21 August 2018

Beyond Cyber Protection and TECHINT

By Lt Gen Prakash Katoch
Source Link

Defence Minister Nirmala Sitharaman acknowledged that the defence sector is more prone to cyber threats and there is need to safeguard the country’s cyberspace from possible attacks, while addressing a workshop for formulating Cyber Security Framework on Jun 19, 2018, organized by the Department of Defence Production in MoD. Sitharaman called establishing cells at various levels to handle cyber security related issues; workforce in accordance with the country’s vision to become a dominant force in cyber space. In 2013, a Committee of British Parliamentarians had pointed out that British armed forces were at risk of being “fatally compromised” by a sustained cyber-attack because the military is dependent on technology that has no proven back-up. The Committee concluded. “The government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities that cyber presents. It is time the government approached this subject with vigour.” Earlier in 2011, Liam Fox had disclosed British MoD was prime target for cyber attacks after disclosing that it has dealt with more than 1,000 potentially serious incidents over the past year.


In March this year, France held dozens of exercises across the country involving people from a dozen elite technology colleges aimed at creating an army of talented cyber spies to counter digital de-stabilization efforts, including cyber attacks on critical infrastructure. Unveiling the army’s new cyber operational command, Defence Minister Jean-Yves Le Drian had said in December 2017, “The threats will grow. The frequency and sophistication of attacks is increasing without respite. The next challenge in cyber defense will not just be detecting the attacks, but to continue our military operations amid a cyber attack, while using cyberspace to launch our own counter operations.” France is investing Euro 1 billion by 2019 to in its cyber army, aimed to have 3,200 digital soldiers by then, with another 4,400 reservists will be waiting in the wings. In January 2017, the DG, National Cybersecurity Agency of France (ANSSI) said the world is heading towards “permanent war in cyberspace’ intensifying attacks were coming from unspecified states, as well as criminal and extremist groups.

Unveiling the French Cyberdefense Strategic Review on February 12, 2018, French General Secretary for Defense and National Security compared it with the 1972 French White Paper on Defense and National Security which established the nuclear doctrine of France; indicating this an important step in the French cyber policy. The French approach to cyber defence in 2017 and 2018 has been pivotal after creation of the Cyber Defense Command (COMCYBER) within the Ministry of the Armed Forces on January 1, 2017. The French Cyberdefense Strategic Review is in three parts: first, dealing with dangers – assessing threats, their evolution and actors involved. Most significantly, it reaffirms French rejection of the concept of “cyber deterrence” by explaining deterrence is only for nuclear matters; second, details French approach to cyberdefense, reaffirming principle of the separation between defensive and offensive capabilities. National authority for cyber security doesn’t conduct offensive missions, but other institutions are in charge of offensive cyber operations and intelligence gathering; third, defines concept of digital sovereignty as distinguished in legal terms from sovereignty.

The US Cyber Command that hitherto was in largely defensive posture with few instances of going offensive particularly to disrupt the online activities of ISIS, has been quietly empowered to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups. New York Times quoting strategy documents and military and intelligence officials reported that in Spring of 2018, Pentagon elevated the status of US Cyber Command, opening the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed; this reflects the greater authority given to military commanders by President Trump, as well as a widespread view that the US has an inadequate defence against the rising number of attacks aimed at America.

In case of India most government establishments, PMO, ministries including MoD, military websites, atomic installations, our foreign missions, DRDO, NIC, portions of critical infrastructure like electrical grids and airports have all suffered cyber attack. But more significantly in recent times, enemy cyber attacks have also targeted our fighter aircraft, drones and satellites, whether we want to acknowledge it or play the ostrich, which are in addition to world-wide cyber and virus attacks that have affected India also. There also is the issue of Russian meddling in US presidential elections – whether you go by Donald Trump’s denial of Russian involvement or opposite voices in America. Now an Oxford professor has gone on record to say Russia may interfere in polls in India, while social media was abuzz sometime back that SoGa’s visit to Russia coinciding with that of Pakistani army chief was with the same aim.

There is no doubt that absolute cyber security is a myth and we remain vulnerable as we have pushed through digitization in the country in the race for next general elections without requisite cyber security, no matter government denials. Digital India is increasingly networking the country including critical infrastructure like transportation networks, power grids and financial institutions through online integration, with more and more official data stored online. But the fact remains that Digital India with requisite cyber security would have pushed the cost up manifold forcing phasing the scheme, which would not have meet complete fielding pan-India by 2019. The debate in our media, however, gets limited to Aadhar and reports like 90% of ATM’s functioning with outdated software, public losing money, banking frauds even with crossed blank cheques and the like. 

What Defence Minister Sitharaman has said is valid and this has been reflected by many scholars over the past years. We also face China, which is a cyber superpower adept in refined skills to undertake, cyber espionage and sabotage. China’s cyber warfare strategy focuses on controlling information systems of the adversary during critical periods. In addition, Pakistan, ISI-sponsored terrorist outfits and global terrorist organizations like ISIS and Al Qaeda are refocusing to South Asia which increases the danger of cyber attacks. How the enemy is using social networks to destabilize regions is visible in J&K, rioting in Assam in recent past, plus the radicalization and misinformation campaign pan India.

In India, cyberspace is being looked after primarily by the NTRO operating under R&AW. The Indian Computer Emergency Response Team (CERT), set up in 2004 under Department of Information Technology, is the nodal agency for responding to computer security incidents. In addition, the National Critical Information Infrastructure Centre (NCIIC) carved out from CERT in 2013 is to protect assets in critical sectors like energy, banking, defence, telecom, transportation, etc. The NSA, with the National Cybersecurity Coordinator (NCC) under him is overseeing public-private partnership to set up cyber security architecture. Logically, this could follow the pattern of the US Counter Extremism Project (CEP), a non-governmental initiative launched in 2014 with Israeli assistance to confront growing threat from extremist ideology; seeking to refute social media messaging, and compile world’s biggest database of extremist networks.

Considering that India is yet to define a national security strategy and undertake a strategic defence review, it is obvious that Strategic Cyberdefence Review has not even been thought of. Yes, plenty appears happening in terms of monitoring terrorist networks – possibly in conjunction our strategic partners. Our hackers are also active, as apparent from cyber attacks in public domain on Pakistani government-military websites. There is also stress on cyber awareness and some move towards protecting critical infrastructure and networks. However, to deter adversaries attacking us in cyberspace, we must be able to: stop them accessing our critical information, systems and services; steal information from their networks and computers including vulnerabilities, plans and programs of cyber attacks / cyberwar; penetrate their networks undetected and stealthy insertion of dormant codes, for activation at opportune time to thwart cyber attacks; ability to manipulate and doctor radio transmissions; ability to destroy their computer networks, if and when necessary, and; ability to manipulate their perceptions.

Most of the above also require operating surreptitiously in networks of the adversary. So where are we in this context, and what capability do we have against China, if at all, considering the problem of language, their indigenous operating systems and the ‘great firewall’. Besides, do the abovementioned entities responsible for cyber security have the required skilled manpower and are coordinating among them? It certainly does not appear to be the case. Even in the case of TECHINT, RS Bedi former Secretary NTRO wrote in 2015, “One must sadly conclude that our current TECHINT capability, and the slow pace of reform, decidedly cannot cater to the quality as well as quantum of intelligence, required for successfully achieving our long term strategic objectives”. He went on to say that there must be major change in the mindset of the intelligence set-up. Significantly, he adds, “It is in the interest Defence Forces, keeping in view their long term ‘strategic ambitions, to nurture the NTRO, hold its hand, and help it to develop into a truly national intelligence (TECHINT) agency to enable it to supply the kind of intelligence product required for achieving the synergy, so essential for successful conduct of war”. 

But look at the other side of the picture – how do Defence Forces hold the hand of NTRO where not only is the Military kept away from the cyber warfare program of the country (reverse of what is happening in US and China), little progress has been made with respect t setting up a Cyber Command in the military, recommended by the Naresh Chandra Committee recommendation of 2012. The Cyber and Information Security (C&IS) Division under MHA deals mainly with matters relating to security clearances, cyber security (coordination with CERT-in for critical infrastructure protection), Cyber Crime, National Information Security Policy & Guidelines (NISPG) and its implementation. So, the pro-active or putting it more bluntly the offensive part of cyber-security is with NTRO. How does NTRO plan to deal with this part in absence of Strategic Cyberdefence Review, defined objectives, capacity building roadmap, and in an environment where in addition to networks being targeted, our fighter aircraft, drones and satellites are being targeted. Clearly the government has much work ahead in terms of cyber warfare and the present pace, which is excruciatingly slow, will not suffice.

No comments: