Indian Defence Review

In October 2010, Iain Lobban the director of the Government Communications Headquarters (GCHQ), said Britain faces a “real and credible” threat from cyber attacks by hostile states and criminals and government systems are targeted 1,000 times each month, such attacks threatened Britain’s economic future, and some countries were already using cyber assaults to put pressure on other nations.16

In September 2010, the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility, attacked Iran. The worm is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare.

In July 2009, there were a series of coordinated denial of service attacks against major government, news media, and financial websites in South Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom.

Russia, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers during the 2008 South Ossetia War.17

In 2007 the website of the Krygyz Central Election Commission was defaced during its election. The message left on the website read, “This site has been hacked by Dream of Estonian organization”. During the election campaigns and riots preceding the election, there were cases of Denial-of-service attacks against the Kyrgyz.18

In September 2007, Israel carried out an airstrike on Syria dubbed Operation Orchard. U.S. industry and military sources speculated that the Israelis might have used cyberwarfare to allow their planes to pass undetected by radar into Syria.

In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the Israel Defence Forces (IDF) intelligence estimates several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel attached growing importance to cyber-tactics, and became, along with the U.S, France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF’s elite computer units.  Richard AS. Clarke adds, “Our Israeli friends have learned a thing or two from the programs we have been working on for more than two decades.”

Indian scenario

A government-private sector plan being overseen by National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intends to beef up India’s cyber security capabilities in the light of a group of experts findings that India faces a 4.7-lakh shortfall of such experts despite the country’s reputation of being an IT and software powerhouse.19

On July 12, 2012, several high-level officials experienced a major cyber attack. This included officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP). It is reported that several pieces of sensitive information had been compromised and there was also a breach in the main National Informatics Centre email server, which links all the departments in the Indian government. An investigation put the total number of accounts affected at roughly 12,000. The responsibility of preventing cyber attacks had fallen under the jurisdiction of the Indian Computer Emergency Response Team (CERT-In), which was established in 2004 as a subsidiary of the Department of Information Technology. The number of reported cyber security breaches has grown from 23 in 2004 to 13,301 in 2011.20

In July 2012, the government split CERT-In in order to better distribute serious threats and minor issues. ‘CERT-In now protects cyber assets in non-critical areas while a new body called the National Critical Information Infrastructure Protection Centre (NCIIPC) protects assets in sensitive sectors such as energy, transport, banking, telecom, defence and space.’

Information Technology Secretary J. Satyanarayana admits that more work needs to be done in research and development; however, he states that the NCIIPC department is in the final stages of completing the national cyber security policy. The policy proposes an increase in the production of domestic security solutions rather than depending on of foreign technology and products. ‘The government also plans to appoint a National Cyber Security Coordinator in the National Security Council to coordinate with all agencies dealing with cyber security.’ As an added measure M.S. Vijayaraghavan, an adviser to the National Technical Research Organisation, states that all cyber security agencies are working in isolation. “If there is a synchronised attack on multiple critical infrastructure facilities, they are not in a position to join the dots and respond in a well-coordinated way.”

Overall, India has not suffered any significant economic or physical damage from cyber attacks; however, the government owned Nuclear Power Corporation of India is at constant risk of security breach. “The company faces up to 10 targeted attacks a day but manages to block them all,” says Executive Director S.P. Dharne.

On 30th June last, India woke up to Chinese hackers having broken into sensitive naval computer systems in and around Visakhapatnam, the Eastern Naval Command’s headquarters. Worse, they planted bugs (virus) that secretly collected and transmitted confidential files and documents to Chinese IP addresses.

This is significant given the fact that the Eastern Naval Command plans operations and deployments in the South China Sea, the theatre of recent muscle flexing by Beijing, and beyond. Also, India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the Command.19

Undeniably, it has used its expertise as a cyber-power to access highly confidential information relating to national security of other countries, including India. In fact, New Delhi should take note of this, not only because of its historically contentious relationship with Beijing but also due to China’s “all weather friendship” with Pakistan. Especially against the backdrop of Islamabad continuing sponsorship of terror across Indian borders especially Jammu and Kashmir.

Pertinently, just as armies fight on land, navies at sea, and air forces in air, national cyber-forces now fight in the online world. Indeed, cyber warfare is the new emerging battlefront. Sadly, it is a battle that India is ill equipped to wage. Resulting in the country being under-defended against sustained, damaging State-level cyber attacks.

Asserted renowned virus hunter Mikko Hypponen to India Site: “We’ve traced most of the cases of hacking against India not to Pakistan, or Russia, nor anywhere else, but to China.”

In fact, there is nothing to stop China, unless India develops its own tools for cyber warfare, warns the National Technical Research Organisation (NTRO), the agency principally involved in investigating the damage caused by Chinese hackers. This outfit is directly under the Prime Minister.

Notwithstanding, New Delhi and Beijing might be talking peace, but it still has to address and grapple with how it will counter this full-blown cyberspace war. A TV media channel recently presented a frightening scenario. Showcasing how Chinese hackers targeted Indian computers with their deadly digital arsenal.

Significantly, with a staggering $55 million annual budget pumped into its devious science of strategic hacking, nothing is sacred for Chinese hackers. Given that Beijing views India as its biggest enemy. According to Toronto University’s Munk Centre for International Studies, Chinese hackers are known to function as a covert arm of the Chinese navy. And like Pakistani jihadis, the Chinese Government denies their existence.

Furthermore, hacking is institutionalised in China wherein virus writing is taught in Chinese military schools. Along side, the art of hacking is very much a part of the training imparted to a growing army of nearly 10,000 cyber soldiers.

In addition, the Red Hackers Alliance, the fifth largest hacker group in the world, is known to render services directly to the Chinese Government. With the Alliance at its disposal, Beijing enjoys supremacy in hacking techniques.

The Chinese hacking force uses malware, spyware, key loggers, Trojans, bots and malicious code generators to break into Indian computers, copy documents, ex-filtrate sensitive material and bug classified correspondence. Basically, without a dedicated Indian cyber-security organisation, the country will remain a sitting duck.20

Adding, “India is definitely at risk as it is in a very unstable part of the world with a constant threat of war. It should assume that it will be compromised, and ask how to ensure that it doesn’t break the country, economy or damage national security.”

As it stands, in the last three months, 112 websites of the Government have been hacked by a Pakistan-based group known as H4tr ck. whereby, the authorities have finally woken up to the fact that India is facing a major cyber threat that might continue unabated for sometime.

All in all, despite efforts to ramp up a cyber army, the Government’s cyber defences are only as strong as their weakest link.  The NTRO, the apex group under the Prime Minister’s Office tasked with India’s cyber-security, responds to the attack and neutralizes it. But not before discovering that some of its machines have been under hostile control for over two years.21

Therefore, India needs to urgently install a Cyber Command like the US under the Chief of the Defence Staff (CDS)/Chairman Chiefs of Staff Committee till CDS is appointed. The Government needs to wake up before it is too late.