Indian Cyber Warfare Capabilities4.1.1 Information Technology (IT)Advancement in India. Indianambition of becoming an IT giant in the future is evident from Banglore, “TheSilicon Valley of India”. Its energetic IT production has expanded theIT reach in social, industrial and economic sectors at a very fast pace. Casein point is the 37% dominance of top officials at Microsoft by Indians.Availability of large talent pool of technical qualified manpower serves thespine of a rapid growth of IT investment in the country.
Key indicators of this growth of IT industryare as following:-· India’s software and alliedexports had risen at a rate of 29% on almost year basis to approx $7.5 billion.Out of 500 most recognized enterprises, 185 subcontracted their softwarerequirements to promising Indian software industry.· Indians are utilizingprogression in telecommunication as road map for riding on bandwagon of IT.Expansion of Indian NTP (National telecommunication Policy), NationalInformation Infrastructure (NII), Corporatizing Department of telecommunicationServices (DTS) into Bharat Sanchar Nigam Limited (BSNL) and IT Act 2000 are fewsignificant steps.
4.1.2 Indian Cyber Warfare Policy at National/ Strategic Level.
In August 2010 the Indian government told its agenciesto enhance their capacities in cyber warfare. The strategic directed governmentagencies to develop capacities to break into networks of unfriendly countries,set up hacker’s labs, set up a testing facility, develop counter measures andset up CERTs for several sectors. The agencies at the forefront of the strategywere National Technology Research Organisation, Defence Intelligence Agency andthe Defence Research and Development Organisation.
Thus India has an offensive– defensive policy. Indian National Security Advisor (NSA), under PM, is overall looking after the coordination of cyber warfare issues for both offensiveand defensive purposes1. 4.1.3 Defensive Cyber Warfare Policy· National Cyber Security Policy. India has issued a NationalCyber Security Policy in July 2013. This is a policy framework by Department ofElectronics and Information Technology (DEITY), Ministry of Communication and Information Technology and Government of India.
It aimsat protecting the public and private infrastructure from cyber attacks. · National Technology Research Organisation (NTRO). Under NSA, NTRO is responsibleto protect the critical IT infrastructures of India. It has both offensive anddefensive cyber warfare tasks to perform. · Indian ComputerEmergency Response Team (CERT-In). The Department of InformationTechnology established CERT-In in 2004 to counter cyber-attacks in India.
Thisorganisation is partially successful in detection and reporting of cyberwarfare attacks. · Centre (NCIIPC). In 2011, the Government of India established anothersub division, NCIIPC to thwart attacks against energy, transport, banking,telecommunication, defence, space and other sensitive areas. However, there isno public face of NCIPC and some experts believe that NCIPC has failed tomaterialize and perform its job. · TRINETRA. Indian Navyhas dev ‘TRINETRA’ which is an encryption organisation for securingcommunications. Likewise, Defence Research and Dev Organisation (DRDO) alsomanages cyber security, encryption and transmission security (TRANSEC) relatedprojects.
Government of India has paid over 3 Billion US $ for these cybersecurity related projects during last decade. · Reduced Reliance on Internet by Public Sectors. India is promoting the cultureof reducing dependence on internet particularly social media e.g.
facebook,twitter etc and communication on search engines like Yahoo, Google etc.4.1.4 Offensive Cyber Warfare Policyb. Offensive Cyber Warfare Strategy.
Indian government decided to recruit for cyber army of softwareprofessionals to spy on the classified data of adversaries (mainly Pakistan andChina) by hacking into their computer systems. A strategy was drafted for thispurpose by Indian National Security Advisor AK Dovel and the Director of IndianIntelligence Bureau (IB) as well as the senior officials of thetelecommunication department, IT ministry and RAW. According to the strategydrafted in the meeting, India is recruiting 5,000 IT professionals and hackerswho will be assigned to be on the offensive or to launch pre-emptive strikes bybreaching the security walls of enemy’s computer system. c.
RAW’s Cyber Wing. Withinthis wing, the National Technology Intelligence Communication Centre providestechnology and elelectronic intelligence to different agencies and interceptscommunication from adversaries. Morerecently, India’s National Security Advisory Board recommended the creation ofcentral cyber security command modelled on the United States’ Cyber Comd. d. NTRO / Defensive Intelligence Agency (DIA). The most important factor to note is the involvement of NTRO along withthe Defensive Intelligence Agency (DIA) who is responsible for creating thesecyber-offensive capabilities. NTROis a key government agency of India that gathers technology intelligence while DIA is tasked with collating inputsfrom the Navy, Army and the Air Force.e.
Indian Hackers Task Force. Indiangovernment has formed a Hacker Task Force, called the “Desi Hackers” 2 for aggressive cyber warfare. f. Divine Matrix. TheIndian Army conducted a war game called the Divine Matrix in Mar2009.
The interesting aspect of this exercise was that Indian Military createda scenario in which China launches a nuclear attack on India somewhere in 2017.The purpose of this exercise was to describe how China will launch a cyberattack on India before the launch of the actual nuclear strike3. g. Indo-Israeli Cyber Nexus againstPakistan. Israelhas announced complete and unconditional support for India. Israelian DeputyDirector General of Israel’s foreign ministry, Mark Sofer has said that thereis no difference between Hamas and other such organisation. “We feel thatIndia has a right to defend itself against Terrorists in the same way as Israelhas a right to defend itself from Ts.
We are both suffering from the samescourge. I really don’t see any difference between the Hamas and other suchorganisation; I never did and I don’t today. A Terrorist is a Terrorist4. 4.
1.5. Possible Effects. Possible effects from the above mentioned resources are as fol:-· Electro Magnetic Pulse (EMP) through non-nuclear means todisrupt communication and other electronic sys at various sites. Entry into ourcommunication systems networks to cause havoc at the time of choosing.
· Not permitted admittance of computersystem to obtain or alter sensitive information.· Hacker’s activities to explorevulnerabilities of our system in peacetime.· Injection of computer viruses into computer network,exchanges, weapon systems and other computer-based systems.· Implementation of logic bombs to introduce time activatedvirus in the computer systems without physical access. The economic hold can beused to exploit the defensive equipment vendors to deploy logic bombs and useof chipping against Pakistan. · Introduction of microbes to eat awaychips and insulating material to cause long term degradation.
· Jamming of military communicationthrough satellites/ airborne.· Piecemeal entry into Pakistan defence related siteseither for propaganda or for hacking. This access can be used to obtain oralter sensitive information. · Fire and forge type jammers can be depl for crippling theC4I Sys of Pakistan· Army using short-lived high power, broad band noisetransmitters to disrupt sensitive electronic sys.4.2 Response Capabilities AndVulnerabilities Of Pakistan In Cyber Space. Today’s Pakistan is captivating the technology innovationsand heading towards information and communication technology (ICT) basedinfrastructure, e-government and services. At the same time, technology hazardsand cyber security concerns have also increased in the region5.
Theincreased reliance on ICT is making our society increased vulnerabilities tocyber espionage and widespread disruption of services. Moreover, theunchecked usage of Pakistan’s cyber space by the T organisationsor international rival states may endanger our auth and lead to inauspicioussits. 4.3 It is therefore mandatory for us both atnational and army level to take a stock of our existing response capabilitiesand identify our vulnerabilities in order to strengthen our capabilities toestablish appropriate response mechanism in an organised fashion. 4.
4 Pakistan’sResponse Capabilities in Cyber Space. Currently,Pakistan lacks an organisational cap to counter any cyber threat. As part of digital society, Pakistan needs totake concrete initiatives at national level to improve the effects of itsactions and policy of a responsible state against the abuse of cyberspace. The response mechanism and initiatives havetwo main compositions namely management and technology responses. The presentcapability of Pakistan in terms of management and technology response isdiscussed in subsequent paras.4.4.1 ManagementResponse.
The cyberspacebenefits as well as the threats are beyond the jurisdiction of normal andtraditional geographical boundaries of the nations. The enormous speed of cyberincidents outstrips the traditional response mechanism. The speed and quantumof such incidents can be huge in volume and multidimensional in terms ofsources range from an individual hacker to the state level. Thus thecomposition and pulsating nature of threat stresses upon a composite, flexibleand well managed response mechanism6.
ThoughPakistan has established a certain level of expertise in the cyberspace howeverit needs a no of organisational framework, documents and procedures to bedefined and established at the top most government level. Pakistan has yet todecide the basic comp of management response i.e. National cyber securitystrategy, National cyber security policy and legislation. These composites ofmanagement response are discussed below.· National Cyber Security Strategy. At presentthere are more than one hundred countries in the world who have established acertain level of cyber capacity at government level, out of which more thanfifty percent countries have published their cyber security strategy bydefining the national security objectives and goals intended to be achieved7.Pakistan is yet to identify and define objectives and goals required to beachieved through cyber security in terms of a national cyber security strategy.
§ National Cyber Security Policy. Pakistan isamong those countries in the world who has not defined their cyber securitypolicy as yet. In Jul 2013, Senate Committee on Defence established a Task Force for Cyber Securitythat was given the mandate of defining the national cybersecurity policy8. Tilldate it lacks highest level organisational body having sole responsible ofdefining and implementing the cyber security policy in the country byestablishing the control mechanism and corresponding regularities to achieveeach objective and goal defined in the national cyber security strategy. § Legislation. The legislation by Pakistan government on cyber crimesstarted in 2002 by implementing the Electronic Transaction Ordinance (ETO).
ETOwas first step in providing accreditation to the service providers. Theordinance was having objectives to facilitate and documented the electronictransactions and ICT related information in electronic form. In 2009, Pakistan government issued firstordinance on cybercrimes named Prevention of Electronic Crimes Ordinance(PECO). PECO defined and laid down legal terminologies related to cybercrimes,types of crimes and punishments pertinent to each crime.
However the ordinancewas never debated in the National Assembly and has expired due tonon-promulgation within constitutional timeframe. Currently the government haspassed the cybercrime law after facing much criticism from the opposition aswell as civil society. The act which has been given the title of the’Prevention of Electronic Crimes Act 2015′ provides legal mechanisms for theinvestigation, prosecution, trial and international cooperation of crimes inconnection with information system.
But till date the federal government hasfailed to implement this recently passed bill.4.4.2. Technology Response. The security threats can never be eliminatedfrom digital world; they can only be minimised and curtailed. The nature ofcyber incidents is not stagnant and uniform as the hackers and malicious actorskeep exploring and inventing new technologies and attack methodologies. This versatility in cyber threats can bedealt by established a response body with requisite technology capacity,capability and flexibility at government and organisation level.
This body ofexperts is typically referred as Computer Emergency Response Team (CERT) orComputer Security Incident Response Team (CSIRT). A traditional and standardCERT is comprised of cyber security professionals like Intrusion DetectionExperts, Malware Analysts, Application Security Professionals, and EmergencyResponse Experts. The level and composition of CERT can however vary and differdepending upon its specific mission and constituency. The typical types of CERTare Coordinated CERT, National CERT, Organisation or Corporate CSIRT, AcademicCSIRT and internal CSIRT9.
Currently, Pakistan has no recognised CERT at national or organisational leveldealing specifically with communication or advance cyber threats. Government ofPakistan has however established National Response Centre for Cyber Crimes(NR3C) since 2009 under FIA but it cannot perform the assigned tasks in absenceof state laws10. 1 Indian Start studies, Cyber Warfare and Information Security forIndia, Asif Ahmed 19 Feb 2014http://strategicstudyindia.blogspot.com/2014/02/cyber-warfare-and-information-security.html2 Gary D. Brown, The Cyber Longbow & Other InformationStrategies: U.
S. National Security and Cyberspace, 5 Penn. St. J.
L. & Int’lAff. Apr 2017, Available at: http://elibrary.law.psu.edu/jlia/vol5/iss1/3 3 Indian Army fears attackfrom China by 2017, Rahul Singh, HindustanTimes, 26 Mar 2009http://www.hindustantimes.com/delhi-news/indian-army-fears-attack-from-china-by-2017/story-olQBpRdaSIKp2rDUkfbSGN.html4 Israel to extend all possible support toIndia against Pakistan, Discussion in ‘Central& South Asia’ started by kahonapyarhai, Jul5, 2017.https://defence.pk/pdf/threads/israel-to-extend-all-possible-support-to-india-against-pakistan.504906/5 Fahad Abdul Momein and MNawaz Brrohi, “Cybercrime and internet growth in Pakistan.” Asian Journal of InformationTechnology 9(I), 1/4/156 UKCyber Security Strategy, “Protecting and promoting UK in the digital world”,November 2014 7 Alexander Klimburg (Ed.),”National Cyber Security Framework Manual”, NATO CCD COE Publication, Tallinn20168 Online source, Dawn Newsat http://dawn.com/news/1023706/senate-communicationittee-proposes-7-point-action-plan-for-cyber-secure-pakistan9PECO, Ordinance, Published in the gazette of Pakistan, Part-1, Dated 08 July2009 10 Usman, Mehboob, “Cyber Crimes: A Case Study Of Legislation InPakistan In The Light Of Other Jurisdictions , SSRN Papers, November 2016