T K Singh
The second decade of the 21st century has been witnessing a new form of warfare fought in the cyberspace, which dominates the central debate of national security in every country. Concerning this growing threats in cyberspace, nations are revamping their cyber arsenals (capabilities) leading to a multi-polar arms race in the cyber world. As the race accelerates, a phase of Cyber Cold War among the nations has begun. Unfortunately, arms control does not work here, as cyber weapons are obscured to identify. Claiming its cyberspace is insecure with threats from Western and neighbouring countries, China has strengthened its capabilities at cyber domain by commencing a new state cybersecurity committee supported by an increased Defence budget. However, such fresh reformation of strategic arsenals at the doorstep throws inconvenient challenges to India’s national security.
Currently, China is said to be leading the global cyber arms race (Aviation Week and Space Technology, 11 February 2014), and this competition has been directly or indirectly intensified with the recent establishment of the China’s Central Cybersecurity and Informatization Leading Group (CCILG), a new strategic government body responsible to manage China’s cybersecurity on 27 February 2014. The group is headed by none less than the Chinese President Xi Jinping himself. On the Foundation Day of the CCILG, Xi Jinping emphasised internet security as a “major strategic issue”, and announced China’s intentions to become a “cyber power” nation. He further stated that “without cybersecurity, there is no national security, and without informatization, there is no modernization”. Also, with the announcement of increased Defence budget from $112.2 (2013) to $143 billion (2014) on 05 March 2014, Chinese cyber battalion in military establishment is likely to expand its activities.
It is believed that the Chinese intrusion in cyberspace began in a systematic way in early 1990s in the form of information warfare. However, direct involvement of Chinese Government in offensive cyber strike was universally revealed/accepted for the first time when a popular report, “APT1: One of China’s Cyber Espionage Units” was published by an American private cybersecurity firm, Mandiant in February 2013. The document disclosed that a confidential group named, Unit 61398 (or known as 2nd Bureau/SIGINT), directly functioning under the 3rd Department of General Staff Department of People Liberation Army (PLA) carried out aggressive espionage activities through cyber networks. Soon after this revelation, Pentagon also for the first time, in its Annual Report to Congress, “Military and Security Developments Involving the People’s Republic of China 2013” clearly accused China for direct cyber intrusions in the US and computer networks of other nations.
Earlier on 22 November 2011, China released a press note titled, “Accelerate the integration of defending ‘Multidimensional Homeland’ mobilizing force” in China National Defence News. Apparently, this was the first government report that officially declared China’s involvement in cyber offensive activities. Mentioning the establishment of US Cyber Command (USCYBERCOM) in May 2010, the news report disclosed that China would build a “strategic level cyber warfare mobilization command agency” and “cyber warfare combat troops” that could launch offensive cyber strikes.
While Chinese have strengthened their cyber arsenals, India has been facing number of cyber intrusion. Unfortunately, these silent assaults in many cases remain undetected or unreported and information/networks are already compromised by the time they are discovered/informed. Besides their other attacks, the classic invasion would be the Chinese attempt to breach several Indian information systems during the Commonwealth Games in 2010. Limitlessly, China’s cyber army have also reached to Indian missions in US, United Kingdom, Moscow, Germany, Kabul, Dubai, Abuja, Serbia, Belgium, Cyprus and Zimbabwe. Subsequently, the Prime Minister’s Office and Ministry of Home Affairs were under significant strategic attacks, when substantial virus loaded hoax e-mails were forwarded to the inboxes of top officials and key personnel in July 2011. Later, experts from the National Technical Research Organisation (NTRO) confirmed that those computers have been compromised for months.
Experiencing the hostile cyber incursions in 2010 and 2011, India’s top level authorities, including Prime Minister, Defence Minister and Home Minister began taking some kneejerk initiatives since 2012. This is the year that the country started showing significant strategic concerns on cybersecurity paradigm. In June 2012, Prime Minister, Dr. Manmohan Singh highlighted his desire to designate the Defence Intelligence Agency (DIA) and NTRO as nodal agencies for carrying out offensive cyber operations “if necessary”. In August 2012, the Defence Minister A K Anthony, specifically discussed Chinese cyber incursion in the Lok Sabha (Lower House) and asserted to strengthen the Indian cyber networks. In May 2012, in the Chief Ministers’ meeting on National Counter Terrorism Centre (NCTC) in New Delhi, the then Home Minister P. Chindambaram stated that cyber warfare (waged by terrorists or supported state actors) is a growing threat to India.
While releasing a report on cybersecurity by the National Security Council Secretariat’s (NSCS) in October 2012, the National Security Advisor Shivshankar Menon, announced to establish the “Institute of Cyber Security Professionals of India”. Subsequently, NSCS has also created office of the National Cyber Security Coordinator with a primary mandate to coordinate various agencies involved in cybersecurity. At the same time, the National Cyber Security Policy, introduced to secure the India computer environment by the Department of Electronics and Information Technology (DeitY) was approved by the Cabinet Committee on Security (CCS) on 9 May 2013. In another strategic military development, on 25 May 2013, at a passing out parade at the Indian Naval Academy in Kerala, the Defence Minister stated that though it is little delayed, a new CYBERCOM under Indian Armed Forces will be established soon.
While the new initiatives are undoubtedly promising, they may not be satisfactory enough to challenge the existing cyber menace from China or otherwise. When every nation believes that future conflict will be cyber-centric, none of the existing Indian legislations addressed anything on cyber offensive mechanism. It may be worth to highlight here that, the existing CERT-In simply functions as a nodal agency to look after only non-critical sectors of Indian cyber system, issuing threat alerts and providing post event solution. Likewise, the National Critical Information Infrastructure Protection Centre (NCIIPC) under NTRO merely operates as a nodal agency to protect solely the critical information infrastructure such as telecom, energy, finance, transportation, space, law-enforcement, security and defence sectors. In addition, Defence Information Assurance and Research Agency (DIARA), a nodal network agency of the three Armed Forces just deals with the aspects of only information assurance and coordination of activities of defence services network. Therefore, all the existing cybersecurity bodies in India only take the role of protection and detection of versatilities in cyber domain, with no offensive mandates.
While China is purportedly heading the global cyber arms race with offensive mechanism, India may not sit silent holding its soft/defensive method. To challenge China that is heavily armed with huge skilled-cyber-soldiers (approximately 10,000) and surplus budget, will not be an easy task for India with the existing capacities. Nevertheless, the newly-proposed Indian CYBERCOM provides a defending hope for the nation’s cyber future. India, coupled with a strong political will, strategic thoughts and the abundantly available trained-tech-professionals, can really fast-track the establishment of the forceful CYBERCOM. Alternatively, to run the arms race neck and neck with China, attempts can be made by India to have joint agreements, cooperation and exercises on cyber domain with relevant players.
(The author is an Assistant Professor at the Department of National Security Studies in the Central University of Jammu, India.)
Trending Now
E-Paper
Follow our WhatsApp channel