Zeros, ones and attackers
The last decade or so has seen an enormous increase in the reach and power of the internet. From the early ARPANet days of 1960s, the system of interconnected military machines have evolved into a sophisticated, powerful and complicated infrastructure that have already made lasting impact on every aspect of human society. It has not only made the world a smaller place but also made it a “flatter” one.
However, the open nature of internet makes it vulnerable to attacks and exploits aimed at not only denying access to services, but also at manipulating information, so as to derail processes that rely on efficient gathering and dissemination of that information. The attacks have evolved from innocent pranks, to anarchic destruction, to organised crime, and have now found their way into core doctrines of the evolving concepts of cyber warfare and information warfare.
India’s interests in cyberspace have been the subject of constant attacks. Some reports estimate that an average of fifty Indian sites are attacked every day. The 2010 State Enterprise Security Study conducted by Symantec, an internet security software manufacturer, revealed that 66 percent of Indian enterprises experienced some form of internet-based attacks last year. While the majority of these incidents may have involved the defacement of inadequately protected websites, some of these attacks have gone beyond that.
In April 2010, the Information Warfare Monitor and the Shadowserver Foundation released a report titled Shadows in the Cloud that presented the results of an eight-month research study of a China-based computer espionage ring. One of the major findings of the report was that computers belonging to the higher echelons of the Indian government, including that of the National Security Council Secretariat and Indian embassies in Kabul, Moscow and Dubai, United Arab Emirates, and at the High Commission of India in Abuja, Nigeria had been compromised and sensitive data exfiltrated from them. Also compromised were computers used by one of the army’s mountain brigades in Assam, the Military Engineer Services in Calcutta, Bangalore, Jalandhar and Bengdubi, and three air force bases. Documents the investigators were able to confirm as exfiltrated out of victim machines included those classified as “Secret,” “Restricted” and “Confidential.”
The publication of the report came at an awkward time for the government since, earlier in March, Sachin Pilot, minister of state for communications, had claimed that government networks had been attacked by China, but that “not one attempt has been successful.” The report’s findings countered Mr Pilot’s contention. Since then, no further statements have been issued by New Delhi after the researchers informed Indian authorities of the nature of the documents that were recovered and asked how the sensitive documents might be disposed off.
In fact, the government has been tight-lipped about the whole incident after the extent of the cyber-espionage was brought to light. Except for a remark by the defence minister calling upon the armed forces to be prepared to counter cyber attacks, no more information has been forthcoming. The government needs to clarify the extent of the intrusion that the China-based attackers have been able to achieve and acknowledge the existence and scope of the risks posed by cyber threats. An in-depth analysis of the factors leading to the infiltration of sensitive government networks must be carried out by competent authorities. Weaknesses in the system, be it personnel, institutional or procedural need to be identified and rectified. The government must re-assess the capabilities of the organisations like Defence Information Warfare Agency, National Technical Research Organisation and National Informatics Centre to protect India’s interests—civilian, governmental and military—from cyber attacks.
The government must raise the international exposure given to the event and in the process take the matter up with Beijing, along the lines of what US Secretary of State Hillary Clinton has done regarding suspected attacks on and theft of intellectual property from US companies. China must be pressed to crack down on possible ‘non-state actors’ responsible for the cyber attack on Indian targets. While it is not easy to attribute the attacks to specific institutions or individuals, it has been shown that most of the attacks trace back to machines in China.
It needs to be impressed upon them, and other nations, that state or non-state cyber attacks against Indian networks and systems will no longer be tolerated. This has to be done as a part of a more comprehensive and enunciated discussion on the rules of engagement for cyber attacks against Indian interests and a re-examination of associated capabilities of cyber deterrence and the apparent “for defence only” approach towards India’s cyberwar capabilities. As the prospects of cyber war is discussed and strategies formulated by other nations—in particular the United States, China, Russia and Britain—India should heed the warning shots fired against it. There is an urgent need for a rigorous strategic and operational exercise to counter eventualities of cyber war, at various levels of the government and the military.
Save short surges of paranoid reportage, the Indian media has been guilty of lax reporting on this matter. In particular, there is little scrutiny of the government’s response to the emerging strategic threat. Except for carrying the occasional comments by ministers and self-professed security experts with vested interests, or reporting sensational statistics on infections and “attacks” in the Indian part of the cyberspace, the media has not given the kind of prominence that is warranted, of the rising danger of cyber threats to national security.
Once before, India ignored the emergence of a new kind of threat across its northern frontiers until it was too late. Five decades on, India might be repeating that mistake.
Srijith K Nair is fellow for cyber strategy studies at the Takshashila Institution and blogs at Vyuha