Varsha Singh and Smiti Nandi
A Threat to National Security
Technological advancements have made the defence sector more vulnerable to cyber attacks. Cyber warfare is the most dangerous threat of today.
In the past decade, the defence industry changed dynamically. With the advanced technological innovations in defence, countries might get busy fighting wars on cyberspaces and not on border areas or at the sea. The biggest security threat for countries now is to secure the cyber space. With the gradual advancement in the field of Information and Technology (IT), up-gradation of existing weapons with intelligence, surveillance, drones and inspection systems along with increasing volume of classified data gathered in the systems, India needs the usage of reliable and enhanced cyber security solutions for the defence industry.
On May 23, 2017, a Sukhoi 30 fighter aircraft crashed near Tezpur, Assam (north-eastern state), resulting in the death of two pilots. An inquiry made by the Indian Air Force (IAF) led to the discovery of the fact that the flying aircraft was cyber attacked when it was airborne. Analysts from New York (US) and St Petersburg (Russia) also warned India that the crash might be a result of “cyber-interference with onboard computers” in the cockpit. The analysts further added that due to interference with the system, the pilots may have found it difficult to activate safety ejection mechanisms even after knowing that the aircraft was in serious trouble. Such mechanisms too could have been crippled by computer malfunctions induced from an outside source. The aircraft crashed close to the border with China.
Analysts also pointed out to the apparent loss of five army vehicles “due to a misfired mortar strike” in the same zone, saying that a single mortar round would not have enough firepower to take out such a large number of vehicles. The damage might have been caused by a larger projectile guided by electronic systems that may have been interfered with during flight. Given the range and complexity of cyber interference, the source of the attack could have been from thousands of kilometres or from only a few hundred metres away. This raises concerns on how vulnerable the country is when it comes to cyber attacks.
What is Cyber Warfare?
Cyber warfare involves actions by a nation/state or international organisation to attack and attempt to damage another nation’s computers or information networks. This can be done through, for example, computer viruses or denial-of-service attacks. Nation/state sponsored hackers attack computers and networks that are involved with sensitive resources within a country. The process involves hacking any other computer or system: you learn as much as you can about the system, you figure out its flaws, and exploit those flaws to either gain control of that system or destroy it. In this way one can gain advantage over the other to get information and use it against them. Military, defence and weapons manufacturers, and civilian factories that make weapons, mines, and other resource manufacturers are generally the ones who are attacked.
Major Cyber Attacks Globally
Klaus Schwab, founder of the World Economic Forum considers cyber-attacks as “one of the most serious threats of our time.” The US and Israel introduced Stuxnet into even non-internet related control systems in the nuclear industry in Iran, in order to slow the nation’s apparent progress towards building an atomic bomb without launching a traditional military attack. As a consequence, the nuclear process gauges showed acceptable speeds, even while remote commands raised the speed of certain processes to unsafe levels, thereby leading to a shutdown in operations. The attack destroyed nearly 1,000 of Iran’s 6,000 centrifuges fast-spinning machines that enrich uranium, an essential step toward building an atomic bomb. The National Security Agency developed the cyber weapon with help of Israel.
Another large-scale cyber warfare disruption happened at the Stockholm airport in 2016 that crippled operations at the airport for three days. There have been other large scale power outages in the country more than a decade ago after which the country had to issue warning. In April 2014, the US faced another major cyber warfare attack on complex machinery when a high-flying Sukhoi-24 crippled the USS Donald Cook by electronic interference. Exactly after a year, another Sukhoi disabled the USS Theodore Roosevelt (an aircraft carrier armed with multiple defencive and safety mechanisms) in the Baltic Sea. Both naval vessels had to be towed to safety, as their onboard propulsion systems got damaged by electronic interference. After reports that Russia meddled in the US elections by hacking machines and creating propaganda on the internet and the recent ransomware and other cyber attacks being attributed to North Korea, cyber warfare is gaining importance. If developed countries like US are attacked with such cyber attacks, what will a developing country like India do?
Is India Prepared?
According to a recent report by the Federation of Indian Chambers of Commerce (FICCI) Ernst & Young titled Confronting the New Age Cyber Criminal, India is becoming increasingly vulnerable to this menace because of rapid digitisation and proliferation of mobile data without matching pace of cyber security and cyber hygiene. At present, India is ranked third in terms of cybercrime incidents behind the US and China as per data shared by a leading security vendor, which compiled data of botinfected systems controlled by cyber criminals in different countries.
As per Indian Computer Emergency Response Team (CERTIN), one cybercrime was reported every 10 minutes in India during 2017. These statistics are quite alarming and therefore, merit focused and collective attention from Law Enforcement Agencies (LEAs). Last year, Pakistani hackers compromised 10 Indian websites which included National Aeronautics, Army Institute of Management and Technology, Defence Institute of Advanced Technology, Army Institute of Management, and the Board of Research in Nuclear Sciences. The hackers called themselves as Pakistan Haxor Crew and claimed the action was to avenge the defacement of the Pakistani railways website by an Indian hacker and to show solidarity with the Kashmiris.
In 2016, reports emerged in Australia that the entire design that reveals the capability of India’s Scorpene submarine fleet were leaked. According to the reports the 22,000 pages of plan was leaked by the French manufacturer DCNS, that is the designer of the system. Seeing the previous attacks it is quite evident that India still needs to do a lot to counter such attacks. According to a home ministry official, the most frequently attacked networks include the prime minister’s office and the Ministry of External Affairs. Even though Defence Research and Development Organisation (DRDO) comes on the list of targets, the nodal defence research agency keeps issuing statements denying any attack on their networks.
Countries are using submarine cable for cyber warfare. According to Asia-Pacific Economic Cooperation forum, 97 pc of all international data is carried out on such cables. Submarine cables are difficult to be attacked as satellites would not be able to track it. India needs to come up with advanced technological innovations like other countries for the protection of submarine cables landing stations. The country should also invest in undersea sensors, under the Digital India initiative for cables and in creation of backup or ‘dark cables’ that would not be publicly identified.
In order to enhance its cyber security, the Indian Army has developed a software, Bharat Operating System Solutions (BOSS) to guard its communication and information networks from espionage by foreign players. India is among the very few countries that does not have a dedicated cyber component in its military. The government is planning to create a new tri-service agency for cyber warfare. The Defence Cyber Agency will work in coordination with the National Cyber Security Advisor. The Defence Cyber Agency is seen as a precursor of a cyber command. The agency will have more than 1,000 experts who will be distributed into a number of formations of the Army, Navy and IAF. Reports say that, the new Defence Cyber Agency will have both offensive and defensive capacity.