseen by National Security Advisor Shiv Shankar Menon began in October 2012 and intends to beef up India’s cyber security capabilities. One of the hardest issues in cyber counterintelligence is the problem of “attribution” and to trace attackers so as to plan the counter-attack.

Cyber war is manpower intensive and a low-cost exercise for which India needs to prepare. Need for the cyber command has been acknowledged by the Defence Minister and the National Security Agency. Initially it can follow the strategic forces command structure and command and control. If 26/11 attacks could produce 20 million jobs in the security sector, there will be a tremendous need for cyber sleuths. Uniformed personnel will have to rub shoulders with cyber geeks. As Indian armed forces get more networked, the threat is also increasing exponentially. The challenge therefore is to remain ahead of rogue nations. Militaries across the world are exploring ways to achieve superiority in cyberspace by investing time, resources and money like never before. Given the gravity of the escalating threat, the need to establish the Cyber Command is urgent. Air Chief Marshal N.A.K. Browne, the Chairman Chiefs of Staff Committee, has been spearheading this exercise.