As a country, we are yet to grasp the significance of cyber warfare. There is no cohesive policy for cyber security at the national level.

The Frankenstein of ‘cyber security’ or rather ‘cyber insecurity’ is striking fear across the lengths and breadths of the globe. Cyberspace has become a major potential landscape of insecurity, courtesy hackers, phishing, malware, botnets, bing, ghostnet, conficker, stuxnet, logic bombs, EMP attacks and the like. While experts and governments grapple with the problem, it is well acknowledged that critical infrastructures including distribution systems of electric power transmission, water, oil, gas and the like are very much susceptible to cyber attacks. A major vulnerability has emerged in the use of Internet. It is use of Internet that made Wikileaks possible. Without the Internet, Wikileaks would not have managed to propagate such classified information at this massive scale. On the other hand, penetration of Internet is fast becoming an instrument of exercising operational art. It is for such reasons that China has mastered control of the Internet as part of her cyber security policy.

The general belief in India is that relevance of cyber security is mainly in the defence sector. This is a myth. Economy of a country in the modern era has a lot to do with security of Information and Communication Technology (ICT), which in turn is heavily dependent on cyber security especially when cyber attacks have the potential to kill or maim critical infrastructure. Technology, management procedures, cyber laws, organisational structures, cyber security culture, skills and competence of human beings are some of the factors around which cyber security revolves. If our economy is to grow exponentially and if India is to attain its desired position in the comity of nations, we need a coherent approach to cyber security. For such coherent approach, a National Strategy for Cyber Security needs to be defined in sync with international norms. Such a strategy should be supported with operational organisational structures and a roadmap to develop the necessary cyber security culture. We are at a nascent stage of developing a policy response to the threats of cyber spying, if not cyber war, and it would be useful to track developments elsewhere and keep mapping the related capabilities and weaknesses of corresponding Indian institutions.

Cyberspace and Cyber War

Future battlegrounds will undoubtedly be inclusive of cyberspace. Cyber warfare has no defined boundaries. I is all pervasive, more penetrating and detrimental and by far much more complex than conventional warfare. Its manifestations include attacks on critical infrastructure, equipment and weapon system disruptions, web vandalism, penetrative data gathering or cyber espionage, distributed denial-of-service attacks, compromised counterfeit hardware, etc. With various surveys assessing that over a hundred countries are developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities, cyberspace would naturally become the battlefield of choice in not only gaining information superiority but also global supremacy.

The past two years (2009-10) saw the US electrical grid being penetrated by allegedly the Chinese. Similarly, the US oil companies Marathon Oil, ExxonMobil and ConocoPhillips were the targets of cyber attacks. Registries in 13 European countries were forced to shut down on account of cyber attacks on the European Union’s Emissions Trading Scheme. Such attacks highlight the vulnerability of the critical infrastructure including the vital energy sector due to their connection and interdependence of their information systems with the Internet. The US and surely other countries have been exercising simulated cyber attacks against her critical infrastructure including power grids, communications systems and financial networks in order to arrive at a suitable response roadmap. The major problem is pinpointing the origin of the cyber attacks with all the advantages such attacks have in terms of unpredictability, timing, stealth and anonymity, all of which make threatening retaliation extremely difficult. Such retaliation is doubly difficult sans the means to establish whether the cyber attack(s) is statesponsored or the act of pranksters. How would you define such acts as an act of war or how can you judge that these attacks are a prelude to actual war? Global escalation of cyber attacks and continuing penetration of scores of networks has far outpaced the research in finding suitable deterrent.

The spate of cyber attacks indicates one of the objectives is to gather information and test vulnerabilities of actors, networks and infrastructure. Such mapping of the web and accumulated information would help identify cyber warfare targets and refine attack techniques for use at opportune time to paralyse the adversary’s critical infrastructure. Themost attractive channel of attack is the Internet. Hackers take full advantage of poor programming on a website and install malware that infects the visitors. Website builders generally do not include adequate security in design philosophy which leads to exploitable flaws. The originators of cyber attacks could be the States or their arms (like intelligence agencies—both military and civil), defence forces or hackers employed as information and cyber warfare actors/warriors to inflict disruption, map adversary’s capabilities and assess one’s own capacity to attack whenever conflict situations arise. Besides industrial espionage in cyber space that has been ongoing for several decades, cyber attacks can also be politically motivated.