Today it’s difficult to imagine life without computers and associated technologies which have brought in so much ease, efficiency and speed in whatever we do. However, we are remotely conscious of the fact that all this ease is at the mercy of the rogue elements in the cyber space that can bring the entire information and communication technologies network to a grinding halt by attacking our networks with cyber weapons. Alok Gupta explores strategic policy options to defend ourselves against such debilitating cyber attacks
The context and the need for a comprehensive policy to have strategic infrastructure in place to counter cyber threats may be understood from the following example. Stuxnet, is the latest example of cyber warfare which had debilitated Iran’s uranium-enrichment centrifuges. Besides that Duqu, Wiper and Flame, a set of multipurpose tools that collected intelligence, identified vulnerabilities, and sabotaged information systems have shown us a totally different aspect of cyber threats, which brings a lot of challenges to all experts who deal with critical infrastructure protection issues and cyber warfare.
With the growing dependence of Indian government, military, enterprises and citizens on the Internet, information and communication infrastructure there is an immediate need for India to defend its cyber space.
While United States, Israel and several other nations have been developing and deploying cyber weapons to attack rogue nations and defend their own critical infrastructure, India has still a long way to go. Cyber warfare is no more a myth; it is a current reality which needs to be tackled right away, the way we protect our land, air, water and space territories. From a national security perspective, security of critical infrastructure such as defence, finance, energy, utilities, transportation andtelecommunication should be a top priority for the Indian government.
The cyber threat landscape is changing and new types of attack factors are being successfully launched by crime syndicates, financial fraudsters and even by nation-states, directly or through non-state actors. While the agencies of the country engaged in cyber security are aware of the possibility of cyber attacks, unfortunately the same cannot be said about the critical infrastructure sectors, which if attacked could be debilitated by severe disruption of essential services, resulting in discomfort to citizens. As a country, we need to do more to sensitise these sectors and prepare them for withstanding cyber attacks through the implementation of best practices for security.
Cyberspace has emerged as the 5th domain through which attacks can be launched by adversaries against a country. The United States and Russia have already announced their policies that cyber attacks, with outcomes that impact the civilians, can be retaliated through the sea or air or by even nuclear attacks. Nations are preparing cyber weapons, both for deterrence as well as for offensive attacks. The Indian cyber defence strategy, as part of the national defence, is not clear so far, though it is heard that they are aware of net-centric war and are trying to raise a ‘Cyber Command’.
Critical infrastructure sectors such as power generation and distribution, water distribution, traffic control, banking, telecom and e-governance services are beginning to appreciate the importance of cyber attacks to disrupt essential services. While they are deploying security practices, it cannot be said that they may be prepared to defend themselves against targeted attacks. Banking and telecom sectors are perhaps more aware of the need to deploy security best practices and technology solutions to defend against disruption and cyber espionage. Same cannot be said about other sectors of our economy and national defence.
A national cyber command should be established which has a strategic vision to develop defensive and offensive cyber weapons, train the manpower in cyber warfare and build capabilities in countering cyber espionage against our nation. Being a nation proud of its information technology skills, the big question is why should India not leverage its talented human resources in developing cyber weapons both as a deterrent as well as to be used against enemy nations in the event of a cyber war and eventually take a leadership role in producing state of the art cyber weaponry, which then can be exported to other friendly nations as well and in return earn foreign exchange.
Malicious software attacks, which succeed in infiltrating a critical infrastructure, pose serious threats to the national security. Therefore, it is important for the cyber warfare experts to detect, identify and analyse such suspected malware, viruses, worms and spyware to determine their capability, impact and destruction potential.
Like any guided missile, a cyber weapon also has features like precision to hit the target, intrusion and depth of penetration, stealth nature and ease of deployment. No antivirus or antimalware solution can identify and stop 100 percent of malicious code from penetrating or activating inside the information infrastructure. The only true way to do this is to look at the machine language code inside the malware. Most hackers use sophisticated software to make it hard to get to the actual code; they may even throw a layer of encryption into the equation.
It is not difficult to imagine catastrophic scenarios such as the destruction of a banking sector, the elimination of a stock market, the failure of the entire electric grid, the malfunctioning of a city traffic system, and the jamming of a telecom network or even black out of our airline industry- all initiated by malfunctions induced by malicious software.
India must decide what role cyber weapons will play in its national defence. As several other nations begin to build out cyber warfare organizations, they run the risk of creating bureaucratic entities that will seek to protect offensive cyber capabilities and in doing so will necessarily subject their own people to cyber vulnerabilities.
For nations that have little to lose on the cyber front, an offensive approach may be interesting. However, for India and other highly developed nations whose societies are critically and deeply reliant on ICT, the safe approach is to direct cyber research at purely defensive applications.
Using a cyber weapon can be very dangerous as well because it is like a boomerang which can strike back at you as well. Security experts from the technology industry, defence, law enforcement, academia and the national cyber security think tanks need to collaborate and work together as a cohesive group to develop a comprehensive and sustainable capability to deal with cyber warfare situations.
www.grandmasters.in | 8 Years & Counting
www.rcls.in | 8 Years & Counting
www.itlegalsummit.com | 8 Years & Counting
www.bfls.in | 8 Years & Counting
www.maels.in | 8 Years & Counting
www.plcs.co.in | 8 Years & Counting
Copyright © 2020 Lex Witness - India's 1st Magazine on Legal & Corporate Affairs Rights of Admission Reserved
