Wars these days are proxy wars, direct or indirect, and the cyberspace has proved to be a fertile ground for such wars leading to the development of cyberwar
Dr Vishal Saraswat
Traditionally, a country’s military operations dealt with four domains: land, water, air, and space. But since a couple of decades, the advent of Internet and its growing penetration has changed the nature of war and introduced another domain in the military operations, cyber. The cyber domain is comprised of much more than just computers connected to a network. While the location of the users and the physical systems is part of the cyber domain, the cyberspace itself is beyond the three spatial dimensions, length, breadth and vertical, and the temporal dimension, time, and has become the inherent fifth dimension of battlespace. New dimensions keep being added to the battlespace with advances in human civilization, but the cyber-revolution is as epochal as the industrial
revolution, if not more.
War in Cyber Age
Until 20th century, military only worried about protecting its data and securing its communications (cryptography) and dealt with intercepting and interpreting the data of the adversary (cryptanalysis) while cyber-security was mainly in the domain of the software industry and dealt mostly with protecting computers and data from financial harm. In the 21st century the
cyber-attacks crossed from the digital world into our physical realm, for example, Stuxnet destroyed Iranian nuclear program in 2012. Now, cyber-security is not just about hacking, malwares, web defacements, email spoofing, identity thefts, and online financial frauds but also entails data theft, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, unauthorised access to critical infrastructures of the country, online surveillance and digital espionage.
Wars these days are proxy wars to a greater or lesser degree and the cyberspace has proved to be a fertile ground for such wars leading to the development of a new kind of war, cyberwar. Cyber warfare has the potential to avoid attribution or retribution, while attacking the
military installations’ critical infrastructure and communication networks to cause catastrophic effects that goes far beyond the loss of human lives. Keeping these in mind, in April 2015, President Barack Obama issued an Executive Order in which he stated “The increasing prevalence and
severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in
substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. I hereby declare a national emergency to deal with
India in Cyberspace
India is already among the most heavily cyber-attacked country today, second only to the United States. India has been victim to several cyberattacks that have not only compromised sensitive government and defence forces’ systems, but also caused loss of lives by propagating manipulated information. After the Assam violence in 2012, social media was used to propagate hate messages causing loss of many lives and the mass exodus of North East people from major cities in India. More recently, in early September, details about India’s top secret Scorpene submarine program were published online. On May 17, the cyber-security firm Symantec announced that a Chinese
cyber-espionage group called Suckfly had breached the systems of several Indian central government
departments including one which was responsible for implementing network software for different ministries and departments and had access to their information. A week later, on May 25, another cyber-security firm, Kaspersky Lab, announced that it had tracked at least one another Chinese cyberespionage group, called Danti, that had penetrated Indian government systems through India’s diplomatic entities.
Edward Snowden’s revelation also revelaed that different Indian networks have exposed the vulnerabilities in the existing cyber-security setup and defence mechanism. So, with an increasingly belligerent cyberspace, where do India’s cybersecurity measures stand up?
To deal with data protection and computer crimes, in 2000, the Indian government enacted the Information Technology Act, 2000, that defined cybercrime and established a Cyber Appellate Tribunal to resolve disputes The Act was amended to plug the
loopholes in 2006 and 2008, along with existing laws to make them compliant with technologies.
Banks under Threat
In 2004, the government established Vigilance Telecom Monitoring cells (VTM) to deal with clandestine telecom operations and security issues. These VTMs subsequently evolved into Telecom Enforcement, Resource and Monitoring (TERM) Cells to act as the technical interface between Security Agencies and Telecom Service Providers.
In 2004, a cyber crisis management plan was put in place and the Computer Emergency Response Team India (CERT-In) was formed as the nodal agency to deal with cyber security threats and strengthen the security of the Indian Internet domain. CERT-In maintains a national repository of cyber-attacks, like hacking and phishing, and analyses the attacks, traces the incidents, and profiles the attackers. It reports incidents, issues early warning and response, issues security guidelines and advisories, and develops preventive strategies. The defence establishment has already set up a sectoral CERT for itself. Railways and the power sector are also planning to have a CERT of their own.
In 2005, with an aim to create information security awareness and towards capacity building in the area of Information Security, the government approved the project Information Security Education and Awareness (ISEA). The ISEA project trains the government personnel, including non-IT professionals, legal and police personnel etc., regarding the pervasive nature and impact of cyber security on all walks of life. The project has launched non-formal modular/short-term knowledge-cum-skill oriented courses etc. for working professionals at all levels. Information Security curriculum is also introduced in classroom mode in formal courses like M.Tech./M.E./M.S., B.Tech/B.E., Post Graduate Diploma courses, etc. through academic institutions
The National Internet Exchange of India (NIXI) was established in 2003 to facilitate the routing of domestic Internet traffic through the peering the Indian Internet service providers (ISPs), rather than using servers in other countries. This reduced the chances of Indian data being
intercepted unlawfully by foreign agencies while allowing our agencies to monitor the traffic more efficiently.
Industry has also played its part in making the cyberspace secure. Data Security Council of India (DSCI) was established in 2008 by National Association of Software and Services Companies (NASSCOM). DSCI brings together government agencies, data protection authorities, regulators, industry associations from sectors including IT-BPM, BFSI and Telecom, industry associations, and think tanks for establishing best practices, frameworks, standards and initiatives in cyber security and is working towards capacity building in cyber security and cyber forensics through training and certification program for professionals and law enforcement agencies.
While the above agencies are more oriented towards civilian policing, the government established the Defence Information Warfare Agency (DIWA) in 2003 and the National Technical Research Organisation (NTRO) in 2004 to lead the nation’s offensive and defensive operations in the cyberspace. NTRO is a highly specialised technical intelligence gathering agency under the National Security Advisor in the Prime Minister's Office and acts as a super-feeder agency for providing technical intelligence to other agencies on internal and external security. DIWA is an information warfare agency under the operational control of the Defence Intelligence Agency (DIA), the nodal agency for all defence related intelligence, and handles all elements of the information warfare. DIWA frames the policies for cyber-wars, formulates counter-measures to enemy propaganda, and handles information manipulation and psychological operations.
The Way Ahead
The National Critical Information Infrastructure Protection Centre (NCIIPC) is already formulating guidelines and regulations for ensuring protection of protected systems and critical infrastructures and will be formally launched soon. The National Intelligence Grid (NATGRID) project is in works to integrate the intelligence grid connecting databases of core security agencies of the Government of India to collect comprehensive patterns of intelligence that can be readily accessed by intelligence agencies. NETRA (NEtwork TRaffic Analysis), a software network to intercept and analyse internet traffic on real time basis using pre-defined filters is to be deployed nationwide soon. A new Telecom Security Policy is in works. The National Cyber Security Policy 2013 draft is available and would be implemented soon. National Cyber Coordination Centre was also approved to co-ordinate the intelligence gathering activities of various agencies and to develop cybercrime prevention strategy, deliver cybercrime investigation training and review outdated laws.
While the government is moving in the right direction, we need to speed up and scale up the process. As the country becomes more networked, the avenues for a cyber-attack will multiply and the nation will need to continually reinforce the country’s cyber security framework and infrastructure and its related technologies in almost real time. The resources for this preparation are not readily available within the government and we need to include industry as partners on our team and build with industry a
foundation of trust and confidence in a cooperative manner. Their commercial and civil ventures give them a tremendous knowledge base and the insights and the skills needed to get the job done. Whenever the military has approached private partners for its various requirements, their support led to significant advances and saved critical time and precious resources. This time too, we need to bring in the industry’s talent and its expertise towards successfully defending and dominating the cyberspace. While large IT companies like TCS, Infosys, Wipro, Cognizant, and Mahindra are already contributing to the defence sector in many other ways, we need to involve these companies for our cyber-security needs too. Many smaller home grown start-ups working in cyber security may also be roped in for specific issues.
(The writer is a Cryptographer & Asst Professor at C. R. Rao Advanced Institute of Mathematics, Statistics and Computer Science, Hyderabad)