Please note! This essay has been submitted by a student.
In the increasingly globalised world, the emerging security challenges are no longer products merely of conventional inter-state rivalries but of economic, demographic and societal tensions that are transnational in nature. Modern conflict is more likely to be a consequence of regional struggles involving a range of actors rather than inter-state tensions. Instability is likely to arise as a consequence of the rise of autonomous armed groups and non-state entities and the weakening of governments and state institutions. In some cases, non-state actors act as proxies for inimical nation states. Given the rising importance of cities as political, economic and cultural centres of gravity, the battlefields of armed conflict are increasingly shifting towards urban settings. An emerging phenomenon that is gradually gaining momentum is the use of the techniques of information warfare, organised crime and acts of terrorism, fostered by cross-border linkages between disparate terrorist organisations, involving military training, funding and transfer of technology.
In the late 1990s, China’s political, economic and military tacticians understood that to successfully promote the country’s interests globally, direct military confrontation would not be an option. Moreover, any direct confrontation may trigger a nuclear response, which would yield no positive outcomes for any of the parties. Therefore, in order to achieve its strategic aim of achieving regional dominance and subsequently targeting other great powers, China resorted to unconventional means. These unconventional strategies employed fall mostly outside the purview of treaties, international laws and norms, thus placing few restrictions on their use. They also render plausible deniability to China in any International forum. China’s actions fall short of engagement in hybrid conflict, while meeting the criteria of grey-zone conflict. Since these are below the threshold of conventional operations, they can be employed collusively with Pakistan. It is also likely that China will employ Pakistan as a proxy to launch these actions through her soil and thus render credibility to his denials in the International forums.
China’s strategic interests are regional dominance and subsequently target other great powers. Activities targeting weaker opponents are largely meant to undermine the strength and unity of alliance structures surrounding other powerful states. Thus, even though the development of a conventional force remains a priority for China, the country would largely forgo its use in favour of unconventional tactics that would remain between the thresholds of open war and peace.
In 1999, two Chinese military (PLA) officers reflected on this in Unrestricted Warfare, in which they advanced the concept of combining unconventional and covert tactics. They identified four alternatives to traditional military engagement. Over the past decade, China’s actions have been guided by these principles.
Cyberspace remains mostly ungoverned by international laws and treaties, leaving significant flexibility for China to exploit as a platform of warfare. With more than half of its 1.4 billion people online, the world’s most populous country is home to a slew of cyber spies and hackers. Indeed, China has likely stolen more secrets from governments, security agencies and businesses than any other country. Covert espionage is the main Chinese cyber threat; while disruptive cyber-attacks occasionally come from China, those that cause overt damage, like destroying data or causing power outages. Chinese cyber aggression has been ever evolving.
Cyber Space is a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. Internet has provided a worldwide architecture to connect all these networks which represents a virtual cyberspace with no boundaries. While a majority of users understand this cyberspace as indexed sites(Surface Web) which can be accessed through common search engines like Google, Mozilla etc., a large portion of this remains hidden. This segment of the web also called deep web or invisible web is not indexed and cannot be accessed by most of the search engines. The deep web or invisible web is estimated to be 96 percent of the entire world wide web. It is the most commonly used Cyber Space to carry out Cyber-Attacks. A pictorial representation of the deep web is shown below.
The Dark Web (also called Dark Net) is a subset of the Deep Web that is not only not indexed, but that also requires something special to be able to access it, e.g., specific proxying software or authentication to gain access. The Dark Web often sits on top of additional sub-networks and is often associated with clandestine activities of various degrees, including subversion, cyber attacks, criminal activities etc. While the Dark Web is definitely used for nefarious purposes more than the standard Internet or the Deep Web, there are many legitimate uses for the Dark Web as well.
Cyber Threat Actors
In order to understand the complete spectrum of cyber-attacks, it is important to classify the Cyber Threat Actors. Cyber Threat Actors, can be grouped by their set of goals, motivation, and capabilities. Cyber Threat Actors are classified into following four categories.
· State Sponsored Actors
· Cyber Terrorists
· Cyber Criminals
State Sponsored Actors. State sponsored actors receive direction, funding, or technical assistance from a nation-state to advance that nation’s particular interests. State sponsored actors have stolen and exfiltrated intellectual property, sensitive personally identifying information (PII), and money to fund or further espionage and exploitation causes. In rare cases, these data appear for sale on underground black markets. Instead, these data are usually kept by the actors for their own purposes. Although the data taken from data breaches might not always appear on underground markets, what can appear are the tools and guides for how to take advantage of the vulnerabilities that allowed access to the vulnerable systems in the first place.
Cyber Terrorists. Cyber Terrorism unites two significant modern concerns: attacks via technology in cyberspace and traditional terrorism. It consists of a politically motivated extremist group or non-state actor using cyber techniques to intimidate, coerce, influence an audience, force a political change or cause fear or physical harm.
Hacktivists. Hacktivists are typically motivated by a cause—political, economic, or social: from embarrassing celebrities, to highlighting human rights, to waking up a corporation to its vulnerabilities, to going after groups whose ideologies they do not agree with. Hacktivists may steal and disseminate sensitive, proprietary or sometimes classified data in the name of free speech.
Cyber Criminals. Cybercriminals are motivated by financial gain and they care about making money. They want access to our personal, financial or health data in order to monetize them on underground black markets. For the retail sector in particular, the stolen data from these hacks appears within days on black market sites. These markets are dispersed, diverse and segmented, rapidly growing, constantly changing, and innovating to keep pace with consumer trends and prevent law enforcement and security vendors from understanding them.
Data repositories that can be monetized, crypto currency wallets
State Sponsored Actors are used by the nation state to carry out various operations in the Cyberspace. While there are distinctions and differences in motivation between each of the Cyber Threat Actors, there is some degree of fluidity between the groups. In many cases, the same tools and techniques are used by different groups, sometimes because those are the only tools available, and other times because that helps with plausible deniability and shifting the blame to a different group. In some countries, state sponsored actors may work with “citizen hackers” or their country’s cybercriminal elements to carry out an attack.
Cyber Attacks Against India
India is among the least cyber secure countries in the world. It held the 15th position in a recent cyber security ranking of 60 nations by consumer tech review firm Comparitech. The number one rank was the least secure and 60 the most. The situation gets even worse if we take mobile phones also into consideration. The large scale invasion of Chinese mobile phones into the Indian markets has rendered a large segment of population vulnerable to cyber-attacks. While India remains one of the least cyber secure country, cyber threat has been evolving day by day. Cyber Threat Actors are employing advanced weapons to launch cyber-attacks. A graph depicting the evolution of cyber threat is given below.
In 2018, India ranked 3rd in terms of number of Cyber Attacks behind Mexico and France. These were mostly against business groups by Cyber Criminals for stealing business secrets or for financial gains. It is also important to note that Cyber Attacks against government, security establishments or other key institutions are generally not reported to ensure face saving and are mostly not acknowledged to avoid panic among citizens. However, some of the key cyber-attacks against India that caught the limelight and Cyber Threat Actors were able to achieve their aim are given in succeeding paragraphs.
Cyber Attack on Government Official Sites. In Nov 2012, DRDO, PM’s advisor websites were attacked. The government sources informed that some suspicious and unwanted activities were observed on these websites, maintained by the National Informatics Centre (NIC). Following the cyber-attacks, they were shut down for a while.
Hacking of PCDA Official Site. In Aug 2015, official website of Office of the Principal Controller of Defence Accounts (Officers) was hacked and personal details of Indian Army officers besides login names and passwords were compromised. It was immediately not known as to who could have been behind the hacking. But certain neighbouring countries are known to have carried out such attacks in the past on various defence websites. Following the hacking, an advisory was issued which said that login ID and password were likely to have been compromised along with badge numbers of each officers, PAN number, date of birth and day of commissioning.
Exodus of North Eastern Community from Bangalore. In another instance of spreading terrorism through social media, communal differences between two communities were exploited by Cyber Terrorists to propagate their agenda. In Aug 2012, there were two incidents going on in the North East geographical area. One was the violent clash between Rohingya Muslims and Burmese Buddhist Monks in Myanmar. These were not Indians, though the Myanmar side share similar looks and features with most people from the North East. The other was the clash between Bodos of Assam and Muslims, with allegations that the Muslims were illegal Bangladeshi immigrants. Again, this was just a problem in the Bodo dominated regions, and other North Eastern tribes like Mizos, Nagas, Meiteis, Khasis etc were not involved.
Horrible photos and videos of people being beaten up, tortured, murdered etc. started spreading among the Muslim community with the caption that the victims were all Muslims and the perpetrators were Bodos and Burmese Buddhist Monks. Of course most of those photos were found to be fake and had nothing to do with both the conflict zones.
But it enraged a lot of Muslims in other parts of India, and they took out their anger on anybody who’s from the North East. Hence a mass exodus of North Eastern community took place from Bangalore.
Countering Cyber Attacks
India must acknowledge that Grey Zone Warfare is the order of the Modern Era and Cyber Space not governed by any rules or regulations is the most vulnerable and lucrative battlefield. It will require greater understanding and a comprehensive national power to respond to it. Military as the sole responder to counter cyber threats will be a bad strategy, because lines of conflict/ engagements are blurring. Simultaneous engagement on multiple fronts should be the norm and not an exception. A suggested strategy to counter the threat in Cyberspace is enumerated in succeeding paragraphs.
Central Agency at National Level. A central defence agency should be constituted at the national level which brings all the smaller agencies working in isolation under its ambit for knowledge sharing and formulating strategy to counter cyber threat. Organisations like Cyber and Information Security Division, National Informatics Centre, Defence Cyber Agency (under raising) etc. should form part of this central agency. A suggested approach is to bring all these organisations under the ambit of National Critical Information Infrastructure Protection Centre(NCIIPC) established in 2014. To counter threats emanating from various Cyber Threat Actors, we will have to take assistance of these actors as well.
Information Security Policy. Information Security Policies & practices shall be mandated at government. functionaries & its service providers. Security audits adhering to international standards shall be applied for all government websites, applications before hosting and publishing contents on the web. Government shall ensure Internet Service Providers operating in the state shall deploy cyber security plans in line with State Cyber Security Policy. Framework of assurance shall be established to provide guidance on security certifications, qualification criteria and prescribe security audits of government systems, projects & applications.
State Cyber Emergency Response Team(CERT). A CERT at state level should be established to monitor cyber activities at state level. CERT should report to Central Nodal Agency and should work in close coordination with it. Establishment of a state level agency will ease the functioning of the Central agency at National level and will ensure close monitoring of the cyber environment in the state.
Knowledge Sharing. Cyber threat is ever evolving and the actors are getting more advanced day by day. Primary objective of these actors remains financial gains. Therefore, it is the private business houses in India that are most targeted places by Cyber Threat Actors for stealing trade secrets and intellectual property. These private business houses are spending money and resources to develop technologies or hire experts to counter these threats. Government shall partner with these agencies as well as academic institutions to strengthen cyber security posture of the state.
Aggressive Defence. Offence is the essence of a credible defence in the modern world order. While the measures mentioned above will ensure a sound cyber defence mechanism for our cyber networks, a credible defensive framework will not be established in the absence of a capability to carry out a cyber-attack. State cyber security framework to support strategy and implementation mechanisms to prevent digital impersonation and identity theft and the security incidents should be established. Thereafter, a surgical strike should be carried against the offenders. Capability to launch a cyber-attack will act as a deterrence.
No matter which term it goes by, conflict in the twenty first century is predominantly sub-conventional conflict. It is mostly a contest between state and non-state actors, and often a triangular one between disparate groups of non-state. Nations are constantly looking for newer battlefields to employ non-state actors to inflict blows to a nation. Cyberspace provides an ideal battlefield for application of these actors with inherent vulnerabilities and no boundaries. Therefore, in order to organise a defence, a state must ensure its defence in the cyberspace as well while maintaining a offensive capability as well. The key lies in an integrated approach at the National level rather than employing resources in penny packets.