Indian Defence Review

Cyberspace is a vast, complex and rapidly changing battle space. The key to prevailing in a hostile cyber space environment may lie in the ability to generate a comprehensive picture of that environment. In the kinetic realm, the “fog of war” is a term derived from Clausewitz referring to uncertain knowledge about the adversary, and the position and activities of the own forces in the midst of an operation. While situational awareness is a major challenge already in traditional warfare, the ‘fog of cyber war’ may well be so thick that it could become the primary impediment to victory. Thus, developing the techniques and tools for cyber situational awareness would be paramount to achieving strategic, operational or tactical advantage in this novel domain.

In January 1982, President Ronald Reagan approved a CIA plan to sabotage the Soviet Union’s economy through covert transfer of technology that contained hidden malfunctions including software that later triggered a huge explosion in a Siberian natural gas pipeline1.The result was the most monumental non-nuclear explosion and fire ever seen from space2.

In a 1983 episode that dramatically raised Cold War tensions, Soviets took out a Korean plane Flight 007 carrying a US Congressman Lawrence McDonald of Georgia. After the plane entered prohibited Soviet airspace, a Soviet fighter jet blew it out of the sky3. Another Korean Air Lines plane flying within a few minutes of Flight 007 had four US Senators onboard4.

Different variants of Stuxnet targeted five Iranian organisations, with the probable target widely suspected to be uranium enrichment infrastructure in Iran. Symantec noted in August 2010 that 60 per cent of the infected computers worldwide were in Iran. Siemens stated that the Iranian nuclear programme, which uses embargoed Siemens equipment procured secretly, has been damaged by Stuxnet. On June 01, 2012, an article in The New York Times said that Stuxnet is part of a US and Israeli intelligence operation called “Operation Olympic Games”. Started under President George W. Bush, it was expanded under President Barrack Obama and is part of a US-Israeli intelligence operation.5

Introduction

It has been endeavoured to disaggregate complicated cyber technical jargon but at the same time graduate the general readers from anecdotal understanding to informed awareness. It is more difficult to gauge the intent and destruction ability of an electron than it is to gauge the intent and destruction ability of a tank. The aim is to simply put across to the political, military, corporate leadership and social scientists the perils and unimaginable costs thereof to national security and interests, of ignoring the threats lurking in cyberspace. The failure of imagination today on the part of leadership will tomorrow lead to catastrophic failure of intelligence spiraling nation states into black holes.

The world powers have moved over from waging war for land, control of sea, superiority of air, dominance in space to capture of cyberspace for controlling human minds and actions. Cyberspace6 is a global and dynamic domain subject to constant change, characterised by the combined use of electrons and electro-magnetic spectrum, whose purpose is to create, store, modify, exchange, share, extract, use, eliminate information and disrupt physical resources7. Oxygen is a source of life for human beings and cyberspace has become their soul.

Cyberspace encompasses and overrides virtually all human activities viz communications, airspace control, avionics, commerce, banking, corporate finance, electric power grids, water management, hydro-electric dams, gas pipelines, refineries, nuclear plants, weapon guidance and social networking. Cyberspace is increasingly becoming a theatre of conflict to dominate political, economic, military and social domains. The ability to master the generation, management, use and manipulation of activities in cyberspace has become a highly desired power resource in international relations. From a nuclearised world we are now evolving into a cyberised world.

Cyberised world has brought about a new type of clear and present danger – cyber war. A nuclear strike destroys, annihilates and vapourises living and non-livings beings; a cyber strike manipulates spirit, soul and life of living beings. Nuclear arsenal are threats in being, rarely if ever used whereas cyber weapons are being used routinely by states and non-state actors against friends and adversaries alike; most victims being oblivious to the threat and damage it is causing and dangers of impending cyber explosion.

Since information technology and the internet have developed to an extent to become a major instrument of national power, cyber war has become the drumbeat of the day as nation states are arming themselves for the cyber battle space8. Through cyber war, control and manipulation of human minds of population of target countries is aimed to be achieved to attain political objectives and national interests.

Due to the increasing reliance on technology in both civil and military sectors, vulnerability to cyber attacks increases exponentially. In countries with rapidly growing economies like China that currently invest heavily in offensive technology, the outcome of a potential cyber war might already be determined9. China’s Cyber Warfare Doctrine is designed to achieve global ‘electronic dominance’ by 2050. This doctrine includes strategies that will disrupt financial markets, military and civilian communications as well as other parts of the enemy’s critical infrastructure prior to the initiation of conventional military operations. China’s estimated cyber warfare budget is $55 million and cyber workforce is 10,000 plus10. Given China’s propensity to build military prowess through huge annual defence budget and stated cyber warfare doctrine, this is a gross under estimation.

The US and Russia are far advanced in cyber warfare closely followed by EU, Koreas and other developing economies. Russia has demonstrated her capabilities in cyber warfare many times over in the past and has gained considerable experience and developed expertise in cybercraft. In April-May 2007, Russia had subjected Estonia to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks and companies11.

Russian attacks against Georgia’s internet infrastructure began as early as July 20, 2008, with coordinated barrages of millions of requests known as Distributed Denial of Service (DDOS) attacks that overloaded and effectively shut down Georgian servers before conventional military intervention12. Early this year, Russia had even launched a spate of sophisticated and coordinated cyber attacks on Ukraine, which crippled communications networks and overwhelmed government websites13. Nation states or non-state actors, which do not have in-house cyber technology, wherewithal or expertise have an option of outsourcing cyber attack tools or engage cyber mercenaries.

Russian Business Network (RBN) is one such organisation which is physically based at St. Petersburg in Russia. RBN has developed partners and affiliate marketing techniques in many countries to provide a method for organised crime to target victims internationally14. Cyberspace is increasingly being characterised with elements as equivalents of robbers, criminals, intellectual property thieves, sea pirates, mercenaries, terrorists, saboteurs, religious groups15 and commercial espionage among other destructive and criminal elements.

Along with evolution of cyberspace and the increasing dependence of the world on, cyber warfare, methods, techniques and players are also proliferating exponentially. No nation can afford to insulate itself from the impending threats from friends and foes alike, as proverbially, in international arena as well as in cyberspace “there are no permanent friends or enemies but permanent national interests”. Therefore, creatively preparing for the cyber situation or line of attack “that has not happened yet” is mandatory.

Cyber Threats and Vulnerabilities

Cyberspace consists of a maze of inter-connected computers through servers and routers over terrestrial cable networks and space based satellites. The networks transcend national boundaries. There is no definable beginning or end, entry or exit points as cyberspace is in continuum. Reliance on cyberspace is only increasing. It is a logical prediction that as network connectivity and dependency on the internet increases, the number and the overall disruptive effect of vulnerabilities and exploits will also increase. Cyber threat can manifest itself in a variety of ways i.e. viruses, worms, zero day exploits, Trojan Horses incapacitating systems as under:

• Internet: Root servers, Domain Name Servers and central servers operated by Internet Service Providers.
• Telecommunications infrastructure. Non-discriminatory spread of viruses, worms, software exploits infecting email servers and application software all the way to vulnerabilities at the end-user level.
• Embedded Real Time Computing. Avionics, Supervisory Control And Data Acquisition (SCADA) systems controlling physical plants such as hydroelectric dams, power grids and pipelines
• Dedicated Computing Devices. Desktop computers particularly those always on16.

The cumulative impact of long term exposure to these exploitative vulnerabilities can be debilitating on people and their trust in the system apart from potential danger and threat of physical disruption and destruction.

Cyberspace provides anonymity to the criminals and mischief mongers. Non-state actors can gain asymmetrically in cyberspace by inflicting damage on vulnerable targets; the virtual terrain of cyberspace is said to favour offence because cyber attacks are inexpensive and conducting them rarely has consequences. A cyber attacker can choose to remain anonymous as attribution and possibility of tracing the origin of attack is extremely difficult if not impossible. In addition to hiring or sponsoring cyber warfare “agents,” a nation-state can spoof or conceal the origin of the digital “hops” through cyberspace in conducting an attack.

Current technology permits a variety of methods to conceal points of origin. Such “laundering” techniques by masking the origin of the attack tend to weaken conventional deterrence predicated on the threat of swift and accurate retaliatory response17.

There are innumerable instances worldwide wherein cyber intrusions have taken place in critical Infrastructure (air space control, dams, power grids, water management, nuclear plants, gas pipelines), Financial and Banking Sector as well as Military and National Security Sector. As of now these attacks have caused substantive financial loss and considerable annoyance to the victims. Technology is accelerating virtually at the speed of light and days are not far when the bar of losses will be raised to unacceptable limits.

Cyber Battlefield18

Cyberspace is a vast, complex and rapidly changing battle space. The key to prevailing in a hostile cyberspace environment may lie in the ability to generate a comprehensive picture of that environment. In the kinetic realm, the “fog of war” is a term derived from Clausewitz referring to uncertain knowledge about the adversary and the position and activities of own forces in the midst of an operation. While situational awareness is a major challenge already in traditional warfare, the ‘fog of cyber war’ may well be so thick that it could become the primary impediment to victory. Thus, developing the techniques and tools for cyber situational awareness would be paramount to achieving strategic, operational or tactical advantage in this novel domain19.

The cyber battlefield, figuratively speaking, is littered with players having supply chain and vendor access, remote access, proximity access and insider access. All of these are resources and assets as well as threats and vulnerabilities, depending upon the side of the fence you are on. Whether these are friendly or adversarial in ever changing international dynamic equations is a matter of decision by the national political, military and corporate leaders in sync with cyber leadership.

It follows from the above that a sound and well thought out doctrine and implementable strategy with clearly defined timelines needs to be promulgated by national political, military, corporate and cyber leadership to dominate the cyber battlefield. It demands investment in terms of time, intellect, super cyber skills and above all imagination and creativity as hackneyed approach is a surefire recipe for disaster in the cyber battlefield.

Cyber warfare involves units organised along nation – state boundaries, in offensive and defensive operations, using computers to attack other computers or networks through electronic means. Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks20.

Cyber Doctrine and Strategy

It is a matter of serious debate and deliberations among national political, military, corporate and cyber leadership to cull out Doctrine and Strategy. But a simple one liner is, “When you got to shoot…shoot, don’t talk.”

In doctrinal terms, the national aim must be to dominate cyberspace given the skill sets available within the country and with the Indian diaspora. An achievable time frame needs to be defined.

Cyber strategy can be framed on timelines defined by goals desired to be achieved, resources and capabilities available/planned and ways to achieve goals in a systematic planned manner, coupled with risk and cost analysis.

Cyberspace favours the attacker. Be ‘the first and the fastest’ to strike. In doing so, attack first or act rapidly to stop the opponent’s strike or be in a position of dominance to react before being struck by the opponent. The strategy is to trigger strikes from multiple platforms with diverse levels of ferocity to overwhelm the opponent in a flash incapacitating him to think coherently. The strikes on critical infrastructure need to be calibrated to a fine tuned control, raising the bar at will (inflicting causalities or visible economic losses or physical destruction of critical infrastructure through remote control), till intended national objectives are achieved viz. return of disputed territory or return of fugitive sheltered by the opponent nation.

The offensive strategy is coupled with active defence strategy or attack prevention whereby the opponent’s cyber weapons and weapons of mass destruction are infected with malware to redirect them to launch sites itself, thereby halting the response and reaction at the source. In order to achieve the results from above possible strategy there is a need to be imaginative and creative on the part of national political, military, corporate and cyber leadership.

Cyber Targets

The human mind is the prime and basic target of any cyber offensive. Targets need to be classified carefully according to a well defined strategy for execution. Careful pre-strike planning and long-term investments in reconnaissance and covert penetration into enemy systems for target selection, are mandatory. Pre-requisite to success in attack and protection is keeping targets under surveillance for updating and assigning the right type of weapons system in a dynamic manner.

Strategic Targets

Vital infrastructure falls into this category. The control, degradation or destruction of such targets confers immediate and visible strategic advantage to the attacker. Nuclear assets, long-range nuclear or conventional weapon systems, air space control and defence systems, rail transportation system, power grid, water supply and sewerage systems including dams and reservoirs, gas and fuel pipelines and storage systems compete to be classified as strategic targets.

The severity of the attack will determine the visible impact on human minds and decision makers e.g. destruction or flooding due to control of dams will severely destroy human life, cattle stock and property compounded by disabling of health and rescue services, mixing of sewage with drinking water supply will choke cities to standstill, explosion in gas and fuel pipelines will disrupt transportation systems apart from shock and awe of the explosions.

Operational Targets

Critical infrastructure falls into this category. The impact of the attack is not instantaneous but appears soon enough. The control, degradation or destruction of such targets confers operational advantage to the attacker and belies the trust of the population in the government. Telecommunication systems, banking and financial infrastructure, ports and harbours, military command and control systems and aircraft avionics could be classified as operational targets. Immobilising mobile phones, social networking sites, degradation of avionics of civil airliners will prevent take off, worse still – those airborne may crash, thereby, having a debilitating effect on the population.

Tactical Targets

Routine infrastructure falls into this category. The control, degradation and destruction of such targets confer an advantage to the attacker. Targets are government services, police, judiciary, logistics supply chain, production industry and agriculture industry. Degradation and disruption of these targets will cause economic loss and would only be visible to the public much later.

The above targets can be further categorised depending on the spread of impact geographically of control, degradation or destruction in local (a few cities), states and national.

The classification and categorisation of targets facilitates cyber warfare planners and executors to keep targets under surveillance, monitoring and updating. More importantly, decision for cyber weapons assignment and the degree and level of attack to be launched becomes swift.

Cyber Weapons

The most lethal, invisible, untraceable and destructive cyber weapons are ironically produced and inserted at the production stage itself in the computer hardware and software industry. Nations producing cyber hardware and software therefore have a definitive edge in all spheres of cyberspace.

Cyber weapons just like guided missiles have three basic components – the delivery vehicle, the navigation system and the payload21. The payloads act as per the command and control instructions embedded therein viz. send back information through back doors, incapacitate a system on a given command from remote location or at a predetermined time, choke the system with malicious code multiplying itself causing catastrophic failure.

The Delivery Vehicle

Among the many methods of delivery of payloads are insertion of the Trojan Horse22 ideally at the factory premises itself, emails embedded with malicious codes, websites with malicious links and downloads, wireless code insertion transmitted on radio or radar frequencies, manual delivery through hacking, delivery through proximity access (wi-fi or wi-max), insertion through Insider Access or Sleeper Cells particularly in SCADA23 systems, counterfeit hardware, software and electronic components can also be used as delivery vehicles.

The Navigation System

System vulnerabilities are the primary navigation systems used in cyber weapons. Vulnerabilities in software and computer system configurations provide entry points for the payload. These security exposures in operating systems or other software or applications allow for exploitation and compromise. This enables unauthorised remote access and control over the system24.

The Payload

A payload could be a programme that copies information off of the computer and sends it to an external source. It can also be a programme that is altering and manipulating information stored in the system. It can enable remote access so that the computer can be controlled or directed over the internet or through proximity or insider access. A ‘bot’– a component of a botnet25 – is a good example of a payload that makes possible the remote use of an IT system by an unauthorised individual or organisation26.

Nations are becoming increasingly vulnerable to cyber attacks that could have catastrophic effects on critical infrastructure as well as severely damage national economies. Cyber attacks can be launched at will using a variety of cyber weapons with different yields (desired effect) on diverse targets to achieve goals set by nation states and non-state actors alike.

Cyber Attacks

The RAND Corporation recently warned, “Osama bin Laden’s Egyptian followers can immediately cripple the information infrastructure of Russia and India27.” The consequences of an attack “through the wires,” and the degree of potential disruption, will often hinge on the pervasiveness and therefore importance of the network impaired by the attack – national versus regional, local or municipal in scope.

Israel is believed to be behind ‘kinetic’ (destructive to real-world objects) Cyber attacks on energy facilities in Saudi Arabia and Qatar as well as Distributed Denial Of Service (DDOS) attacks on several American Banks. This constant threat of attack has led to the establishment of some of the best military intelligence organisations in the world; the best of the best being Unit 8200 of Israel28.

The aims and objectives of cyber attacks are dependent on the motivation of the attacker. It may be driven by provocation to settle old scores; by perceived grievance against an adversary to make an adversary capitulate; to establish own writ; as a pre-emptive protective shield against an established adversary or to purely establish cyber dominance and superiority. Therefore, the type and intensity of attack will be dictated by the aims, the resources available, and the risk and cost analysis among others.

The popular media discuss a Digital Pearl Harbour in which an adversary would attack the internet, dismembering the cyberspace “backbone” plunging the economy into chaos. Some of the types of cyber attacks launched in the past decades and likely in the future with varying degrees of sophistication and intensity is enumerated here.

Bold and Direct

The origin and source of attack directly or in a subtle manner is made known to the adversary. The aim is generally punitive and retaliatory with a view to enforce the attacker’s will through a show of strength. The potential of causing physical damage and economic loss through dominance in cyberspace is demonstrated to the opponent. The weapons chosen are such that the impact is either local or regional.

Subtle and Calibrated

The aim is slow cyber poisoning of an adversary or friend by masking the identity of the attacker to achieve national mid or long term objectives. The idea is also to slowly prepare the cyber ground to launch the ultimate cyber attack achieving total surprise on the day of reckoning. It is a slow and gradual process of recce and surveillance followed by cyber infection by stealth particularly in closed networks, those not connected to internet and air gapped, to ensure that no stakeholder in the network is disturbed and becomes suspicious. It takes the form of data theft, business espionage, insertion of Trojans, opening backdoors, rewriting software commands, positioning insider access and proximity access resources in vital infrastructure among others. Cyber craft is used imaginatively and creatively to instigate conflict between political factions, harass disfavoured leaders and entities or influence decision making or even the outcome of elections at various levels.

Combination of Bold and Subtle

This method inherits the advantages of both i.e. turn the cyber tap on or off at will and keep the cyber throttle under control. It gives the cyber attacker an overwhelming strategic advantage to choose the point, place and time of attack to catch the opponent totally off guard. In the final attack the weapons chosen are such so as to dismember the cyberspace backbone, plunging the economy and critical national security infrastructure into chaos and putting the nation state at the risk of its existence itself.

The success of any of the above stated methods of cyber attacks is dependent fully on the highest degree of preparedness, meticulous planning and precise execution. More importantly, national will and understanding to dominate the cyberspace, which supports freedom of action in all other domains and denies freedom of action to adversaries.

Cyber Protection

Cyber protection includes response to cyber assault incidents to mitigate, investigate, monitor, detect and identify the source of attack. Cyberspace is an open domain with no frontiers or boundaries. It is open to any and every one and if a user chooses to remain anonymous, can do so with ease. An attacker can remain untraceable as attribution – determining the source, location, and the identity of an attacker is extremely difficult for both technical and non-technical reasons. Smart hackers hide within the maze-like architecture of the Internet. Those with sufficient technical skill can remain anonymous at will. The most sophisticated cyber attack or exploitation may never be discovered.

Just like nuclear deterrence, cyber deterrence also does not work. And this situation is not likely to change soon; it is a systemic aspect of the internet, not a simple problem that can be fixed. Thus, states face the prospect of losing a cyber conflict without knowing the identity of their adversary. This is particularly true of the recent attacks that are suspected to have been committed by China, Russia, and North Korea29.

Cyberspace favours the attacker. Therefore, cyber protection has to be fashioned imaginatively and creatively for active defence strategy thereby stopping the attacker at the source itself. In essence, either one acts first to stop the opponents’ actions, or one must be in a position to react before being struck by cyber assaults of the opponent. It, therefore, is a sound strategy that opponents’ cyber or kinetic weapons should be infected with malware to redirect them to launch sites.

Cyber Structure

Innumerable cyber organisations under different ministries with diverse mandate and often overlapping charters are existing. These are either working at cross purposes or engaged in wasteful turf wars. Some interact, meet, debate, exchange and pursue policies which without a national cyber doctrine and a well-stated cyber strategy. The effort is in vain as it may not be in synergy with the government’s focus or thrust and thus, unexploitable.

A well-stated national cyber doctrine and strategy with well-defined objectives in definitive achievable timelines, after allocation of matching resources with freedom of use and accountability to deliver, can only be successful. Furthermore, any intervention by audit organisations, that have not moved on from ‘bricks and mortar’ mindset to ‘bits and bytes’ thinking, is an invitation to national cyber disaster.

A possible coherent structure for cyber warfare could be directly placed under the Prime Minister as Executive Head with operational command delegated to the Defence Minister. It could be designated as Cyber and Nuclear Warfare Command (CNWC). It could comprise Cyber Command (CC), CDS, ISRO, SFC, DRDO, NTRO, R&AW and CII. The hierarchical chain of existing organisation could be severed and re-aligned to ensure resolute operation directly under the PM through the National Security Adviser who could be of Cabinet Rank. Many existing cyber entities could be subsumed in CC. The responsibility of CC would be to establish complete cyber dominance in the world.

CC could have a structure tailored and responsible for the continents and specific group of countries. Thus it could be sub divided into divisions, groups, units and entities with resources, tasks and responsibilities of identifying cyber targets, carrying out surveillance and monitoring, assigning cyber weapons to designated targets and undertaking active cyber defence of the nation and national assets worldwide and launch cyber assaults as the situation develops.

National Cyber Will

Political, military, corporate and industry leadership and social scientists need to understand that to unleash cyber charge now is an attempt to react to times. Imagination failure on part of the current leadership for not being creative to construct cyber warfare organisation, while there are cyber skill sets available within the country and with the Indian diaspora, to become a dominant cyber power, will be considered the biggest failure in history.

It is time to imbue and ignite fire in citizens and netizens with a national will and passion to transform from being a “soft power” (read cyber coolies) to “smart power” (read cyber rulers).

Prognosis

Cyber race to dominate the world has already taken off much after independence. The countries that gained independence afterwards are seemingly ahead in the race. Cyberspace has become the Centre of Gravity for all instruments of national power. Unimpeded access to cyberspace can be denied through hostile cyber actions and manipulations wherein economic, financial, commercial, telecommunications, military activity and even day-to-day functioning of the population would be paralysed.

Cyber power is an instrument to produce preferred outcome in domains outside cyberspace in the international arena by use of coercive ability of dominance in cyberspace. Nations whose political, military and corporate leadership understand this reality and use imagination and creativity to achieve dominance in cyberspace will be leading the world and the others, despite having the wherewithal, will be cursed to remain in slavery.

The past has been left behind but it may be instructive to recall – 9/11 attack, and Operation Geronimo launched to eliminate Osama bin Laden. The Parliament attack happened; our response was to launch Operation Parakram which ended without even firing a single shot. The 26/11 attack happened and the only Foreign Policy response was that the cricket series run by a private society – the Board of Control for Cricket in India (BCCI) were called off! Employing India’s ‘Soft Power’?

This millennium belongs to a nation that conquers and dominates cyberspace through cyber power. India has everything that it takes to become the dominant cyber power…just resolve to conquer…“Sab ka haath, Cyber Power ke saath”.