Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures. It’s widely acknowledged that offensive cyberattacks will be a necessary component of any future military campaign, and the extreme cyberweapons are being developed now.
India has been target from many cyber warfare campaigns. Pakistan has unleashed a cyber war against India on social media, Over 1000 videos supporting Jehad in Kashmir have been created and several thousand anti India posts in social media have been shared in the last six months. They are both soft toned as well as radical videos, some arousing sympathy for victims, others arousing hatred against armed forces.
In one instance, according to the Toronto based Munk Centre of International Studies, GhostNet — a Chinese network, had infiltrated networks of the Indian Government as well as of the Dalai Lama. The elite National Security Guard’s website was reportedly defaced with profanity-laden messages for Prime Minister Narendra Modi last month.
In a 2018 report to India’s National Security Council Secretariat (NSCS), an unprecedented 35 percent of cyber attacks against the country were attributed to China. Although such attacks have not generated a catastrophic impact in terms of damaged infrastructure, knocked down power grids and any related casualties, China’s cyber policy against India could undermine the country’s conventional power in a future military conflict.
In early September 2016, Some 22,000 pages of data related to India’s top secret Scorpene submarine program were published online. This presumed data breach brought the issue of cyber security into the headlines. Indian Army may face serious cyber attacks from non-state actors in Pakistan, on its critical Information Infrastructure say, the Oil and Natural Gas Corporation of Electric grids.
Hackers based in China attempted over 40,000 cyber attacks on India’s Information Technology infrastructure and banking sector in the last five days, a top police official in Maharashtra said in June 2020. The spurt in online attacks from across the border was noticed after tensions rose between the two countries in eastern Ladakh, said Yashasvi Yadav, Special Inspector General of Police of the Maharashtra Police’s cyber wing. Further as India has banned 59 apps , a move that may trigger retaliation from Chinese companies .
The government has increased a nationwide alert and stepped up monitoring as intelligence agencies prepare for intensified cybersecurity attacks from China. According to a news report in Economic Times that quotes an unnamed senior government official saying, “among all the sectors, power, telecom and financial services are being monitored even more closely, given their exposure to Chinese infrastructure.” The report further sounded a warning bell that since India had so far permitted the Chinese to invest in critical infrastructure, especially in communications and power, those can get vulnerable as “the Chinese have keys to those networks in the country”. And even more direly, the report noted that the Chinese using that access may also try to weed into the financial sector. Cybersecurity experts said India’s ban on 59 Chinese apps was only the start and there will be greater scrutiny of companies, device makers and apps with exposure to China, which can trigger retaliatory attacks.
According to the official cited in the first instance, the government’s plan is to rearrange and reorganize over a dozen agencies engaged in the protecting India’s cyber infrastructure. Currently, these agencies have their individual control and reporting systems. The idea is to restructure these to ensure better coordination and functioning, the official added. The new policy – National Cyber Security Policy 2020 – will emphasize cybersecurity awareness and hygiene. It is likely to suggest a cybersecurity course for schools and colleges curriculum.
The Ministry of Electronics and Information Technology, the Ministry of Home Affairs, the Ministry of Defence, the National Security Council Secretariat (NSC), and the National Technical Research Organization (NTRO), and several other departments and agencies have their own cyber units that look at various aspect of cybersecurity. Then there are specialised units including the Computer Emergency Response Team, India (CERT.IN), National Critical Information Infrastructure, and the National Cyber Coordinator Centre.
Cyber Agency and Cyber command
Across the world, the command control of defence cyber operations has been put under a well defined single command and control. For instance, the Government Communications Headquarters (GCHQ) of the United Kingdom is responsible for all things related to protecting cyberinfrastructure. Similarly, the Cyber Security Agency of Singapore reports to the Prime Minister and is responsible for the complete spectrum of defensive cyber operations. The National Security Agency of the US has the complete command and control.
India has moved a step closer to dealing with contemporary and new threats with the Cabinet Committee on Security recently clearing the formation of three agencies, the Defence Cyber Agency, the Defence Space Agency and the Special Operation Division, a government official familiar with the matter said on condition of anonymity. All three will be tri-service agencies, which means they will draw from each service and serve under the command of the Chairman, Chief of Staff Committee, a second official confirmed.
Ministry of Defense (MoD) is now set to establish the defense Cyber Agency, among the three new tri-service agencies to outstand on the grounds of cyber welfare, space, and special operations. The defense Cyber Agency, along with space agencies will launch on May, in the capital city, Delhi, as per the clearance given by PM Modi, during the Combined Commanders’ Conference in Jodhpur .
It is set to incorporate as many as 1000 personnel from all the three disciplines of defense – Army, Navy, and IAF. It has many a time been reported that cyber threats coming in from all around the world have started increasing at an exponential rate. At such a time, India is required to be equipped with technological skills and backup to combat the same. Understanding the criticalities of such cyber security, the foundation has set up a task force headed by Lt. Gen. Davinder Kumar (retired) to suggest a road map for the same.
Many countries starting with US and which now includes U.K., China, Russia, Israel and others are setting up Unified cyber commands for more effective and coordinated efforts for conducting cyberspace operations , both offensive and defensive. The offensive operations are seen as deterrent to adversaries. US, Russia and China are also implementing various defence measures to protect their classified networks from Cyber Warfare.
In a bid to enhance its combat capabilities in the virtual domain, the defence ministry is working towards establishing a new cyber agency to tackle attempts by Chinese and Pakistani hackers to break into its systems and networks. “The tri-services integrated defence staff (IDS) is coming up with a unit to tackle the cyber warfare domain and it will be staffed with personnel from all the three services,” senior government sources told Mail Today.
“The forces have already started pooling in their resources in the cyber domain under the new agency, which would be headed by a major general-rank officer. The organisation will have both offensive and defensive capabilities in cyber warfare,” said the sources. Cyber arsenal shall serve as the key function of strategic deterrence. Till now, the army, navy and air force have their own separate cells dealing with cyber issues and they have also developed individual networks for safe communication and data exchange.
The information networks created by the forces are state of the art and are capable of detecting any violation at centralised locations within a few microseconds. “If anybody puts in a pen drive in a computer of the military network, our men sitting in Delhi and other centralised locations can detect it within no time and prevent any leakage or attack immediately,” said the sources.
“This step of creating a new cyber agency, which would be a precursor to a cyber command, is in the right direction. Now the focus should be on creating infrastructure for manufacturing totally indigenous information and communication technology equipment,” said information warfare expert Pavithran Rajan.To test its capabilities, the new agency has also carried out its first cyber warfare exercise under which Indian forces carried out attacks on their own networks to check for loopholes and steps required to strengthen the system, the sources informed.
“The forces deduced that cyber should be the first agency to be raised for dealing with the increasing instances of attacks on military networks and systems,” they said.
The command of the new agency would be on rotational basis for the three services, which means that if it is first headed by an army officer, he would be succeeded by navy and air force officers. The head of the unit would report to the chief of integrated defence staff Lt Gen Satish Dua who heads the organisation at present.
R&D in Cyber Security
India is capable of handling cyber security and promoting indigenisation is a priority, said National Cyber Security coordinator Lt. Gen.(Dr.) Rajesh Pant. “Our systems are well in place and more importantly, people who are handling cyber security in our country have an edge along with the software, which is key in this.” Emphasising on the need to promote ‘Make in India’, he urged entrepreneurs to come forward and develop substitutes so that dependency on other (international) software is reduced. “Our focus area today is on ‘Atmanirbhar Bharat’, anything indigenous is a priority for us. We are promoting indigenisation and all those who have capabilities for substitutes should come forward,” said Lt. Gen. Pant.
Research and development of indigenous cyber security solutions are promoted through sponsored projects at autonomous R&D organisations. The programme facilitates basic research, technology demonstration, proof of concept, R&D test bed projects, prototypes and skill enhancement of manpower, in the thrust areas identified. Thrust Areas are Cryptography and Cryptanalysis, Network and Systems Security, Security Architectures, Vulnerability Detection and Analysis, Monitoring, Surveillance and Forensics. Encouraging cybersecurity in the country, the government of India has offered a fund of 5 crores to companies that work for the research and revolution of cybersecurity.
Indian Military testing its own indigenous operating system
In his maiden address to the senior commanders of the three services, the prime minister had asked them to guard against the threats in the cyber domain and after that, Army’s Jammu and Kashmir-based Northern Command started the evaluation of the indigenous operating system for military requirements.
‘The Northern Command has been evaluating the BOSS at its headquarters as an option for replacing the foreign solutions to provide more security to the critical security-related information of the forces deployed there,’ government sources told Mail Today. BOSS is a software developed to benefit the usage of free software in the country and considered to be an important initiative by military analysts when cyber is fast emerging as warfare domain.
Army sources said protection of vital information in cyber domain is critical for the forces deployed in the command which faces both China and Pakistan as even if the itinerary of a small convoy gets leaked, it can be proven dangerous. At present, the Indian military is using foreign-origin software, which have been frequently coming under the scanner for working for their countries’ intelligence agencies and cannot be considered safe in the prevailing atmosphere of leaks and cyber espionage.
Currently, a number of equipment in the cyber infrastructure used by the public sector agencies supporting military communication is sourced from foreign manufacturers. Fearing espionage through foreign equipment, an advisory was issued couple of years ago by the Air Force to its personnel against using the phones of a particular phone firm. Army officials from the Corps of Signals – which is responsible for maintenance and looking after entire gamut of military communication – said creating our own information and communication technology infrastructure would also help in providing opportunity for ‘Make in India’ products in the sector.