Indian Defence Review

Cyber-attack: Stuxnet and other Worms

Space has been called the new high ground in war, but cyber-space is truly the new frontier that has made boundaries irrelevant. War can now be waged against a military adversary from any computer on earth. Recent events highlight how this has been happening with increasing frequency.

On July 12, 2012, in the “biggest cyber-attack on the country’s official computer networks, over 100,000 e-mail addresses of top government officials were hacked in a single day.” A government official said, “The MEA (Ministry of External Affairs) and the MHA (Ministry of Home Affairs) took the biggest hit… strategic information related to critical sectors, including troop deployment, was compromised.” A National Technical Research Organisation (NTRO) official was reported to have said, “We would not like to name the state actors, but D4 – destroy, disrupt, deny and degrade – process was initiated and counter offensive launched.” (Indian Express, December 18, 2012.) According to a leading US network security company, “A sophisticated cyber-espionage group, probably based in China, is taking advantage of India’s weak cyber-defences to burrow into government bodies and academic institutions to steal sensitive diplomatic information.” (Washington Post, August 20, 2015.)

With its growing economy and infrastructure and a military increasingly more dependent on computers for command, control, communications and surveillance, India is becoming more and more vulnerable to cyber-attack. In alarming front page news reports published by several Indian newspapers in 2010, Chinese cyber spies were reported to have hacked into computers and stolen documents from hundreds of government and private offices around the world, including those of the Indian embassy in the US. More recently, it was reported that during the Israel-Hamas rocket attack stand-off in November 2012, the Israelis successfully targeted the command and control network of the Hamas.

As in other facets of warfare, the United States has taken the lead to anticipate cyber-threats and deal with them. On June 23, 2009, Robert Gates, the US Secretary of Defence, authorised the creation of a new US military command to develop offensive cyber capability and defend command and control networks against cyber attacks. In January 2010, senior Pentagon leaders attended a simulation exercise on how the Pentagon would respond to a sophisticated cyber-attack aimed at paralysing power grids, communications systems and financial networks across the country.

Shortly after this wargame, (then) US Secretary of State Hillary Clinton said, “States, terrorists and those who would act as their proxies must know that the United States will protect our networks… Those who disrupt the free flow of information in our society or any other pose a threat to our economy, our government and our civil society.” Clearly, the US has adopted a pro-active cyberwar strategy. This was evident in the Stuxnet virus attack on the Iranian nuclear facility near Natanz reportedly launched jointly by the US and Israel in June 2010. Approximately 10 per cent of the centrifuges being used for the enrichment of uranium were destroyed through a worm that infected the computers controlling the facility.

While the emerging cyber threats originate from various sources including non-state actors, among nation states the Chinese are suspected to be the leading purveyors of offensive cyber strategies and Pakistan is working hard to play catch up. Though information about the People’s Liberation Army’s (PLA) cyber warriors has begun to appear in the public domain only recently, PLA watchers across the world have known for long about China’s well conceived doctrine on information operations and cyberwar. China’s cyberwar doctrine is designed to level the playing field in a future war with better equipped Western armed forces that rely on Revolution in Military Affairs (RMA) technologies and enjoy immense superiority in terms of weapons platforms and intelligence, surveillance and reconnaissance (ISR) and command and control networks.

The Chinese army uses more than 10,000 cyber warriors with degrees in information technology (IT) to maintain an e-vigil on China’s borders. “Chinese soldiers now swipe cards and work on laptops as they monitor the border with great efficiency… electronic sentinels functioning 24 hours a day.” Parallel to this effort, China is also engaged in raising a private army of a “million laptop warriors” – hackers who will wage cyberwar against the state’s enemies from their laptops at home.

Informationisation as the Driver

Early in the first decade of the new century, the Central Military Commission (CMC) called for a detailed study of the concept of people’s war under conditions of informationisation. Since then China has spent a lot of time and effort in assessing the implications of information technology and knowledge-based warfare on future conflict and to applying the lessons to its own war concepts.

The PLA expects to fight the next war under conditions of what it calls “informationisation” or “informationalisation”. In the White Paper on National Defence issued in 2004, informationisation was explained in general terms for the first time: “To adapt itself to the changes both in the international strategic situation and the national security environment and rise to the challenges presented by the RMA worldwide, China adheres to the military strategy of active defense and works to speed up the RMA with Chinese characteristics.

PLA analysts have called the ongoing RMA an “informationised military revolution”. Informationisation “clearly relates to the PLA’s ability to adopt information technologies to command, intelligence, training and weapon systems. This would include broad investment in new automatic command systems linked by fibre-optic Internet, satellite and new high-frequency digital radio systems… The PLA can also contest the information battle space with its new space-based, airborne, naval and ground-based surveillance and intelligence gathering systems and its new anti-satellite, anti-radar, electronic warfare and information warfare systems… there is increasing ‘information content’ for new PLA weapons as it moves to link new space, airborne and ELINT sensors to missile, air, naval and ground-based ‘shooters’ to enable all its services to better use new precision-strike weapons.” According to the 2004 White Paper, “In its modernisation drive, the PLA takes informationalisation as its orientation and strategic focus.” The PLA has adopted what it calls a “double historical mission” and a “leapfrog development strategy” – accelerating military informationisation while undergoing mechanisation.

According to the current White Paper on National defence, entitled “National Military Strategy” and issued in May 2015, “The world revolution in military affairs (RMA) is proceeding to a new stage. Long-range, precise, smart, stealthy and unmanned weapons and equipment are becoming increasingly sophisticated. Outer space and cyber space have become new commanding heights in strategic competition among all parties. The form of war is accelerating its evolution to informationization… Cyberspace has become a new pillar of economic and social development, and a new domain of national security. As international strategic competition in cyberspace has been turning increasingly fiercer, quite a few countries are developing their cyber military forces. Being one of the major victims of hacker attacks, China is confronted with grave security threats to its cyber infrastructure. As cyberspace weighs more in military security, China will expedite the development of a cyber force, and enhance its capabilities of cyberspace situation awareness, cyber defense, support for the country’s endeavors in cyberspace and participation in international cyber cooperation, so as to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.”

Information Operations – Acupuncture Warfare

The denial of information, strategic deception and the achievement of psychological surprise have for long been an integral part of Chinese military doctrine. The Chinese find information warfare (IW) extremely attractive as they view it as an asymmetric tool that will enable them to overcome their relative backwardness in kinetic military hardware. The Chinese are devoting considerable time and energy in perfecting the techniques of IW to target the rapidly modernising Western armed forces that are becoming increasingly more dependent on the software that runs computer networks and modern communications. In Chinese thinking, IW presents a level playing field for projecting power and prevailing upon the adversary in future wars. However, it has not been possible to ascertain from open public sources whether IW is fully integrated with the doctrine of people’s war under modern conditions or if it is still treated as a separate but complementary pattern of war (zhanzheng xingtai). There is also some confusion created by the use of the term informationised warfare (xinxihua zhanzheng) instead of IW (xinxi zhanzheng). However, there is no ambiguity in the manner in which the Chinese view information operations:

• Intelligence operations, which include intelligence reconnaissance and protection.
• Command and control operations to disrupt enemy information flow and weaken his C2 capability while protecting one’s own.
• Electronic warfare by seizing the electromagnetic initiative through electronic attack, electronic protection and electronic warfare support.
•  Targeting enemy computer systems and networks to damage and destroy critical machines and networks and the data stored on them.
• Physical destruction of enemy sources like information infrastructure such as C4ISR through the application of firepower.

The Chinese call their pursuit of information warfare and other hi-tech means to counter Washington’s overwhelmingly superior conventional military capabilities “acupuncture warfare”, a term that first surfaced in a 1997 PLA National Defence University publication entitled “On Commanding Warfighting under High-Tech Conditions”. Acupuncture warfare (also called “paralysis warfare”) was described as “Paralysing the enemy by attacking the weak link of his command, control, communications and information as if hitting his acupuncture point in kung fu combat.” Acupuncture warfare is a form of asymmetrical warfare dating back to the teachings of Sun Tzu, China’s pre-eminent military strategist from the 5th century BC. For quite some time now the PLA has been simulating computer virus attacks in its military exercises.

According to a US Congressional Research Service report entitled “Cyberwarfare”, authored by Steve Hildreth, China is developing a strategic information warfare unit called “Net Force” to neutralise the military capabilities of technologically superior adversaries. This new information warfare unit will “wage combat through computer networks to manipulate enemy information systems spanning spare parts deliveries to fire control and guidance systems.” Though the PLA’s research into the theoretical aspects of information warfare is fairly advanced, it does not appear to have developed a coordinated and integrated information warfare doctrine as yet.

Chong-Pin Lee, Vice Chairman of Taiwan’s Mainland Affairs Council, says Beijing is re-directing its emphasis away from nuclear deterrence to this new asymmetrical strategy and its “overarching purpose is to deter the United States from intervening around China’s peripheries and to seize Taiwan with minimum bloodshed and destruction.” In another five to 10 years China will develop depth and sophistication in its understanding and handling of information warfare techniques and information operations. With Indian society becoming increasingly dependent on automated data processing and vast computer networks, India has become extremely vulnerable to such information warfare techniques. The fact that it can be practiced from virtually any place on the earth even during peacetime makes acupuncture warfare even more diabolical. India can ill-afford to ignore this new challenge to its security.

Defence analysts Timperlake and Triplett have written that economic, political and social systems are essentially unprotected against Chinese information warfare attack. In their view, China has adopted a comprehensive strategy to further its information warfare plans: Information warfare has the support of the top PLA brass; the PLA’s best strategists and defence scientists have had extensive open discussions about information warfare; the PLA is conducting military exercises in information warfare; it is expanding its already strong signals intelligence (SIGINT) capability in Cuba; and, the PLA is buying the hardware necessary. As supercomputers require huge capital investments, a strong political and financial commitment is implied. The Chinese are recruiting scientists and technicians and are building related weapons such as high-powered microwave weapons.

The PLA is acutely conscious of its continuing relative backwardness in information technologies. To prepare itself for a conflict with an RMA-ready opponent, China’s military thinkers recommend that China must: Close the information gap; network all forces; attack the enemy’s C3I to paralyse it; use directed energy weapons; and computer viruses. Physical measures include the use of submarine-launched munitions; anti-satellite weapons; forces to prevent a logistics build-up; and special operations raids. Timothy Thomas, of the Foreign Military Studies Office at Fort Leavenworth, has written about a 1999 “network battle” fought between Chinese and American “hackers after the US bombed the Chinese embassy in Belgrade”.

In fact, efforts to inculcate an IT culture are being extended all the way down to the troops deployed to guard to China’s borders: “With a vast pool of IT-trained officers in place, China’s border vigil is turning electronic. At its long border with 14 countries, including India, the Chinese soldiers now swipe cards and work on laptops as they monitor the border with great efficiency with electronic sentinels functioning 24 hours a day along the sea and land boundaries while sentries work with IC cards and other sophisticated equipment. The use of electronic devices has enhanced the army’s ability to deal with emergencies quickly and efficiently, according to sources…”

Developing cyberwarfare capabilities is seen is presenting a level playing field in an otherwise David versus Goliath scenario as Chinese hardware is no match for the weapons technology fielded today by the US and its allies. Recent cyber attacks directed against Taiwan and the US are indicative of the efforts to develop new techniques, viruses and logic bombs. Information warfare will be crucial in the opening phases of a war aimed at the re-unification of Taiwan or a border conflict with India as it will be important to knock out the adversary’s communications infrastructure by cyber as well as physical means.

James Mulvenon has written: “Chinese military strategists describe IO (information operations) and CNO (computer network operations) as useful supplements to conventional warfighting capability, and powerful asymmetric options for ‘overcoming the superior with the inferior’. According to one PRC author, ‘Computer network attack is one of the most effective means for a weak military to fight a strong one.’ Yet another important theme in Chinese writings on CNO is the use of computer network attack as the spear point of deterrence. Emphasizing the potential role of computer network attack (CNA) in this type of signaling, a PRC strategist writes that ‘We must send a message to the enemy through computer network attack, forcing the enemy to give up without fighting.’ Computer network attack is particularly attractive to the PLA, since it has a longer range than their conventional power projection assets. This allows the PLA to ‘reach out and touch’ the United States, even in the continental United States. ‘Thanks to computers,’ one strategist writes, ‘long distance surveillance and accurate, powerful, and long distance attacks are now available to our military.’ Yet computer network attack is also believed to enjoy a high degree of ‘plausible deniability’, rendering it a possible tool of strategic denial and deception. As one source notes, ‘An information war is inexpensive, as the enemy country can receive a paralyzing blow through the Internet, and the party on the receiving end will not be able to tell whether it is a child’s prank or an attack from an enemy.’ It is important to note that Chinese CNA doctrine focuses on disruption and paralysis, not destruction.”

Click to buy

Compared with China’s historically reactive stance of luring the enemy in deep and destroying him through strategic defence, the country’s cyber strategy is essentially pro-active and seeks to take the battle into enemy territory. It also strives to achieve surprise in a pro-active manner that is demonstrated by new “quick-strike” tactics. The aim is to catch the enemy unprepared in order to inflict substantial damage on strategic targets and disrupt logistics to gain psychological ascendancy. While the land frontier is expected to continue to generate some local tensions, the CMC has identified space and the oceans as the new areas where future conflict might take place.

India is Vulnerable to a Cyber Pearl Harbour

In another five to 10 years China will develop much greater depth and sophistication in its understanding and handling of information warfare techniques and information operations. With Indian society becoming increasingly dependent on automated data processing and vast computer networks, India will also become extremely vulnerable to such information warfare techniques. Major infrastructure like telecom, railways, air traffic control, banks, stock exchanges, power grids and the C4I2SR systems of the armed forces are all dependent on computer networks, which are vulnerable to cyber attacks and cyber manipulation. The nothingness of cyberspace connects China’s laptops warriors directly with Delhi, Mumbai, Kolkata, Chennai, Bangalore and Hyderabad and other Indian cities, as also India’s strategic establishments. The fact that cyberwar can be launched from virtually any place on the earth even during peacetime makes acupuncture or paralysis warfare even more diabolical.

Indian computer networks and e-mail accounts have been hacked frequently by state actors. Some incidents are given below:

• Former national security adviser M K Narayanan had told The Times, London, before laying down his office that China’s cyber warriors had hacked into computers in the PMO on December 15, 2009. At least 30 computers may have been penetrated.
• Chinese cyber spies were also reported to have broken into and stolen documents from hundreds of government and private offices around the world, including those of the Indian embassy in the US.
• According to data released by CERT-IN, 90, 119, 252 and 219 government websites were defaced by various hacker groups in the years 2008, 2009, 2010 and January-October 2011, respectively.

If there is another conflict with China, it can be visualised that the war will begin in cyberspace much before a single shot is fired or the first missile is launched. In fact, frequent hacking attempts, some of them successful, are ongoing on a daily basis even now when there is peace at the border. A cyber Pearl Harbour is a distinct possibility if due attention is not paid to cyber-security. A task force on cyber security assembled by the Institute of Defence Studies and Analyses (IDSA), New Delhi, made the following salient recommendations in its report published in March 2012:

• The NSA should be the overall coordinator of the planning and execution of India’s cyber security policy.
• A Cyber Coordination Centre should be established at the operational level.
• MHA should be the nodal agency for handling cyber-terrorism and cyber-crime.
• HQ Integrated Defence Staff (IDS) should be the nodal agency for preparing the country for cyber-warfare in all its dimensions.
• The National Security Council Secretariat (NSCS) should be the nodal agency for coordinating the efforts to protect the critical infra of the country.
• The Department of Information Technology should be tasked with creating the necessary situational awareness, strengthening the public-private partnership, promoting international cooperation and other residual measures.
• The Department of Information Technology’s CERT-IN should be the nodal agency to create and share cyber-space situational awareness in the country.
• Cyber-security education, R&D and training should be an integral part of the national cyber security strategy.
• Disaster management and recovery must be an integral part of the national cyber-security strategy.

India can ill-afford to ignore this new challenge to its security. India needs to adopt an inter-ministerial, inter-departmental, inter-Services, multi-agency approach to dealing with emerging cyber warfare threats and must develop appropriate responses. Till recently, no single agency in India was charged with the responsibility to ensure cyber and IT security. There was an inescapable requirement to create a nodal agency to spearhead India’s cyberwar efforts under a national cyber security advisor who reports directly to the NSA. The armed forces must be part of the overall national effort from the very beginning so that emerging tactics, techniques and procedures can be incorporated into doctrine and training. Hence, India too needs a Cyber Command to lead efforts within the military to safeguard computer networks from hackers and cyber attacks. The strategy must be defensive to guard India’s vulnerable assets, such as military command and control networks and civilian infrastructure dependent on the use of cyber space, as well as offensive to disrupt the adversary’s C4I2SR systems and develop leverages that can be exploited at the appropriate time. With some of the finest software brains in the world available to India, it should not prove to be an insurmountable challenge.

Buy Now: Threat from China

It is heartening to note that the Indian government has taken note of the seriousness of the threat and the Cabinet Committee on Security has initiated steps to evolve a comprehensive cyber security strategy. It was reported in November 2012 that Mr. Gulshan Rai, who then headed the Indian Computer Emergency Response Team (CERT-IN), had been named the first National Cyber Security Coordinator (NCSC). A National Critical Information Infrastructure Protection Centre (NCIPC) has been established. This is a command and control nerve centre that monitors protection of the critical infrastructure. The NCIPC will in all probability be managed by the National Technical Research Organisation (NTRO), India’s technical intelligence gathering agency. The NTRO and the Defence Intelligence Agency (DIA) are best suited to plan and execute offensive cyber operations. The NSA should be at the apex of India’s cyber security strategy as the chief planner and trouble shooter.

Concluding Observations

Besides conflict at land, sea, in the air and in space, one of the primary dimensions of future wars will be the cyberspace medium linking computers and information networks. Such wars in the fourth dimension have come to be known as “cyberwars”. In the coming decades, the ability to wage war in cyberspace is likely to acquire a deterrent value that rates between the threat of a conventional military attack and a nuclear strike. The strategic landscape has changed forever, somewhat like when nuclear weapons first appeared on the scene in 1945. Regardless of what term is used to describe this new war-form of the future, it is clear that an information and knowledge driven new type of war-form has emerged and its manifold nuances and far-reaching implications need to be studied and analysed in detail so as to formulate a viable national-level strategy to defend against it as well as wage it successfully.

Future wars between contending protagonists are likely to be all-encompassing, perpetually ongoing conflicts. The distinction between peace and war will be blurred. Not all military operations in future will be violent and physically destructive. Since the aim will be to subdue the enemy without fighting, non-violent operations to cripple a society and to deny it the ability to wage war, may be launched to wreck its information grids and systems, banking and telecom systems, transportation and traffic control systems, power grids and computer networks, even during seemingly peaceful interludes. At the core of the new military doctrine for fighting what Alvin and Heidi Toffler have called ‘Third Wave’ wars, will be the concept that the control and manipulation of information and widespread knowledge of the enemy’s military, industrial, diplomatic, political, civic and cybernetic assets, with a view to paralysing them without actual fighting, will be essential pre-requisites for success. The weapons of choice will be computer ‘logic’ bombs set to detonate at a particular time, electronic viruses to infect the adversary’s computers, non-nuclear high-energy electro-magnetic pulse (EMP) to ‘fry’ the components of radars, electronic networks and computers and advanced ‘hacking’ techniques to gain access to the adversary’s computer networks and manipulate them to own advantage.

Buy Now: This book is sequel to “Threat from China”.

The emergence of the cyber-battlefield is both an evolutionary and a revolutionary development. In so much as it will utilise most of the existing military concepts, weapons systems and organisations, it will be evolutionary. It will be revolutionary in that it will seek to provide new capabilities to commanders to influence and subvert the will of their opponents through imperceptible but nonetheless debilitating non-violent means as a prelude to more conventional operations, should they become necessary – a type of cybernetic intelligence preparation of the battlefield.

While much will change in the Megamedia Age, cyberwars will not be “remote, bloodless, sterile or risk-free.” There will be a marked reliance on knowledge and information. Preparation of the battlefield will involve gathering maximum intelligence about the enemy, while preventing him from knowing much about oneself. It will imply turning the “balance of information and knowledge in one’s favour, especially if the balance of forces is not.” The aim will be to dislocate, paralyse and incapacitate the opposing commanders’ minds to force the adversary to capitulate without fighting. The results which are likely to be achieved will be decisive and out of all proportion to the effort applied. However, fundamental military revolutions, particularly evolutionary ones, require detailed analysis, thorough study and meticulous experimentation before they can be absorbed into the doctrinal lexicon and implemented at the functional level.