In one of the US presidential debates, the challenger complained that US navy has fewer battle ships compared to earlier and blamed the current president for it. The president looked at the challenger dismissively and mocked him saying, “Senator! We also have fewer bayonets and horses and that is because times have changed and the nature of the military has changed. We now have aircraft carriers and submarines. So, it is no longer a question of number of battleships!” The same argument holds good for cyber warfare, which is an essential and critical component of any modern force. While physical forces are indispensable, advances in computer technology, coupled with a connected world makes it possible to wage serious wars in cyberspace which can cripple a countries defences and also impact life of citizens adversely. In this series of articles, we shall discuss what is cyber warfare, its importance, its components and the current state of readiness of India (based on information that is available in public domain).
For the uninitiated, cyber warfare is essentially about using computers and internet to remotely attack enemy computer networks to adversely impact their functioning. These attacks are carried out using malicious software programs/viruses/malware which can automatically propagate in a computer network from one computer to another. Such attacks can be covert or overt and could be used to achieve a variety of goals such as stealing vital data, planting misleading information, promoting false propaganda, bringing down critical infrastructure such as power grids, power plants, Air traffic management systems, Banks, Health care systems and defence networks to name a few.
To understand and appreciate the kind of damage one can do with cyber-attacks, it would be informative to discuss a few well known cyber-attacks of recent past. In 2005, a US security agency uncovered a cyber-attack on US defence networks. This attack had been going on for couple of years and the attackers had allegedly managed to penetrate US defence contractor computer networks and also those of NASA and FBI. What makes this attack standout is the fact that attackers had managed to keep the attack a secret and had also masked the origin of the attack and made it appear as though it originated from the computers of an Asian country. Such attacks can result in loss of critical data, loss of trust between countries which in turn can lead to real wars between countries with disastrous consequences.
In another incident, in April 2007, a series of cyber-attacks brought down computer networks of Estonian banks, parliament, ministries, newspapers and broadcasters causing lot of inconvenience to general public. The attack was allegedly launched from a neighbouring country over an ideological dispute.
In late 2000s, a malicious computer worm called Stuxnet was uncovered. It is alleged that two western countries developed it to infect computers that controlled Iranian centrifuges. Student made the centrifuges run at speeds they were not designed to run at, causing them to fail. This worm reportedly caused one fifth of Iran’s centrifuges to fail.
More recently, in 2017, an attack launched by an anonymous group of hackers infected around 2,00,000 computes from more than 100 countries. The users of infected systems lost access to the data on their computers and had to pay ransom money to the attackers to get the access back. Victims included individual users, large corporations and government agencies. Russia’s top oil producer ROSNEFT, Danish shipping giant A.P.Moller-Maersk, major banks of Russia, a Health care product manufacturer of India were some of the big entities that were impacted. Many of them paid substantial ransoms to recover their data and networks. Total financial impact due to this attack is estimated to be around 4 Billion USD.
What makes cyber warfare attractive to rogue countries and terror groups is, fairly big attacks can be launched and managed by a single individual or a small group of people to bring down entire computer networks. In most cases, it is not easy to find the real perpetrator. What is scary is that, the country/entity under attack may not even realise that it is under attack until it is too late and that is the norm with most cyber-attacks.
Cyber-attacks can bleed countries and their businesses. It is estimated that, cyber-attacks cost USA more than 100 Billion dollars per year and $6 trillion per year world-wide on an average through 2021.
In this context, it is important to review how vulnerable India is and its level of preparedness to prevent and handle cyber-attacks. India has been embracing technology like never before. It is the second largest market in the world for smartphones and is moving towards a unique ID based system for practically all aspects of citizen’s lives. In 2018, the number of digital transactions in India was more than a Billion. As the level of technology adoption goes up, so does the threat of cyber-attacks.
India depends heavily on other countries for both civilian and military technology. While India has a huge pool of software professionals and has a well-developed software industry, critical pieces of hardware and software are all sourced from other countries. This in itself opens up the possibility of malware/worms/trojans being shipped in dormant state with the equipment, software supplied by other countries. Such malicious software programs can be activated at a suitable time remotely to act as BOTs (like Robots). These BOT computers takes commands from computers located outside India and execute those commands. It is conceivable that an attacker can use BOTs to eavesdrop on critical communications, steal data or simply to shutdown computer networks.
To guard against such attacks, India needs to make careful decisions around what to build vs what to buy. Critical defence network and government computer networks should be isolated from internet and staff should be trained not to fall into a variety of honey traps that attackers setup. In a later article in this series, we shall delve into this topic more in detail.
© K G Mahadevaswamy
