India’s economy is aggressively progressing ahead to play a crucial role in propelling the global economy by quick implementation of policy programs, curbing the administrative lag, and more importantly inclusive development by being at the forefront oftechnology- led initiativesflag ship programs like Startup India, Digital India. These programs are aimed at fostering favorable business environment for existing and new businesses to become global unicorns.
In fact, India is rapidly transforming its entire policy and administrative architecture to become Digital India in accordance with the policy programs of the G20 of which India has become president recently. As a digital economy, India is positioning to become a global leader in data, technology, digitization, and inclusive to become digital economy. The more India is moving to reap the benefit of digitalization, the more its economy comprising all critical infrastructures, financial institutions is susceptible to cyber attacks that are being launched constantly by India’s adversaries lying inside and outside of India.
These cyber attacks on India are very serious and increasingly threatening. For instance, in the month of November, Central Depository Services Limited (CSDL) detected a malware in some of its internal machines. Very recently, AIIMS, one of the most important critical health infrastructures came under cyber attack. According to the media report on AIIMS, “ransomware had affected outpatient and inpatient digital hospital services, including smart lab, billing, report generation, appointment schedule”.
Cyfirm, a Singapore based intelligence firm, reportedly warned Indiaabout the cyber attacks that could be launched against its major pharmaceutical companies like Dr. Reddy’s Labs, Serum Institute, Bharat Biotech that are involved in manufacturing the COVID-19 vaccine to steal the critical information and data on vaccine research and trials. Cyfirm reportedly identified 15 hacking companies, seven from Russia, four from China, three from North Korea, and one from Iran.
Apart from healthcare industry, financial institutions that are the back bone of Indian economy are also facing growing number of incidences of data breach and digital banking threats that are underlining the susceptibilities of entire finance and economic apparatus to the cyber attacks of every kind. In accordance to the data forwarded to the Indian Parliament in August, 2022, “between June, 2018 and March, 2022, India’s banks recorded 248 successful data breaches by hackers and criminals”, out of which 41 cases from public sector banks, 205 were from private sector banks, and two from overseas banks.
Effective digitization can be achieved through robust cyber security. In the era of digitalization, when every country is aiming to reap the benefit of Information and Technology (IT) in order to become more efficient, transparent, and effective in its governance. In this scenario, cyber attacks, data breach have turned out to be a more potent and lethal weapon for adversary state and non-state actors to hamper the developmental pace of the countries like India that is aspiring to become the super power for changing the contours of international politics.
To do so, well trained tactical teams equipped with advance technologies are being prepared by the state and non-state actors to realize their venomous agenda.India is very rapidly moving to become robust economy by reaping the benefits of information and technology that causes so much insecurity to its adversary nations like China, and Pakistan.To hinder India’s speedy development and sending a message to India –if India presses too hard in its claim in border disputes – China has several avenues such as cyber war fare, a part of “Grey-Zone warfare” to devastate its critical infrastructure necessitated for efficient and smooth functioning of its digital economy.
For instance, according to New York Times, Chinese hacker group ‘RedEcho’ was responsible for failure in Mumbai’s power grid that led to the stoppage of trains, shutting down of stock market, hindering the hospitals’ functioning especially when Corona was on its peak. As far as cyber attacks on India’s power infrastructure are concerned, according to the Col KPM Das, “seventy percent of the generation and distribution infrastructure in Indian power companies comes from China. The difference in prices is 30-40% and hence Request for Proposals (RFP) is bagged by them”.
Acquiring critical infrastructure from China, proffers infinite opportunities to inject Chinese malwaresin control systems that manage electric supply across India along with a high-voltage transmission substation and coal-fired power plant. As a crucial part of Grey-Zone Warfare, cyber war is being employed increasingly across the globe. Nature of cyber war is below the threshold of the actual war and, therefore, it is employed by the adversary nation in the peace time too.Modern world’s industries, defence, economy, institutions, and other aspects of life of a human being are supported by computers, software programs that are inter-connected across nations and continents. To launch a cyber attack in accordance with the planned strategy – the best way is to injecting the malwares into the computer system at the manufacturing stage.It can be pre-designed in micro chips for various items like sensors, routers, switches etc. Later on, it can be injected into the system as a sleeper cell. Its algorithm can be programmed in various ways to defeat strong defenses.
Therefore, by launching cyber attacks, whole life of human being can be disrupted for a long period of time.Very importantly, cyber attacks can be employed by adversary nation to tactically devastate the war fighting capabilities.In current scenario, cyber attack is the easiest and cheapest way to wage a war against the adversary nation.Russia was the pioneer in employing these tactics when it turned the power off twice in Ukraine several years ago. Another incidence of cyber attack hadhappened, when American power grid was littered with the code inserted by Russian hackers.
Chinese military history that is characterized by ‘asymmetric warfare’ considers cyber warfare as its integral component of national security strategy. By deeply observing the American experience of the first Gulf War and the Balkan intervention, Chinese PLAdevised its strategy for operating in cyberspace. In the book titled “Unrestricted Warfare”, two Chinese PLA air force officers mentioned that American military is so heavily dependent on theinformation supported by global information and command-control systems based on satellites that Chinese PLA should study the vulnerabilities and weakness of their system.
According to the Dr. Shen Weiguan, father of Information Warfare (IW), the aim of IW is “the enemy cognitive and trust systems and the goal is to exert control over his actions”. By extending his thought, in 2004, former head of the Communications Department of Chinese General Staff, General Xu Xiaoyan pointed out that China needs to have detailed vision of “National Confrontation Technology –intercepting, utilizing, corrupting and damaging the enemy’s information and using false information, viruses, and other means to sabotage normal information systems functions through computer networks”.
Chinese units that are responsible to cyber warfare are sliced into two professional groups namely“professional hackers” within PLA and the “patriotic hackers” who work for the government by supporting its different cyberspace operations against adversary state.
In late 2015, the PLA initiated the reforms that created the Strategic Support Force (SSF) structured on U.S Strategic Command (USSTRATCOM) with some modifications in accordance with the Chinese’s unique challenges and approach. It consists of two co-equal branches – The Space Systems Department, The Network Systems Department. According to John Costello and Joe McReynolds of National Defense University, Washington DC – all cyber warfare operations are conducted under the auspices of “The Network Systems Department” that incorporates thefunctions of the erstwhile PLA General Staff Department’s Third Department and Fourth Department.
Under this department, there is a very crucial branch Beijing North Computing Centre that supervises ten subdivisions having the responsibilities such as designing and developing the computer network defense, attacking, and exploiting the systems’ weakness.
A massive military training unit located at Zhurihe imparts the training to Chinese units and enhances their skillsby simulating the behavioral pattern of United States and its allies in cyberspace. Widely recognized cyber unit of China is the Second Bureau of Third Army, Unit 61398 that nowcomes under The Network Systems Departmentconsists of most experienced and highly skilled IT specialists, electronic engineers, mathematicians, linguists who are very experts in English speaking situated in Shanghai. In addition to stealing the highly crucial and vulnerable information regarding the developmental pattern, economy, technology, and research especially in the military sphere, it is entitled to devising innovative IT technologies, implementation of its own computer network in order to secure them, and conducting effective invigilation of potential adversaries.
The SSF’s information warfare mission that comprises the functions of both Third and Fourth Department of General Staff Department (GSD is responsible for conducting offensive electronic warfare, electronic countermeasures (jamming and counter-jamming), technical reconnaissance. Its primary role is to “paralyze the enemy’s operational system-of systems” and “sabotage the enemy’s war command system-of systems” in the initial stage of conflict. Strategic Information Operations which is the responsibility of The Network Systems Department comprises 12 technical reconnaissance bureaus responsible for both cyber espionage and signal intelligence, former GSD’s 56th, 57th, 58th research institutes responsible for research, development, and weaponization support for technical reconnaissance, former military academic institutions such as PLA Information Engineering University, and Luoyang Foreign Language Institute.
Another communitycalled “patriotic hackers” that includes members of the IT department of the universities, employees in the IT departments of the state –owned enterprises, online gamers, and even criminals also plays a very crucial role in launching the cyber attacks such as email-bombing, DDoS attacks, web defacement. More importantly, all activities of this community are monitored by the Chinese government.
Comparing the Chinese cyber capabilities with India indicates that India should develop required cyber security infrastructure matching to the Chinese cyber warfare capabilities especially when its economy is becoming digitalized rapidly that is heavily dependent upon the information technology, computers’ networks, and software programs. Importance of the cyber security infrastructure can be understood by the fact that USA created the New Cyber Command headed by General who is also the boss of the Central Security Services and Director of National Security Agency. UK has also increased its budget for Cyber warfare, though it has reduced the overall budget for defense sector by hugely decreasing the expenditure for major defense programs!!
Sanger E. David, Schmall Emily (27 Sep, 2021). “China Appears to Warn India: Push Too Hard and the Light Could Go Out”. New York Times, Available on: https://www.nytimes.com/2021/02/28/us/politics/china-india-hacking-electricity.html [Accessed on: 9 December, 2022]
Cyber security is Critical for Achieving India’s Digital Ambitions (15 Nov, 2022). Mint, Available on: https://www.livemint.com/brand-stories/cybersecurity-is-critical-for-achieving-india-s-digital-ambitions-11668507845690.html [Accessed on: 9 December,2022]
Rajagopalan, Rajeswari Pillai (3 December, 2022). “The AIIMS cyberattack reflect India’s critical vulnerabilities”. Observer Research India, Available on: https://www.orfonline.org/expert-speak/the-aiims-cyberattack-reflects-indias-critical-vulnerabilities/?amp [Accessed on: 9 December, 2022]
Kakar, Harsh (18 March, 2022). “Increasing Cyber Attack”. Indian Defence Review, Available on: http://www.indiandefencereview.com/spotlights/increasing-cyber-threat/ [Accessed on: 9 December, 2022]
Tiwari, AK (14 December, 2022). “Cyber Warfare: The New Threat”. Indian Defence Review, Available on: http://www.indiandefencereview.com/spotlights/cyber-warfare-the-new-threat/[Accessed on: 9 December, 2022]
Kozlowski Andrzej(n.d). “The “Cyber Weapons Gap.” The Assessment of the China’s Cyber Warfare Capabilities and Its Consequences for Potential Conflict over Taiwan” University of Lodz, Poland, Available on: https://core.ac.uk/download/pdf/71981805.pdf[Accessed on: 9 December, 2022]
Costello, John, McReynolds Joe (2018). “China’s Strategic Support Force: A Force for New Era”. National Defense University, Washington DC, Available on: https://ndupress.ndu.edu/Portals/68/Documents/stratperspective/china/china-perspectives_13.pdf[Accessed on: 9 December, 2022]Zhuo, Chen(2019). “8 things to know about China’s biggest army training base”. China Military , Available on : http://eng.chinamil.com.cn/view/2019-05/13/content_9501757.htm
[Accessed on: 9 December, 2022]