Indian Defence Review

Cyber Battlefield18

Cyberspace is a vast, complex and rapidly changing battle space. The key to prevailing in a hostile cyberspace environment may lie in the ability to generate a comprehensive picture of that environment. In the kinetic realm, the “fog of war” is a term derived from Clausewitz referring to uncertain knowledge about the adversary and the position and activities of own forces in the midst of an operation. While situational awareness is a major challenge already in traditional warfare, the ‘fog of cyber war’ may well be so thick that it could become the primary impediment to victory. Thus, developing the techniques and tools for cyber situational awareness would be paramount to achieving strategic, operational or tactical advantage in this novel domain19.

The cyber battlefield, figuratively speaking, is littered with players having supply chain and vendor access, remote access, proximity access and insider access. All of these are resources and assets as well as threats and vulnerabilities, depending upon the side of the fence you are on. Whether these are friendly or adversarial in ever changing international dynamic equations is a matter of decision by the national political, military and corporate leaders in sync with cyber leadership.

It follows from the above that a sound and well thought out doctrine and implementable strategy with clearly defined timelines needs to be promulgated by national political, military, corporate and cyber leadership to dominate the cyber battlefield. It demands investment in terms of time, intellect, super cyber skills and above all imagination and creativity as hackneyed approach is a surefire recipe for disaster in the cyber battlefield.

Cyber warfare involves units organised along nation – state boundaries, in offensive and defensive operations, using computers to attack other computers or networks through electronic means. Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks20.

Cyber Doctrine and Strategy

It is a matter of serious debate and deliberations among national political, military, corporate and cyber leadership to cull out Doctrine and Strategy. But a simple one liner is, “When you got to shoot…shoot, don’t talk.”

In doctrinal terms, the national aim must be to dominate cyberspace given the skill sets available within the country and with the Indian diaspora. An achievable time frame needs to be defined.

Cyber strategy can be framed on timelines defined by goals desired to be achieved, resources and capabilities available/planned and ways to achieve goals in a systematic planned manner, coupled with risk and cost analysis.

Cyberspace favours the attacker. Be ‘the first and the fastest’ to strike. In doing so, attack first or act rapidly to stop the opponent’s strike or be in a position of dominance to react before being struck by the opponent. The strategy is to trigger strikes from multiple platforms with diverse levels of ferocity to overwhelm the opponent in a flash incapacitating him to think coherently. The strikes on critical infrastructure need to be calibrated to a fine tuned control, raising the bar at will (inflicting causalities or visible economic losses or physical destruction of critical infrastructure through remote control), till intended national objectives are achieved viz. return of disputed territory or return of fugitive sheltered by the opponent nation.

The offensive strategy is coupled with active defence strategy or attack prevention whereby the opponent’s cyber weapons and weapons of mass destruction are infected with malware to redirect them to launch sites itself, thereby halting the response and reaction at the source. In order to achieve the results from above possible strategy there is a need to be imaginative and creative on the part of national political, military, corporate and cyber leadership.

Cyber Targets

The human mind is the prime and basic target of any cyber offensive. Targets need to be classified carefully according to a well defined strategy for execution. Careful pre-strike planning and long-term investments in reconnaissance and covert penetration into enemy systems for target selection, are mandatory. Pre-requisite to success in attack and protection is keeping targets under surveillance for updating and assigning the right type of weapons system in a dynamic manner.

Strategic Targets

Vital infrastructure falls into this category. The control, degradation or destruction of such targets confers immediate and visible strategic advantage to the attacker. Nuclear assets, long-range nuclear or conventional weapon systems, air space control and defence systems, rail transportation system, power grid, water supply and sewerage systems including dams and reservoirs, gas and fuel pipelines and storage systems compete to be classified as strategic targets.

The severity of the attack will determine the visible impact on human minds and decision makers e.g. destruction or flooding due to control of dams will severely destroy human life, cattle stock and property compounded by disabling of health and rescue services, mixing of sewage with drinking water supply will choke cities to standstill, explosion in gas and fuel pipelines will disrupt transportation systems apart from shock and awe of the explosions.

Operational Targets

Critical infrastructure falls into this category. The impact of the attack is not instantaneous but appears soon enough. The control, degradation or destruction of such targets confers operational advantage to the attacker and belies the trust of the population in the government. Telecommunication systems, banking and financial infrastructure, ports and harbours, military command and control systems and aircraft avionics could be classified as operational targets. Immobilising mobile phones, social networking sites, degradation of avionics of civil airliners will prevent take off, worse still – those airborne may crash, thereby, having a debilitating effect on the population.

Tactical Targets

Routine infrastructure falls into this category. The control, degradation and destruction of such targets confer an advantage to the attacker. Targets are government services, police, judiciary, logistics supply chain, production industry and agriculture industry. Degradation and disruption of these targets will cause economic loss and would only be visible to the public much later.

The above targets can be further categorised depending on the spread of impact geographically of control, degradation or destruction in local (a few cities), states and national.

The classification and categorisation of targets facilitates cyber warfare planners and executors to keep targets under surveillance, monitoring and updating. More importantly, decision for cyber weapons assignment and the degree and level of attack to be launched becomes swift.

Cyber Weapons

The most lethal, invisible, untraceable and destructive cyber weapons are ironically produced and inserted at the production stage itself in the computer hardware and software industry. Nations producing cyber hardware and software therefore have a definitive edge in all spheres of cyberspace.

Cyber weapons just like guided missiles have three basic components – the delivery vehicle, the navigation system and the payload21. The payloads act as per the command and control instructions embedded therein viz. send back information through back doors, incapacitate a system on a given command from remote location or at a predetermined time, choke the system with malicious code multiplying itself causing catastrophic failure.

The Delivery Vehicle

Among the many methods of delivery of payloads are insertion of the Trojan Horse22 ideally at the factory premises itself, emails embedded with malicious codes, websites with malicious links and downloads, wireless code insertion transmitted on radio or radar frequencies, manual delivery through hacking, delivery through proximity access (wi-fi or wi-max), insertion through Insider Access or Sleeper Cells particularly in SCADA23 systems, counterfeit hardware, software and electronic components can also be used as delivery vehicles.

The Navigation System

System vulnerabilities are the primary navigation systems used in cyber weapons. Vulnerabilities in software and computer system configurations provide entry points for the payload. These security exposures in operating systems or other software or applications allow for exploitation and compromise. This enables unauthorised remote access and control over the system24.

The Payload

A payload could be a programme that copies information off of the computer and sends it to an external source. It can also be a programme that is altering and manipulating information stored in the system. It can enable remote access so that the computer can be controlled or directed over the internet or through proximity or insider access. A ‘bot’– a component of a botnet25 – is a good example of a payload that makes possible the remote use of an IT system by an unauthorised individual or organisation26.

Nations are becoming increasingly vulnerable to cyber attacks that could have catastrophic effects on critical infrastructure as well as severely damage national economies. Cyber attacks can be launched at will using a variety of cyber weapons with different yields (desired effect) on diverse targets to achieve goals set by nation states and non-state actors alike.