Cyber Security Command on cards in India

The National Security Advisory Board (NSAB) has recommended formation of
a central cyber security command on the lines of the US Cyber Command
(USCYBERCOM) set up last May to fight back the new generation attacks on
the government’s computer systems and networks.

A policy paper of the board stresses need for such a command not only to
prevent any leaks of the sensitive information but also to ensure the
valued government data is not hacked or destroyed by anybody from
outside or from within the system. The document gives an insight to a
lot of work done by China for inflicting damage to the computer networks
in other countries.

The latest such attack was made on the website of Central Bureau of
Investigation (CBI), purportedly from Pakistan, destroying all the data
on its website (cbi.nic.in) which is still not up even after 11 days of
struggle by the National Informatic Centre engineers who maintain the
government websites. Luckily, the intruders could not get into the CBI’s
computer that stores the sensitive data, inaccessible easily from the
Internet.

India does not have the risk of wiki type leaks as access to the
classified and sensitive material is limited to a very limited number of
top officials unlike even a corporal having access to the diplomatic
cables of the US missions, the government sources say.

Moreover, they say the government organisations doing the sensitive
works have been already ordered to prepare cyber crisis management
plans.
Defence and nuclear installations had upgraded their measures and laid
down standard operating procedures even before wiki-leaks started
trickling early last July, when Iranian nuclear facilities in Natanz
were reportedly hit by a computer worm Stunxnet. 

This work is touted as the first discovered worm that spies on and
reprogrammes industrial systems. Russians described it as a working and
fearsome prototype of a cyber-weapon that will lead to the creation of a
new arms race in the world.

Only the other day Defence Minister A K Antony admitted in Parliament
that India is already exposed to the possible cyber attacks and
explained how the top army brass was working in unison to make cyber
systems secure and non-porous to protect systems.

“The paradigms of security in the age of information technology are
seldom constant. The evolving security matrix is complex and calls for
co-operation and coordination of the highest level,” Antony said.
Earlier last month, he also told the army commanders that cyber attacks
were “fast becoming the next generation of threats” and as such, no
single service could work in isolation. “We need to make our cyber
systems as secure and as non-porous as possible,” he said.

The assertion comes amid frequent attacks and the subsequent alerts
sounded by the army authorities over China and Pakistan-based cyber
spies peeking into India’s sensitive business, diplomatic and strategic
records. 

The policy paper distributed by NSAB among the country’s strategic
community stresses on simultaneous creation of a security centre that
should monitor cyber operations and undertake active monitoring of cyber
space. 

It also stresses need for funding to develop innovative technologies to
protect the Indian networks and promote growth of critical skills in the
arena.

The research paper, titled “Informationising Warfare” warns that “as
China grows militarily and economically, its resultant strategies are
all likely to expand, especially in the cyber warfare arena.” Perhaps
the most crucial among the beyond rules criteria is manifested in the
form of “asymmetric warfare” — for instance, cyber attacks directed
against data networks.

“The primary idea is to strike in unexpected ways against vulnerable
targets,” the paper says, stressing that India has to prepare for these
strategies that do not fall in the terrain of the present defence
structure of Indian Army, Indian Air Force and Indian Navy, the
researcher underlined.

The research paper quotes two Chinese strategists explaining a
“combination scenario” being tried by China in which it secretly musters
large amounts of capital and launches a sneak attack on an adversary’s
financial markets. 

Subsequently, it inflicts a computer virus and hacker attachment in the
opponent’s computer systems and attacks his networks to disrupt and
paralyse the networks of civilian electricity, traffic dispatch,
financial transactions, telephone communications, and mass media,
thereby causing social panic, street riots, and political crises for the
adversary, the paper said.

The cyber warfare consists of two types: Cyber attacks and cyber
protection. Cyber attacks include virus attacks and hacker attacks.
Computer virus attacks refer to operational actions that use computer
viruses to destroy or tamper information stored in computer systems in a
manner that they do not work properly.

“In the military field, the core equipment of military information
systems and cyberised weapons are all likely targets of computer virus
attacks. Computer hacker attacks refer to those actions taken by hackers
to intrude upon and destroy an opponent’s cyber systems,” the paper
stressed.

It points out that Beijing is also pursuing a diverse and comprehensive
portfolio of space warfare investments since the late 1980s. The status
of these programmes runs from advanced concept development and testing,
through product engineering evaluation, line-level manufacturing and
acquisition from foreign sources, to integration as war-fighting
capabilities into the Chinese armed forces.

“The evidence suggests that these programmes are protean: They lend
themselves to steady evolution across the spectrum, from space denial to
space dominance, if Beijing’s political goals change over time, though
at present and for the foreseeable future, they are optimised for the
space-denial mission,” the paper said.

Its stress is that the defence planning and implementation in future has
to incorporate the virtual word to limit physical damage to the real
one as China is increasingly integrating computer technology into modern
military organisations to play the twin roles of being both a target
and a weapon.

Cyber forces are most likely to be integrated by China into an overall
battle strategy as part of a combined arms campaign. The aim is to
increase the ‘fog of war’ for the enemy and to reduce it for one’s own
forces—to  be achieved through direct military strikes designed to
degrade the enemy’s information-processing and communications systems or
by attacking the systems internally to achieve, not denial of service,
but a denial of capability.

READ MORE