Sample Material of Current Public Administration Magazine
::The New Front::
- In October 2014, the US Department of Defense constituted a task force
under the Defense Science Board to “consider the requirements for effective
deterrence of cyber attacks”. The report, submitted in February 2107, has
this to say in its introduction: “The unfortunate reality is that, for at
least the next decade, the offensive cyber capabilities of our most capable
adversaries are likely to far exceed the United States’ capability to defend
key critical infrastructure.”
- Coming from a country which is today the best prepared to deal with all
aspects of cyber warfare, this statement should serve as a grim reminder of
the seriousness of this threat. As “Digital India” grows, vulnerabilities
will only increase. A 2017 study conducted by Symantec found that India
ranked fourth in online security breaches, accounting for over 5 per cent of
global threat detections.
- Cyber threats can manifest in many ways but what is visible on an almost
daily basis are cyber crimes, cyber theft, cyber espionage, cyber intrusions
etc. These are relatively low-end threats but seem to occupy all our
attention. It is for this reason that we hear official statements about how
initiatives like the National Critical Information Infrastructure Protection
Centre (NCIIPC) and the appointment of a National Cyber Security Coordinator
have improved our ability to deal with cyber attacks. This is only the tip
of the iceberg and is lulling us into a false sense of complacency.
- Criminal hackers can certainly cause data breaches and financial loss,
and countering them is important, but these are not attacks which threaten
the security of a country. The real danger to India lies in targeted cyber
attacks coming from adversarial nation states. Countries like China can
bring immense assets to bear in carrying out sophisticated cyber attacks.
The success of Stuxnet, which damaged the Iranian centrifuge facility at
Natanz, lay in the fact that it was an international operation involving the
CIA, NSA and Israel’s Unit 8200. The highly sophisticated malware used an
unprecedented five zero-day exploits and was tested on a dummy set of
centrifuges built for this purpose. Such capability is not available with
groups of hackers.
- If, and it appears increasingly likely, cyber warfare is going to become
a regular part of the arsenal of nations, there is a need to visualise how
this war will be fought and under whose responsibility. Let me attempt to
decode this briefly.
- The three main components of any national strategy to counter cyber
threats are defence, deterrence and exploitation. Critical cyber
infrastructure needs to be defended and the establishment of the NCIIPC is a
good step in this direction but individual ministries and private companies
must also put procedures in place to honestly report breaches. It is only
then that the NCIIPC can provide the requisite tools to secure these
networks. This partnership must be transparent and not mired in the usual
secrecy of intelligence organisations.
- However, as brought out at the beginning of this article, there are
limits to defending as the dice are loaded in favour of offensive
capabilities. Therefore, deterrence and exploitation become critically
important. Deterrence in cyberspace is a hugely complex issue. Nuclear
deterrence worked because there was clarity on the capability of adversaries
and the horrific cost of a nuclear conflict. Cyber warfare is characterised
by an absence of clarity. We can never be certain about the capability of
the other side (there are no missiles to be counted) and also the chances of
success if we launch a cyber counterstrike.
- It is for these reasons that deterrence cannot be limited only to the
cyberspace. The 2017 Defense Science Board report, in talking about
“deterrence by cost imposition”, states, “While offensive cyber responses
are an essential part of the toolkit, the full range of military responses
(symmetric or asymmetric) — as well as diplomatic, law enforcement and
economic responses — must also be considered.”
And finally, the exploitation of cyberspace to achieve national security
objectives. Again, cyber operations cannot be a standalone activity but
integrated with land, sea and air operations, and a part of information
warfare. The preparation for this will have to start with the Indian
military gathering intelligence, evaluating targets and preparing the
specific tools for cyber attacks. This will then be meshed with the
war-fighting plans of the three services.
- Looked at in its entirety, the most serious manifestation of cyber
attacks is when an external state threatens the national security of India
by exploiting the cyberspace. If this is clear, then the danger cannot be
countered by an intelligence agency like the NTRO or a research organisation
like the DRDO. The lead agency to deal with this will have to be the defence
services, which are responsible for protecting India. It is here that we are
- India is one of the few countries which still does not have a dedicated
cyber component in its military. The setting up of a Defence Cyber Agency
has been announced but this is a typical half-hearted step which
characterises our strategic planning process. The upgrading of this agency
to a Cyber Command must be implemented at the soonest.
- What will also be important is the authority and mandate given to the
Cyber Agency. If it is hobbled by limited mandates and roles, as often
happens due to inter-agency rivalries, India will never achieve the full
capability of fighting and defending in the cyberspace. It would be
instructive to take a leaf out of the US Cyber Command, which has one of its
focus areas as “strengthening (the) nation’s ability to withstand and
respond to cyber attack”.
- In 2012, US Defense Secretary Leon E Panetta warned that the country was
facing the possibility of a “cyber-Pearl Harbor”. Many strategic experts
like Martin Libicki, Joseph Nye and Thomas Rid have argued that the fears of
such catastrophic cyber attacks are overblown. We are still unclear about
how a future cyber war will play out but capabilities definitely exist,
particularly with China. It would be absurd not to prepare, and the military
must be at the forefront of this preparation.
(Published in The Indian Express Written by D.S.
Get this magazine (Current Public
Administration) free if you purchase our any of the below courses: