Build cyber bulwarks

As the Republic of India turns 60 today, it is pertinent to ask if a repeat of 26/11 is already under way, this time as a cyber-offensive? The portents are disturbing. In China, the Internet company Google is reportedly making plans to move out of the country after electronic mail accounts of human rights activists were allegedly targeted in cyber attacks from official Chinese sources. In India, there are reports about the collapse of the air traffic control radar system for several hours at New Delhi’s busy Indira Gandhi International Airport, crippling the country’s premier nodal centres for an appreciable period, while “systems crashes” have become a regular phenomenon at airline and railway reservation counters as well as banks. A number of reasons are periodically put forward for these failures, but the common factor in all these is the existence of malfunctioning computer networks.

The Prime Minister’s Office has recently denied reports about attempts to hack into its computer systems, saying that no sensitive information had been illegally accessed, but the news stories on the subject persist. There had been earlier reports of such hacking attempts from portals located as distant as in California, Russia and Brazil, while a spate of similar reports in 2008 about the alleged cyber penetration of computer networks in the ministry of external affairs led to a flurry of denials. The sources of these incidents involving Indian government networks were allegedly located in the People’s Republic of China.

Are there more to these intermittent mishaps than meet the eye, and could these sporadic cyber incidents be hostile action probing India’s cyber firewalls? Such conjectures can certainly be dismissed as farfetched and hyper-imaginary, or could there just possibly indeed be something gathering out there in cyberspace? India’s setbacks, whether at Kargil in 1999 or Mumbai’s 26/11, were attributed to “intelligence failure”. Do we have adequate information about the implications of these cyber incidents, or is the country heading for another “intelligence failure”?

Cyberwarfare is a slow poison silently administered by non-attributable, physically non-intrusive ninjas, largely non-detectable, except by highly specialised agencies. In a “hot peace” environment of proxy wars and plausible deniability, cyberwarfare offers an attractive non-invasive strategic alternative. It can be covertly originated from cyber-portals in third countries as “murder with a borrowed sword”, about which the involuntary host countries may be genuinely unaware. Cyberattacks enhance the overall disruptive impact of terrorist actions, and like other forms of terrorism, prefers soft targets which are generally totally open to even the most rudimentary forms of intervention.

Military cyber facilities and systems are important targets, but at the overall national level it is the almost totally unprotected and vulnerable public cyber systems which constitute the critical strategic targets for disruption. These include the networks controlling financial, transportation, medical, administrative and other public support systems, whose crash would bring the entire nation literally to a standstill and make governance totally non-functional. This is particularly so in India, where awareness is almost totally lacking in the general public domain about cyber threats and the need for protective security.

Even where there is some degree of awareness, it is limited to theoretical aspects and its practical applications are highly inadequate. Efforts to develop such capabilities are disjointed and sporadic. A national cyber security policy must be formulated and disseminated at the earliest. There are deficiencies in organisation, and a need for trained and experienced personnel along with the requisite technical equipment.

China, on the other hand, is one of the leading countries in the world in defensive and offensive cyberwarfare, designated “computer network operations” (CNO) by the People’s Liberation Army (PLA), which has formulated its operational doctrine of “Integrated Network Electronic Warfare” — synergising CNO and electronic warfare. This is integrated into the PLA’s core military strategy of “local wars under conditions of informationalisation” — propagated for future conflicts, which are visualised as border wars to reclaim territories historically considered as Chinese. Among the potential flashpoints in such an eventuality are the disputed areas along the Sino-Indian border, most particularly Arunachal Pradesh, India’s “Land of the Rising Sun”, recently reappropriated by China as “Southern Tibet”. China’s organisations for cyberwarfare have in effect returned to the country’s Maoist roots of “people’s war, incorporating faculties and facilities of civil universities and academic institutions to create armies of amateur cyberwarriors, a “people’s militia” of academics and talented amateurs organised to undertake offensive cyber campaigns. Their primary task is hacking into targeted networks, either to gain information or to deface the sites, a gigantic effort whose full dimensions are as yet unknown. Some estimates put them as a corps of over 3,00,000-4,00,000 dedicated hackers supported by government and academic resources.

Cyber attacks are almost tailormade for Pakistan’s “long war” proxy operations against India, with a definite possibility of covert coordination with China. Skirmishes in cyberspace between Pakistani and Indian hackers have been reported, and there have been “hits” on Indian networks.

Although belated, there appear to be stirrings of comprehension within India on the potential threats of cyberattack. The country is claimed to be a powerhouse in information technology, but even over 62 years after Independence these remain confined to software, without any corresponding strengths in hardware, especially in the critical strategic area of manufacturing electronic chips. Due to this single basic deficiency, India’s information technology capabilities are highly asymmetric, almost totally dependent for vital components on foreign sources located in Taiwan, South Korea and the People’s Republic of China. There is nothing in place in this country even remotely resembling the planned harnessing of knowledge power into a comprehensive cyberwarfare “people’s militia” like China’s. India’s defence services are well behind their Chinese counterparts in development of integrated joint service cyberwarfare capabilities.

On Republic Day 2010, the country’s strategic and scientific community must take serious stock of our cyberwarfare capabilities, which remains an underexplored dark continent and a gaping void in national security.

Gen. Shankar Roychowdhury is a former Chief of Army Staff and a former Member of Parliament