Indian Defence Review

The cyber warriors will identify own networks weakness which will be followed up by regular patch up of vulnerabilities. In addition their actual target could include blowing up electric generators / motors; use of high power microwave to upset fly by control of combat aircraft and more.

Some contemporary thinkers have equated Cyber-Warfare as another new form of warfare which is on par with Land, Naval and Air Warfare. This is partly reflected in USA creating a new Cyber Command headed by a General, who is also the boss of Central Security Services and Director of National Security Agency. In the 2010 strategic review of security and defense in UK, while many major defense programmes have been cut and overall defense budget is reduced by eight percent, Cyber War has been allotted £ 650 m for the period 2010-14. A significant increase indeed!

Cyber War has become a major subset of warfare now, because the militaries and their equipments rely on many systems, each of which has computers, often many computers in each system.

While Cyber War seems a very familiar term to everyone, it will be useful to revisit its characteristics which make it so important and so different from other forms of warfare. It is distinctly different from the traditional warfare wherein armies, navies and air forces are massed against each other to fight one another.

Cyber War can be fought by anyone; even an individual using his hacking skills against huge corporations, nations or even different civilizations. One single person’s malicious software can wreck havoc on computer networks and programmes spread across nations and continents. The modem world’s industry, economy, institutions and even other facets of life is supported by computers and associated software. So all these facets of life can be disrupted for prolonged period by cyber attacks. The individual could be -acting alone; he could be part of a group pursuing its inimical agenda or could be state supported, working to further the plans of the state. The defender cannot distinguish between them or pinpoint the full identity of the attacker or the actual source of attack. So while the cyber enemy may be guessed, definite, pinpointing is nearly impossible.

Amongst various types of warfare, cyber war is the cheapest option. At its simplest, all it requires is one individual, on one computer to originate cyber attacks. There is no need for regular massive cyber armies equipped with all the paraphernalia of a conventional war; being trained, sustained and replenished regularly. Unlike in conventional war, where the attacker generally suffers heavy casualties, in Cyber War there is no casualty to the attacker. In this war, it is not the physical might of a soldier, the quality and quantity of equipment, the integration and orchestration of systems, or the strategic genius of a General which is tested. It is only the computer genius and skills – and these too come as easily to gifted teens as to the experts after years of serious study and perseverance. Therefore, each and everyone cannot be a cyber warrior. Conscription cannot create a Cyber Army — it is by recruiting suitable people with aptitude for such work. In cyber force, there is not much place for officer – soldier hierarchy. Rather it is a team of the like-minded.

The malware can be inbuilt in to the computer system at manufacturing stage itself. It can be pre-designed in micro chips for various items like sensors, routers, switches etc. It can be injected later on into system as a sleeper cell.

When one’s computer system does not work, it is not easy to distinguish whether the failure is a genuine malfunction or a result of malicious attack. More often than not one tends to believe that his computer system itself is malfunctioning. So it is difficult to determine if one is under cyber attack. The nature of attacks are such, for example hidden Trojans activated on command or at pre-determined time, that one does not know when the actual attack was launched.

The origins of attack also remain uncertain. The attacking nation or non-state actor can route his attack via a computers located in a third country or even through benign computers based in the country being attacked. These could be the personal computers of citizens of the country under attack. Such an approach poses major dilemma for defender and for the right to computer privacy in democratic societies.

The malware can be inbuilt in to the computer system at manufacturing stage itself. It can be pre-designed in micro chips for various items like sensors, routers, switches etc. It can be injected later on into system as a sleeper cell. Its algorithm can be programmed in variety of ways to defeat most defenses.

The defender in cyber world has to cope with many problems. The existing defenses are against only known viruses/worms. Defense networks, therefore, require constant upgradation. Even secure nets can be injected with virus even though attacker is not physically connected into the net. But then excessive security on the net decrease the system speed.

Detailed information on cyber war in various countries is difficult to find. However, certain amount of information is available about development of cyber war organisation in USA in the open literature. Hence it is proposed to study the evolution of cyber war organisation in USA.

USA

In earnest Electronic Warfare (EW) started during World War II. It matured as the radars and radar guided SAMs and anti-ac artillery evolved through the Vietnam war; the wars in the Middle East etc, Till recently EW meant brute jamming of signals or breaking the electronic lock on an aircraft by moving the lock away spatially. In the Op Desert Storm of Gulf War 91, false target information was injected into Iraqi Integrated Air Defence System, thereby misleading its computers. This can be considered the start of Cyber War in military domain. The Cyber War in the civil domain by way of unethical hacking into banking networks started little earlier.

 IW operations were undertaken during Bosnia Operation in 1995 and against Serbia in 1999. The comprehensive operations included EW against Radars and SAMs, cyber attacks against IADS, operations against Television, Radio as well as cyber attacks against computer based systems like power generation, Oil refining systems…

So now there are three terms : EW, Cyber War and Information War often loosely used to convey the same thing. Electronic War is said to take place when electrons in a system are disturbed. Cyber space is also the space where electrons flow conveying information. But cyber space is normally referred to space in which computer electrons move around – either within the computer itself or between many computers connected in a network. The network itself could be a cable or fiber optic network or a wireless net in which electronic signals move between a transmitter and a receiver — the most apt example being a satellite and its terminals. Thus, in the militaries too, initially terms like EW, IW and Cyber War were used loosely and interchangeably.

Cyber War has become a major subset of warfare now, because the militaries and their equipments rely on many systems, each of which has computers, often many computers in each system. At the same time all facets of civil life, industry, banking and financial service power generation etc have also been based on extensive computer networks and infinite number of software lines. In such a huge complex of electrons, EW as practiced till 1980s, forms a small subset. Altering cyber electrons means altering information-hence the term IW. However, in current US terminologies IW means irregular warfare. Cyber War includes the earlier EW and IW.