Events & Issues
New
Delhi, 15 April 2013
Cyber Warfare
GRAVE CONCERN
FOR INDIA
By Col (Dr) PK Vasudeva (Retd)
Cyber warfare refers to politically
motivated hacking to conduct sabotage and espionage. It is a form of
information warfare sometimes seen as analogous to conventional warfare
although this analogy is controversial for both its accuracy and its political
motivation.
US Government security expert
Richard A. Clarke, in his book Cyber War
(May 2010), defines “cyber warfare” as "actions by a nation-state to
penetrate another nation's computers or networks for the purposes of causing
damage or disruption.” The Economist
describes cyberspace as “the fifth domain of warfare,” and William J. Lynn, US
Deputy Secretary of Defence, states that "as a doctrinal matter, the
Pentagon has formally recognized cyberspace as a new domain in warfare . . .
[which] has become just as critical to military operations as land, sea, air,
and space.”
In 2009, President Barack Obama
declared America's
digital infrastructure to be a “strategic national asset,” and in May 2010 the
Pentagon set up its new US Cyber Command (USCYBERCOM), headed by General Keith
B Alexander, Director, National Security Agency (NSA), to defend American military
networks and attack other countries' systems. The EU has set up European
Network and Information Security Agency (ENISA), which is headed by Prof Udo
Helmbrecht, and there are now further plans to significantly expand ENISA's
capabilities. The UK
has also set up a cyber-security and “operations centre” based in Government
Communications Headquarters (GCHQ), the British equivalent of the NSA.
Iran is a recent entrant to
the club, and is said to be slowly acquiring the prowess to cause damage to
Israeli networks. Its might was revealed in an attack last year against what is
described as the world's largest oil producer Saudi Aramco, when data on 30,000
computers was erased and substituted with the image of a burning American flag.
Reports of hacking of several
Israeli government websites fit in with the analysis that the country's sworn
enemies will continue to target its installations, both on land and in
cyberspace. Pakistan
is one of the lesser members of this infamous club. Its main objective is to
annoy India.
Because of its limited knowledge and resources its impact in this game has been
minimal.
Dominant in the global cyber
conflict scenario is the overwhelming suspicion against China. The
latter has vehemently denied any involvement in episodes in which investigation
by experts in cyber security had traced back sources of attack to Internet
Protocol (IP) addresses belonging to some Chinese cities, especially Shanghai.
Cyber counter-intelligence are
measures to identify, penetrate, or neutralize foreign operations that use
cyber means as the primary tradecraft methodology, as well as foreign
intelligence service collection efforts that use traditional methods to gauge
cyber capabilities and intentions.
On 7 April 2009, The Pentagon
announced they spent more than $100 million in the last six months responding
to and repairing damage from cyber attacks and other computer network problems.
A government-private sector plan
being overseen by National Security Advisor Shivshankar Menon began in October
2012, and intends to beef up India's cyber security capabilities in the light
of a group of experts findings that India faces a 4.7-lakh shortfall of such
experts despite the country's reputation of being an IT and software
powerhouse.
On July 12, 2012, several high-level
officials experienced a major cyber attack. This included officials from the
Ministry of External Affairs, Ministry of Home Affairs, Defence Research and
Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP). It is
reported that several pieces of sensitive information had been compromised and
there was also a breach in the main National Informatics Centre email server,
which links all the departments in the Indian government. An investigation put
the total number of accounts affected at roughly 12,000.
The responsibility of preventing
cyber attacks had fallen under the jurisdiction of the Indian Computer
Emergency Response Team (CERT-In), which was established in 2004 as a
subsidiary of the Department of Information Technology. The number of reported
cyber security breaches has grown from 23 in 2004 to 13,301 in 2011.
In July 2012, the Government split
CERT-In in order to better distribute serious threats and minor issues.
‘CERT-In now protects cyber assets in non-critical areas while a new body
called the National Critical Information Infrastructure Protection Centre
(NCIIPC) protects assets in sensitive sectors such as energy, transport,
banking, telecom, defence and space.’
On 30th
June last, India woke up to Chinese
hackers having broken into sensitive naval computer systems in and around Visakhapatnam, the
Eastern Naval Command’s headquarters. Worse, they planted bugs (virus) that
secretly collected and transmitted confidential files and documents to Chinese IP
addresses.
This is
significant given the fact that the Eastern Naval Command plans operations and
deployments in the South China Sea, the theatre of recent muscle flexing by Beijing, and beyond.
Also, India’s
first nuclear missile submarine, INS Arihant, is currently undergoing trials at
the Command.
In fact, there
is nothing to stop China, unless India develops its own tools for cyber
warfare, warns the National Technical Research Organisation (NTRO), the agency
principally involved in investigating the damage caused by Chinese hackers.
This outfit is directly under the Prime Minister.
Significantly,
with a staggering $55 million annual budget pumped into its devious science of
strategic hacking, nothing is sacred for Chinese hackers. Given that Beijing
views India as its biggest enemy. According to Toronto University’s Munk Centre
for International Studies, Chinese hackers are known to function as a covert
arm of the Chinese navy.
Furthermore,
hacking is institutionalised in China wherein virus writing is taught in
Chinese military schools. Alongside, the art of hacking is very much a part of
the training imparted to a growing army of nearly 10,000 cyber soldiers.
In addition, the
Red Hackers Alliance, the fifth largest hacker group in the world, is known to
render services directly to the Chinese Government. With the Alliance at its
disposal, Beijing enjoys supremacy in hacking techniques. The Chinese hacking
force uses malware, spyware, key loggers, Trojans, bots and malicious code
generators to break into Indian computers, copy documents, ex-filtrate
sensitive material and bug classified correspondence. Basically, without a
dedicated Indian cyber-security organisation, the country will remain a sitting
duck.
All in all,
despite efforts to ramp up a cyber army, the Government’s cyber defences are
only as strong as their weakest link. The NTRO, the apex group under the
Prime Minister’s Office tasked with India’s cyber-security, responds to the
attack and neutralizes it. But not before discovering that some of its machines
have been under hostile control for over two years.
Therefore, India
needs to urgently install a Cyber Command like the US under the Chief of the
Defence Staff (CDS)/Chairman Chiefs of Staff Committee till CDS is appointed.
The Government needs to wake up before it is too late.--INFA
(Copyright, India News
and Feature Alliance)
|