Addressing the silver jubilee function of the NAASCOM on March 1, Prime Minister Narendra Modi expressed concern over cyber security. Modi, perhaps of most tech-savvy politician in India, has reason to worry over the prospects of cyber warfare looming large on the globe. Leaders across the globe are grappling with the threat emanating from rapid advancement of cyber technology.
In his famous article in the Guardian in December 2013, Thomas Rid described cyber attacks as somehow separate from conventional warfare because they fail to meet all three of conventional definitions of war as violent, instrumental, and attributable to one side as an action taken for a political goal.
Therefore, he says, “cyber war has never happened in the past, it is not occurring in the present, and it is highly unlikely that it will disturb the future.”
His views sound too optimistic. For, today the world is so immersed in technology that activities in cyberspace have become inseparable from the everyday operations of business, education, government, and the military. Actions online affect actions offline, and vice versa. Thus, far from being separate from conventional war, cyber war is deeply embedded in contemporary military practices.
Cyber war, in fact, is part of the evolution of conventional warfare, which itself is linked to broader social and political change. It is no longer easy to imagine a confrontation that does not include some element of cyber-activity, such as surveillance or sabotage. After all, a cyber attack need not kill someone or cause major material damage to still be considered dangerous.
Moreover, understanding war in solely physical terms is an unnecessarily limited view. Consider, for example, nonlethal military tactics that fall under the broad category of strategic communication, which include psychological operations. States and militaries seeking to avoid unnecessary or disproportionate killing need to find other ways to influence potential adversaries and strengthen ties with allies. Strategic communication seeks to coerce enemies and sway allies and includes operations in peace as well as war.
Still, Rid is right to criticize the hype over cyber war. The hype must be tamed, but not to the point where it minimizes or ignores real and present dangers.
The best defenses against those threats should be built into everyday practices. That was precisely what the Prime Minister Modi exhorted in the NASCOM gathering.
Governments and businesses need to strengthen people’s understanding of cyber attacks and make cyberspace safer. But officials and ordinary people alike also need to learn to live with the threats. Decision-makers in the public and private sectors need to think strategically about how to organize cyber defenses in government, business, and the military. Such coordination is the only way to secure today’s Internet-dependent societies, even as waging cyber war still remains the business of the armed forces alone.
Two big nations--US and Britain--have already taken an initiative towards defence against looming cyber war. A rolling programme of transatlantic cyber “war games” is to be conducted by British and US intelligence agencies to test their resilience in the face of mounting global cyber-attacks.
British Prime Minister David Cameron and US President Barrack Obama, who talked on this issue recently in the White House, will announce that as a first step a simulated attack will be targeted later in the year at banks in the City of London and Wall Street.
The “war game” against the financial sector, which will be carried out in co-operation with the Bank of England and other financial institutions, will be coordinated by a new joint “cyber-cell” that will be established by the two leaders to share information.
The White House and Downing Street have placed the threat of Islamist extremists in Syria, Iraq and in Europe and the dangers posed by cyber-warfare - both from criminals and states - at the top of the agenda for their talks.
In a speech recently at the National Cyber Security Communications Integration Center, the US President spoke of the need for a “shared mission” involving the government and the private sector. Warning that most of the US’s “critical infrastructure” is owned by the private sector and run on networks connected to the net, the President said: “Neither the government nor the private sector can defend the nation alone. It is going to have to be a shared mission.”
The joint exercises and training of the next generation of cyber-experts is aimed at helping to ensure that the two nations have the capability to protect critical sectors like energy, transport and financial infrastructure from emerging threats. There is also a pressing need to put more pressure on the internet giants, such as Facebook and Twitter, to do more to cooperate with the intelligence agencies as they seek to monitor the communications of terror suspects.
India too will have to prepare itself to grapple with the growing menace of the cyber war in the right earnest.
Cyber warfare against India has always been confused with minor cyber breaches like websites defacements and cracking into e-mail accounts. India has also been very late in recognising the need for a robust cyber security.
Even the national cyber security policy of India 2013 was declared belatedly and it is still waiting for its implementation. India has no cyber warfare policy till date.
International legal issues of cyber attacks, cyber terrorism, cyber espionage, cyber warfare and cyber crimes in general and international legal issues of cyber attacks and Indian perspective in particular must be understood thoroughly by Indian government to fight against cyber warfare.
The Department of Information Technology created the Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India.
That year, there were 23 reported cyber security breaches. In 2011, there were 13,301. In 2011, the government created a new subdivision, the National Critical Information Infrastructure Protection Centre (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defence, space and other sensitive areas.
However, there is no public face of NCIPC and some experts believe that the centre has failed to materialise and perform its job. It was also reported that National Technical Research Organisation (NTRO) would protect the critical ICT infrastructures of India. However, critical infrastructure protection in India has its own challenges that Indian government has not appreciated till now.
The Executive Director of the Nuclear Power Corporation of India (NPCIL) stated in February 2013 that his company alone was forced to block up to ten targeted attacks a day. CERT-In was left to protect less critical sectors.
A high-profile cyber attack on 12 July 2012 breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP).
A government-private sector plan being overseen by the then National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intended to beef up India's cyber security capabilities in the light of a group of experts findings that India faced 470,000 shortfall of such experts despite the country's reputation of being an IT and software powerhouse.
In February 2013, Information Technology Secretary J. Satyanarayana stated that the NCIIPC was finalizing policies related to national cyber security that would focus on domestic security solutions, reducing exposure through foreign technology.
Cyber warfare consists of many different threats. These can be broadly divided into cyber espionage and cyber attack.
Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.
Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. The civilian realm is also at risk, as security breaches have already gone beyond stolen credit card numbers, and that potential targets can include the electric power grid, trains, or the stock market.
The computer network warfare is evolving so rapidly that there is a mismatch between technical capabilities to conduct operations and the governing laws and policies.
Cyber Command is the newest global combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space.
Examples of cyber warfare driven by political motivations can be found worldwide. In 2008, Russia began a cyber attack on the Georgian government website, which was carried out along with Georgian military operations in South Ossetia. In 2008, Chinese 'nationalist hackers attacked CNN as it reported on Chinese repression on Tibet.
Potential targets in internet sabotage include all aspects of the Internet from the backbones of the web, to the internet service providers, to the varying types of data communication mediums and network equipment. Computer hacking represents a modern threat in ongoing industrial espionage and as such is presumed to widely occur. Corporations around the world face millions of cyberattacks a day but most of these attacks don’t gain any media attention or lead to strong political statements by victims
The Internet security company McAfee stated in their 2007 annual report that approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.