It may be said that vulnerabilities to cyber attacks in India is no different from the rest of the world. What makes us more vulnerable is the fact that despite our technological and knowledge prowess including in the field of software development, we continue to import bulk hardware and critical software and have no facilities to check malware and embedded vulnerabilities.

Cyber attacks are a common phenomenon today but have become more and more complex. Erstwhile cyber mischief generally centred on hackers attacking e-mails, wiping out contact lists and data, engineering hoax messages and the like. They either established a link to the web to deliver malicious payload or used an infected attachment. however, the web has changed all that. Today, the web is a hacker’s paradise providing a wide-range of options and has become the ideal vector for cyber attack. A host of vulnerabilities exist in web browsers and browser add-ons that provide back doors enabling systems to be infected with key loggers, password-stealing trojans and other forms of malware. Advertisements can be designed to exploit vulnerabilities in web browsers and browser add-ons and distributed via advertising networks across numerous websites. Internet Explorer itself has had scores of vulnerabilities in recent years. no website can be considered truly safe. Even popular, established and generally trusted websites can be compromised and used as malware delivery vehicles without knowledge of the site owner. During the last three years, thousands of websites including over a hundred top global websites were found either compromised or contained links to other malicious websites. Embassies, Fortune 500 and Fortune 1000 companies, celebrities, defence and security agencies were all targeted, compromised and used to steal data by unsuspecting visitors.

Automation and digitisation in the information age has revolutionalised both warfare and industry. Organisation in distribution of correct information in exact scale and timing is essential.

Cyber Threats India Faces

Cyber threats are multidisciplinary particularly since there are endless vulnerabilities. The attacker has the advantage as there are no limitations and boundaries. he has many tools for attack and can practically achieve most of his goals. The instantaneous nature of cyber attacks makes defence against them very difficult. Once the attacker discovers vulnerability and wants to exploit it, there is very little that can be done. The ratio of tools available for cyber attacks compared to vulnerabilities heavily favours the former. Worms and trojans can do endless damage. Attacks can be sudden and horrific and such tools can be injected, made to lie dormant and activated at the critical time. Automated tools like Internet worms exploit vulnerabilities and can continue replicating themselves endlessly from systems to systems.

Originators of cyber attacks could be states or their arms (like intelligence agencies–both military and civil), defence forces or hackers employed as information and cyber warfare actors/warriors to inflict disruption, map adversary’s capabilities and assess own capacity to attack whenever conflict situations arise. Besides industrial espionage in cyber space that has been ongoing for several decades, cyber attacks can also be politically motivated. Cyber attacks can be of many types with different objectives. These could range from attack on critical infrastructure to subvert the supply chain, hit power distribution, railways, air traffic, manipulate radio signals, and use radio frequency transmission to disrupt unprotected electronics and the like. Objectives of some attacks could purely be information gathering–military, economic, industrial. Many options exist for mischief hackers as well as terrorists albeit the attackers too get exposed in the process. The Internet and broadband have increased the vulnerabilities manifold.

It may be said that vulnerabilities to cyber attacks in India is no different from the rest of the world. What makes us more vulnerable is the fact that despite our technological and knowledge prowess including in the field of software development, we continue to import bulk hardware and critical software and have no facilities to check malware and embedded vulnerabilities. We appear to be impervious to Symantec figures of ‘bot’ infected computers in India that are multiplying every year at an alarming rate. neither have we defined a cyber security strategy/policy, adopting an ostrich approach instead to avoid facing the gigantic task of cyber security, wishing that all should continue to be well. This is despite almost daily attacks on our networks (both military and civil) including serious ones like the Stuxnet attack on INSAT 4B. If we permit extension, our unenviable label of ‘soft state’ to cyberspace, we will multiply our cyber vulnerability and encourage our adversaries to mount more and more cyber attacks.

Towards a Required Strategy

The first thing that needs to be done is to bring together the knowledge that different parts/organisations of the government, the research and development (R&D) of both defence and civil, the industry and academia who are dealing with cyber and network security. This will ensure availability of the best technical experts while we set course to cope with intricacies of cyberspace by providing strategic advice and technological expertise to ensure the integrity of systems and secure transfer of data. It may be prudent to establish a Task Force (TF) or a Project Management Group (PMG) on cyber security that could be directly under the national Security Advisor (NSA), having parallel links with the Ministry of Telecommunications, Cyber Society of India and organisations like the national Talent Research Organisation (NTRO). This TF/PMG should take into account the cyber threats that we face/are likely to face in holistic manner, based on which the cyber security strategy should be evolved. Such strategic planning should also define required Indian responses when subjected to cyber attack, plus addressing the difficult issue of building requisite intelligence in order to understand where the cyber threat are emanating from and what are the motives for such attacks. Counter-intelligence operations against hackers (including State-sponsored ones) will need to be addressed. Integrating early warnings, possible indicators, periodic net assessment in short-, medium- and long-term of likely cyber threats will need to be thought of. A decision support system perhaps will need to be developed to arrive at the required response–what type of counter strike? network security is vital both in a civilian and military context especially with cyberspace having become essential to our way of life. Cyberspace is an area where hostile states, terrorists and criminals can equally threaten us. The TF/PMG on cyber security will need to mull over the organisation needed at various levels to cope with cyber threats. Besides layered national structures, private industry would need to be mobilised against cyber attackers, on lines of ‘civil defence’. Veteran experts and hackers would need to be synergised into the effort. Cyber security organisations of foreign countries, including China, would need to be examined, analysed and deductions drawn for what will suit us.