Along with the outer space, cyber space is rapidly emerging as a new and sophisticated theatre of warfare with serious consequences for the security of the countries that lack the expertise and infrastructure to ensure the safety of their information and communications networks and mount counter offensive. Indeed, the overall lethality and destructive potential of the cyber war, where the adversary remains invisible and difficult to detect, has been increasing at a phenomenal pace. Because stealth and anonymity are the distinct advantages of cyber war, it is possible to inflict unprecedented damages on the civilian and military assets of a targeted country at a short notice and that too without any elaborate preparations normally associated with a conventional war.
Moreover, cyber attacks could also easily be mounted on corporate and industrial entities to cripple their operations and put them out of the business by a breed of smart cyber hackers. “In the past, we could count the number of bombers and tanks your enemy had. In cyber war, we really can’t tell whether the enemy has the weapons until he uses them,” says Richard Clarke, a former Chairman of White House Critical infrastructure Protection Board.
Because cyber communications continues to be a dynamic and rapidly evolving area that is subject to the process of sustained innovations and refinements, there is no fool proof firewall capable of insulating the information networks and computer systems from the malicious manoeuvres of a well trained and highly motivated cyber warriors. The recent defacing of the websites of some of the key government of India organisations including the ones belonging to an advisor to the Prime Minister and DRDO (Defence Research and Development Organisation) cannot but be a wakeup call for India. Of course, this cyber attack that reportedly took place on Oct 31 this year resulted in the temporary shutdown of a few Government of India (GOI) websites. However, GOI sources in New Delhi made it clear that these websites maintained by NIC (National Informatics Centre) did not contain any classified information. There were also intelligence reports in November, 2011 about the probable compromise of computers of the Eastern Naval Command located in Vishakhapatnam.
It was the shocking Mumbai terror attack mounted by the Pakistan trained terrorists that spurred US Government to announce measures to strengthen its cyber security system. Indeed, US President Barack Obama, citing the use of GPS and net phones in the Mumbai terror attack, described the cyber attack as the “future face of the war.” Obama was clear in his observation, “the terrorists that sowed so much death and destruction in Mumbai relied not only on guns and grenades but also on GPS and phones using voice over the Internet.”
Indeed, both the US political establishment and defence set up are fully well aware of the ground reality that the US$100-billion plus global cyber crime market has emerged as a major headache for the defence forces and security agencies in various parts of the world. For there have been instances of the theft of critical data stored in ostensibly high security systems of the defence establishments of various countries. Even the seemingly all powerful Pentagon has not escaped the bouts of cyber attacks. US intelligence and security sources say that classified data on aircraft, avionics, surveillance technology, satellite communications systems and network security protocols stored in Pentagon information systems have been siphoned off.
In fact, the super intelligent breed of cyber criminals are finding it easy to disrupt the data flow and communications links of the defence forces scattered across a widely dispersed geographical stretch. Moreover, since all the wings of the services are making extensive use of the cyberspace for their coordinated warfare strategy, cyber criminals and terrorist groups are devising novel techniques to break open the security walls put around the data storage systems and communications links of the defence forces. Banks, financial services and public utilities including power supply systems and transportation networks could easily be paralysed by well executed plans of cyber criminals. According to the Boston based Core Security Technologies, cyber criminals could gain access to a “country’s water treatment plants, natural gas pipelines and other critical utilities,” through imaginatively conceived and well executed plans.
Meanwhile, in keeping with the growing threat perception, the US Cyber Command charged with the task of ensuring the security of the networks being operated by US Department of Defense (DOD)and also launching offensive operations in cyber space in pursuit of the national interest, is all poised to be upgraded with an independent status. This elevation would put it on par with its parent organisation, US Strategic Command, which is responsible for US space and nuclear operations. In fact, this development follows the revelations by US intelligence agencies that Chinese cyber hackers are hyper active in so far as penetrating the high security networks of Pentagon containing classified strategic information is concerned. But then the Chinese Government sources in Beijing have consistently been denying the involvement of Beijing in many of the cyber attacks that are said to have their origin in China. “China is totally opposed to various kinds of hacking activities on the internet and we are committed to relevant counter hacking initiatives,” says a spokesman of Chinese External Affairs Ministry.
But it would be wrong to come to the conclusion that China alone is responsible for all the vicious cyber attacks reported from various parts of the world; far from it. For, it is widely perceived that the US in association with Israel had carried out an attack on Iran’s disputed nuclear centrifuge facility though highly malicious Stuxnet malware in 2010. And a section of US officialdom believes that the malware Shamoon that temporarily paralysed the Saudi based Aramco in August this year had its origin in Iran. The attack on Saudi oil firm Armaco has left USA deeply worried. In October this year, the US Defence Secretary, Leon Penetta described the attack on Armaco as the most sophisticated yet launched on a private company. Even as Iran is suspected to be behind this attack, sources in Tehran have denied any involvement in Armaco attack.
Meanwhile, there is a growing body of evidence pointing out to the Chinese hackers focussing on mounting economic espionage and paralysing high security networks of the countries considered inimical to the interest of the mainland China. Against this backdrop, the three day all India executive committee meeting of the 87 years old Rashtriya Swayamsevak Sangh(RSS)held in Chennai in early November 2012 had cautioned against growing threat to India’s security from China based “cyber criminals”. Pointing out that China posed a serious threat to India’s cyber and communications network, the RSS resolution said China is capable of crippling the technological capabilities of even advanced nations such as USA. Against this backdrop, RSS has called for the formulation of a comprehensive national security policy with a particular focus on strengthening cyber safety.
A fact-filled report prepared by McAfee in association with SDA(Security and Defence Agenda), a Brussels based defence and security think tank, ranks India as the fifth most cyber crime affected country. “Much of the vulnerability is explained by the widespread computer illiteracy and easily pirated machines,” points out this report. Making reference to Indian cyber security scenario Cherian Samuel of the New Delhi based think tank Institute for Defence Studies and Analysis ( IDSA) says, “In India, we went straight from no telephones to the latest in mobile technology. It is the same with internet connected computers. They came in all of a sudden and no one was taught even the basic facts about cyber security”. Cyber security experts feel that the main challenge for India now is to train and equip the law enforcement agencies and judiciary particularly outside the big cities like New Delhi, Mumbai and Bangalore.
Low conviction rate of cyber criminals in India is an area of concern in so far as strengthening the cyber security mechanism is concerned. Awareness programmes and educational campaigns need to be stepped up to bring home the importance of cyber security in all its manifestations, say experts. India, which lags behind Western countries in terms of putting in place latest genre tools to ensure cyber safety, is highly vulnerable to the attacks from cyber space for the simple reason that it boasts of more than 120-million active internet users. Further, with the electronic payments making rapid inroads in the country, threat of “economic damages” being inflicted from across the borderless cyber space has assumed serious dimensions. According to Karl Rauscher, Chief Technology Officer of the New York based East West Institute, the explosion of internet connectivity in India could very well become a double edged sword. “Since India is one of the top generators of spam in the world, it is particularly important for the network operators, service providers and government agencies to apply the best practices as applicable,” points out Rauscher. The dark spot of the Indian cyber security scenario is that India’s advances in the area of information technology and software services have not been harnessed to make the information networks in the country impervious to the cyber hacking.
Not surprisingly then there is a growing realization of the magnitude of the threat that India faces from cyber space and the need to ensure the safety of information networks, both civilian and defence. But then to face the cyber threat India would need to come out with a comprehensive and holistic cyber security policy that will be properly coordinated through a nodal authority. It is in the fitness of things that the National Security Council had taken a decision to create a permanent joint working group with the private sector to overcome cyber security challenges. In particular, the abuse and misuse of social media platforms to foment sectarian discontent has been amply illustrated by the panic migration of the North Easterners settled in various parts of the country in the wake of disturbances in Assam. All said and done, international cooperation and coordination is of paramount importance in warding off the threat from cyber space. For India’s cyber security continues to be a matter of grave concern for multinational enterprises and western governments alike.
Against this broad canvas, the Indian defence set up has felt the need for creating a full-fledged and well equipped cyber security command. Recent reports suggest that the three wings of the Indian service are seriously mulling the creation of a cyber command that would draw assets, resources and expertise from all the defence establishment of the country. But as of now, the structural nuances and operational philosophy of an Indian cyber command is far from clear. Whether it would be an independent entity or a part of the larger strategic command, the Indian defence set up should be clear in its vision before it gets green signal for the setting up of the cyber command. Further, the functional aspects of such a command should be articulated in a well defined manner to provide it with the “punch and power” it deserves. One important question that needs to be addressed is whether the Indian cyber command would draw on the expertise available in Indian IT companies and research organisations possessing expertise in the area of information network security.
While the immediate term focus of this proposed cyber command would be on protecting the high security information networks of the Indian defence forces, in the long run it should try to expand its scope to the civilian networks with a view to insulate the country as a whole against the multifarious threats emanating from cyber space. Of course, the Indian cyber command should in unison with the civilian agencies endeavour to protect the information networks and computer systems cutting across the structural jurisdictions. Similarly, the Indian cyber command should have expertise and resources to launch offensive operations. In this context, it could take a leaf out of the experience of the US cyber command.
By all means, the creation of an Indian cyber command should be taken up on a war footing by shunning lethargy and delay typical of the decision making process at the higher echelons of the military bureaucratic structure of the country. Of course, the setting up of the cyber command is just a small step towards the long journey of ensuring the cyber security in India in all its manifestations.
From the security perspective, India cannot remain a silent spectator to the lead China has taken in creating a hackers brigade. For in recent years, China based cyber warriors have become the most persistent source of a variety of cyber attacks experienced by a number of countries including India. Not long back, Chinese hackers are known to have used social networking sites to break into the computer networks of the Indian defence establishment. Among the institutions targeted by the Chinese hackers were the National Security Council Secretariat, 21 Mountain Artillery Brigade based in north eastern sector and Air Forces Station in New Delhi.
What is more, the computer systems being operated by the Indian military colleges were taken over by the elusive Chinese cyber spies. Some of the documents accessed by Chinese cyber warriors are known to have included secret assessments of security situation in north eastern India as well as Maoist uprising in parts of India. Following this, the Indian army directed its officials to keep away from social networking sites including Twitter, Facebook and Orkut. In particular, they have been asked not to post any sensitive and classified information including their posting location.
According to Norton Cyber Crime Report 2012, over 42 million net users in India became victims of cyber crime during 2011-12, suffering approximately US$8-billion in direct financial loss. As per this report, 66% of adults in India have been victims of cyber crime in their lifetime. “Cyber criminals are changing their tactics to target fast growing mobile platforms and social networks where consumers are less aware of security risks,” says Effendy Ibrahim, Internet Safety Advocate and Director, Norton(Asia).