Indian Defence Review

The recent cyber attack originating from Pakistan with regard to the exodus by the people of the northeast and the tepid response from the government are worrying causes for the people of the country. Worst is that our secret documents are being pilfered from India by joint efforts by Pakistan and China via cyber warfare. It seems that India has become a staging ground for Pakistan and other rogue powers as to how to hurt the democratic powers, leaving no trace behind. The evil experiments staged in India by jihadi elements (with pliant China) are duplicated across the globe in the UK and the USA.

No surprise, Nasscom’s report “Securing Our Cyber Frontiers” calls for strong cyber infrastructure to deal with online crime. The report also suggests designing and implementing a competency framework and setting up a Centre of Excellence for best practice in cyber security. Besides, it has called for establishing a cyber command within the defence forces. It is worth mentioning that even before the above-mentioned north-eastern episode, the government had been victim of cyber crimes with a number of its websites being hit by cyber attacks. Sachin Pilot, Minister of State for Communications and IT, had revealed that 112 sites including those of Planning Commission, the Finance Ministry and various state government agencies, were defaced by cyber attacks. The Defence Research and Development Organisation also stressed the importance for having more resources to control these cyber attacks in near future. Against this backdrop, it is mandatory on part of the government that it must raise its vigilance especially the cyber intelligence against the disruptive forces coming from abroad and as well as home grown.

Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multilayered initiatives and responses. It is a challenge for governments because different domains are typically administered through siloed ministries and departments. The task is made all the more difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators. The rapidity in the development of Information Technology (IT) and the relative ease with which applications can be commercialised has seen the use of cyberspace expand dramatically in its brief existence.

In less than two decades, advances in information and communications technologies have revolutionised government, scientific, educational, and commercial infrastructures. Powerful personal computers, high-bandwidth and wireless networking technologies, and the widespread use of the Internet have transformed stand-alone systems and predominantly closed networks into a virtually seamless fabric of interconnectivity. The types of devices that can connect to this vast IT infrastructure have multiplied to include not only fixed-wired devices but mobile wireless ones. A growing percentage of access is through always-on connections, and users and organisations are increasingly interconnected across physical and logical networks, organisational boundaries, and national borders. As the fabric of connectivity has broadened, the volume of electronic information exchanged through what is popularly known as cyberspace has grown dramatically and expanded beyond traditional traffic to include multimedia data, process control signals, and other forms of data. New applications and services that use IT infrastructure capabilities are constantly emerging.

The IT infrastructure has become an integral part of the critical infrastructures of the country. The IT infrastructures interconnected computers, servers, storage devices, routers, switches, and wire line, wireless, and hybrid links increasingly support the functioning of such critical national capabilities as power grids, emergency communications systems, financial systems, and air traffic- control networks. The operational stability and security of critical information infrastructure is vital for economic security of the country.

Against this back ground it is worth mentioning that the threat of terrorism has posed an immense challenge in the post-Cold War period. Terror attacks in major cities, towns and tourist resorts across the globe have demonstrated the inadequacy of the State mechanisms to address this challenge. Serious attempts have been made by nations to address this challenge by designing counter-terrorism strategies and anti-terror mechanisms. However, most of these are designed in a conventional paradigm, which might be effective in a conventional terror attack. However, there are limitations when it comes to a terror attack of an unconventional nature.

IT has exposed the user to a huge data bank of information regarding everything and anything. However, it has also added a new dimension to terrorism. Recent reports suggest that the terrorist is also getting equipped to utilise cyber space to carry out terrorist attacks. The possibility of such attacks in future cannot be denied. Terrorism related to cyber is popularly known as cyber terrorism.

In the last couple of decades India has carved a niche for itself in IT. Most of the Indian banking industry and financial institutions have embraced IT to its full optimization. Reports suggest that cyber attacks are understandably directed toward economic and financial institutions. Given the increasing dependency of the Indian economic and financial institutions on IT, a cyber attack against them might lead to an irreparable collapse of our economic structures. And the most frightening thought is the ineffectiveness of reciprocal arrangements or the absence of alternatives.

It is high time, therefore, that an understanding of the nature and effectiveness of cyber attacks making an effort to study and analyse the efforts made by the country to address this challenge and highlight what more could be done.

As the nation became successful in unearthing terrorist networks involved in the recently carried-out terror attacks, the most outstanding feature was the use of the tools of the information age like emails, cell phones, satellite phones etc to stay connected. The worrying aspect was the use of modern gadgets bringing out that the terrorist is not only obsessed with IEDs and AK-47 but has also mastered the use of laptops and tablet PCs to give finesse to his nefarious designs. As terrorist organisations realise its capability and potential for disruptive efforts at lower costs they will become more and more technology-savvy and their strategies and tactics will have a technological orientation. Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear, attacks that lead to death or bodily injury, explosions, plane crashes, water contamination or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism depending upon their impact.

This is one of the most comprehensive definitions of cyber terrorism. But even this has a limitation. It states that for an attack to qualify as a cyber attack it should incite violence. This is more conventional. Terrorist may direct an attack only to disrupt key services; If they create panic by attacking critical systems/infrastructure there is no need for it to lead to violence. In fact, such attacks can be more dangerous. The most popular weapon in cyber terrorism is the use of computer viruses and worms. That is why in some cases of cyber terrorism it is also called computer terrorism. The attacks or methods on the computer infrastructure can be classified into three different categories. (a) Physical Attack: The computer infrastructure is damaged by using conventional methods like bombs, fire etc. (b) Syntactic Attack: The computer infrastructure is damaged by modifying the logic of the system in order to introduce delay or make the system unpredictable. Computer viruses and Trojans are used in this type of attack. (c) Semantic Attack: This is more treacherous as it exploits the confidence of the user in the system. During the attack the information keyed in the system during entering and exiting the system is modified without the users knowledge in order to induce errors,

Cyber terrorism is not only limited to paralysing computer infrastructures but it has gone far beyond that. It is also the use of computers, Internet and information gateways—to support the traditional forms of terrorism like suicide bombings. Internet and email can be used for organising a terrorist attack also. Most common usage of Internet is by designing and uploading websites on which false propaganda can be pasted. This comes under the category of using technology for psychological warfare.

Tools of Cyber Terrorism 

Cyber terrorists use certain tools and methods to unleash this new age terrorism. These are—(a) Hacking: This is the most popular method used by a terrorist. It is a generic term used for any kind of unauthorised access to a computer or a network of computers–some ingredient technologies like packet-sniffing, tempest attack, password cracking and buffer outflow facilitates hacking. (b) Trojans:

These programmes pretend to do one thing while actually they are meant for doing something different, like the wooden Trojan Horse of the 1z’ Century BC. (c) Computer Viruses: It is a computer programme, which infects other computer programmes by modifying them. They spread very fast. (d) Computer Worms: The term ‘worm’ in relation to computers is a self-contained programme or a set of programmes that is able to spread functional copies of itself or its segments to other computer systems usually via network connections. (e) E-Mail Related Crime: Usually worms and viruses have to attach themselves to a host of programmes to be injected. Certain emails are used as host by viruses and worms. E-mails are also used for spreading disinformation, threats and defamatory stuff. (f) Denial of Service: These attacks are aimed at denying authorised persons access to a computer or computer network. (g) Cryptology: Terrorists have started using encryption, high frequency encrypted voice/data links etc. It would be a Herculean task to decrypt the information terrorist is sending by using a 512 bit symmetric encryption.

Cyber Threats 

Cyber threats can be categorised based on the perpetrators and their motives, into four parts: cyber espionage, cyber warfare, cyber-terrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to perpetrate these acts. They exploit the weaknesses in software and hardware design through the use of malware. Distributed Denial-of-Service (DDoS) attacks are used to overwhelm the targeted websites. Hacking is a common way of piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day.

Cyber Warfare

There is no single definition of cyber warfare but it has been emphasised that states may be attacking the information systems of other countries for espionage and for disrupting their critical infrastructure. The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported. Although there is nothing that made one believe about the involvement of a state in these attacks, it is widely believed that in these attacks, non-state actors (e.g. hackers) may have been used by state actors. Since these cyber attacks, the issue of cyber warfare has assumed urgency in the global media. The US has moved swiftly and set up a cyber command within the Strategic Forces Command and revised its military doctrine. In the latest official military doctrine, the US has declared cyberspace to be the fifth dimension of warfare after land, air, oceans and space, and reserved the right to take all actions in response, including military strikes, to respond to cyber attacks against it. It is almost certain that other countries will also respond by adopting similar military doctrines.

The issue whether cyber attacks can be termed acts of warfare and whether international law on warfare applies to cyber warfare is being pondered upon grimly. Multilateral discussions are veering around to debating whether there should be rules of behaviour for state actors in cyberspace. The issue becomes extremely complicated because attacks in cyberspace cannot be attributed to an identifiable person and the attacks traverse several computer systems located in multiple countries. The concept of cyber deterrence is also being debated but it is not clear whether cyber deterrence can hold in cyberspace, given the easy involvement of non-state actors and lack of attribution.

However, a debate is going on between those who believe that cyber warfare is over-hyped and those who believe that the world is heading towards a cyber Armageddon. Both sides have valid arguments, but even as that debate continues, cyber warfare as a construct has become inevitable because the number of countries that are setting up cyber commands is steadily growing. These commands have been accompanied by efforts at developing applicable military doctrines. There is, therefore, a pressing need to think about norms for cyber warfare, whether the laws of armed conflict (LOAC) can be adapted to cyber warfare, and how principles like proportionality and neutrality play out in the cyber domain. Current rules of collective security such as Art. 41 of the UN Charter and Chapter 7 are found wanting in the context of cyber warfare, particularly when it comes to the rapidity of cyber attacks, and the inordinate time it takes for decision making and action under these rules.