Cyber defence: How prepared is India for cyber warfare – The Economic Times

APTFilter CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesHardware


In the face of fears that the Chinese or terrorists may target India’s powergrids, transport networks or financial systems, the government has, a few weeks ago, created joint working groups from across industrial segments under the national security adviser to enlist the private sector’s support in combating cyber crime.

The objective of the move is to set up a cyber security architecture; and to boost both its cyber defence and offence capabilities anticipating that, like the US, India too will face heightened attacks (see Cyber Crimes on the Rise…). Cyber crimes on Indian official networks have risen from 23 in 2004 to over 13,000 in 2011, according to CERT data.

Meanwhile, the discovery of Stuxnet, a cyber worm, in Indian systems has sent intelligence agencies into a tizzy. Researchers at Toronto’s Munk Centre for International Studies say a Chinese network, GhostNet, had infiltrated networks of the Indian government as well as those of the exiled Tibetan leader Dalai Lama. “The security posture of the infrastructure has been strengthened [ever since]. It is a continuing effort,” says Rai.

Cyber Crimes on the Rise

According to the home ministry official, plans are afoot to tap high schools and institutions of excellence such as IITs to hire “brainy and patriotic young ones” who can contribute to developing the country’s security on the cyber front. A Chennai-based defence expert said that most countries do it, but don’t talk about it, referring to cyber offence on rival countries. He spoke on condition of anonymity. “Whatever that is, if cyber security is a coin, it has two sides: defence and offence,” insists the home ministry official.

The Good, the Bad & the Ugly

According to Siboni, the strongest countries in terms of cyber military capabilities are the US, China, Russia, the UK and Israel. “Countries that do not invest in IT protection will become [or already are] easy targets of criminal elements,” he warns.

Indian IT capabilities aren’t bad, vows Rai. Both the defence and home ministry officials agree. “Where we lack is in government policy formulation as well as implementation,” says an intelligence official who also spoke on condition of anonymity. True, India pales in comparison with China in seminar-room comparisons. However, India is home to a strong community of white hats — or hackers who do the job for a fee. After all, the country has several institutes that teach so-called ethical hacking.

A recent cyber strike into the accounts of high networth individuals by so-called hacktivists — like the group Anonymous, which calls itself a Hydra (if you cut its head, 10 more will appear in its place) — was traced to the server of a private institution that teaches ethical hacking in India. Hackers trained there have also reportedly attacked computer systems in an airport in a southern Indian city. Several other analyses say many cyber attacks have emerged out of servers based in India, indicating untapped potential within the country.

The Eye of Terror

The US has often warned countries resorting to cyber warfare against it of retaliating with traditional warfare. “That is laughable,” says an Israeli professor who was once part of the Talpiot Program. “Where do you send your missiles to?” he asks adding that such “hackctivists infest a similar turf that is frequented and created by terrorists to communicate among themselves, called DarkNet”.

You can’t afford to wage a war against them from outside cyberspace, he insists. Yoram Schweitzer, a Tel Aviv-based colleague of Siboni and an expert on terrorism and low-intensity warfare, notes that “cyber offence has the potential to change society’s balance of power because it empowers those engaged in asymmetrical conflicts that operate from a position of inferiority, especially terrorist organisations…Already today global jihad terrorist organisations are making use of cyberspace, though still in a limited fashion.”
Currently, Schweitzer points out, terrorists mostly use the Internet for propaganda, recruitment, fundraising, internal communication and for gathering information. Soon, they may go on the offensive and strike in an unpredictable fashion, like those far-fetched scenarios in 1990s’ Holllywood movies such as Die Hard coming true decades later. The movie showed terrorists feeding false data into computers that leads to the crash of a plane.

“Be on your guard and work hard in developing capabilities in this newest arm of defence,” says the defence ministry official. Sunil Khilnani, professor of politics at King’s College who has written extensively about cyber warfare, has no doubts that the most competent people in the field of cyber defence are young.

“That is the right group from which to recruit,” he asserts. He adds a caveat to it: “Such smart young students are often quite independent-minded themselves, so it may not always be the case that they will simply do what they are supposed to do!”

“Indeed, teen spirit helps. But discipline is key,” says a DRDO scientist, referring to the need for instilling a sense of purpose in young recruits to work for enhancing the country’s cyber defence and offence acumen.