It is not just territorial integrity but national sovereign cyber space that needs to be protected, National Security Adviser Ajit Doval said on Monday. Doval referred to cyber space as he raised concern over the first-of-its-kind “hybrid” war between Russia and Ukraine where cyber weapons were used by both armies as a key operational component.
Doval said state actors have been targeting critical infrastructure in the country and India needs to prepare for challenging times ahead as he pointed towards the recent cyber warfare in the ongoing Russia-Ukraine crisis. “Each side is defacing websites, targeting IT systems and using offensive tools to launch influence operations. The hackers operating globally are taking sides,” he said.
Doval said big technology companies like Microsoft and Google have also played a significant role in the conflict, which has clearly demonstrated the importance of keeping cyber space safe for citizens, businesses and governments.
“Threats in cyber space directly impact social, economic and national security,” Doval told top government officials and heads of India's critical sector organisations who are conducting the first-of-its-kind national cyber security incident response exercise (NCX India). The National Security Council Secretariat along with Data Security Council of India and Defence Research and Development Organisation (DRDO) are training more than 100 cyber warriors in key government organisations and critical sectors in handling cyber intrusions, malware detection, digital forensics and strategic planning to safeguard cyber space.
Retired Lt general Rajesh Pant, national cyber security coordinator, said there has been an increase in ransomware and supply chain attacks in the world. He highlighted the recent ransomware attack on Oil India Limited, which has spelt the need to achieve synergy among all organisations for effectively countering these attacks.
Doval said the malicious actors have also got a golden opportunity during the Covid pandemic to target key assets as work from home, vaccination registrations and key government services have gone online. “A digital revolution has taken place in the country with the launch of a large number of digital services by the government. Cyber security remains the foundation of any successful digital transformation,” he said.
Cyber experts pointed out that there is a definite need to develop indigenous capability to protect cyber space at the national level.
Unlike the EU nations, India finds itself isolated in cyber space where its cyber diplomacy with friendly nations is still in the nascent stage and the defensive and offensive capabilities are limited. So while India will do well by taking a leaf out of the ongoing Russia-Ukraine crisis, the challenges before it may be bigger.
In 2016, NATO had recognised cyber space as an operational domain like air, maritime or land where the politico-military leadership was responsible for cyber defence. Under Article 5 of the Washington Treaty, it was acknowledged de facto that a cyber attack can cause damage comparable to that of an armed attack, and thus becomes a case for collective defence. To this end, NATO cyber rapid reaction teams are available for prompt action if any of the allies suffer a cyber attack.
India does not have allies; however, its foes are right across the border in China and Pakistan constantly trying to disrupt its cyber security and invade its critical infrastructure. Speaking to THE WEEK, Dr Gulshan Rai, India's first cyber security coordinator, pointed out that Ukraine has been able to thwart massive attacks as it is being assisted by NATO's rapid response teams and UK's National Cyber Security Centre.
Ukraine army's signal corps, which handles its military communications, is facing constant attacks even as submarine cables and nuclear plants are threatened by wipers in cyber space and weapons on the ground. “There is a need to create a community of countries to handle similar attacks in future,” he said.
With hybrid wars shaping the future of all conflicts, Christopher Ahlberg, CEO of Recorded Future, a global intelligence company in the United States, warned that both aggressions in Taiwan and India will be shaped by this conflict.
Sources said the government is fast-tracking efforts to notify many key bodies within crucial sectors like telecom, power and finance as critical infrastructure to protect them against cyber attacks like the one witnessed in Ukraine. Presently, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal authority responsible for protecting critical infrastructure in the country. But the Central ministries handling infrastructure need to notify various bodies as “critical infrastructure” for them to be a part of the mandate given to NCIIPC.
It is learnt that key Central ministries and state authorities have been dragging their feet on the same. For instance, the power sector includes organisations that handle power generation, grid, distribution and transportation, while the telecom sector branches out into telecom service providers and government and private telecom bodies. On the other hand, banks are only one component of financial systems in the country. “Each institution needs to officially be notified by their parent body as a critical infrastructure for the NCIIPC to effectively step in to assist,” said an official.
Another key aspect of hybrid war is the misinformation campaigns at a global level. Unlike Pakistan's Directorate of Inter Services Public Relations that runs a deeply embedded social media campaign, New Delhi still doesn't have a centralised mechanism to handle global misinformation campaigns.
It has been nearly two months since Russian troops began the military invasion of Ukraine and even though the conventional war was controlled from spilling over, what has worried governments is the hectic uncontrolled activity in cyber space where global threat actors, both state and non state, are continuing to have a field day due to lack of geographical boundaries.