The Author is Former Director General of Information Systems and A Special Forces Veteran, Indian Army

The news coming in from 'Recorder Future' on October 7, 2024 was startling to say the least. 'Recorded Future' is a company based in Somerville, Massachusetts, USA, which claims to have knowledge of more global C2 nodes (which serve as the linchpin of cyber-attacks allowing threat actors to remotely manage and coordinate their malicious operations) than anyone in the world, and which it uses to constantly disrupt Chinese and Russian intelligence operations. Analysts at 'Recorder Future' noticed that CCTV cameras in Taiwan and South Korea were digitally talking to crucial parts of the Indian power grid – for no apparent reason. On closer investigation, it became apparent that the strange conversation was the deliberately indirect route by which Chinese spies were interacting with malware they had previously buried deep inside the Indian power grid.

The attack was reportedly not foiled by an Indian intelligence agency or a close ally. But the question is, was India even aware of or imagined that such a conversation was possible in the first place? Interestingly, it was Microsoft, not the US government, which revealed that 'Volt Typhoon', a Chinese hacking group, had targeted American critical infrastructure (including water and energy facilities) since at least 2021; probably practicing for wartime sabotage. However, the technical details of how China executed 'Volt Typhoon' were not made public. Incidentally, Microsoft tracks more than 78 trillion 'signals' every day.

Modern digital technology has enabled covert actions on a grand scale, where virtual sabotage is now a reality, bypassing the need for physical agents and infrastructure

It is also a fact that Western cyber-security companies have been handling the cyber defence of Ukrainian networks since the war broke out in Ukraine; including against Russian cyber threats; all technical details of which may not be shared with the US government.

The instant Chinese intrusion of India's power grid serves as a microcosm for the threats in the modern age that intelligence agencies have to contend with. The cameras in Taiwan and South Korea are among more than one billion around the world, forming a metastasising network of technical surveillance – visual and electronic, ground-level and overhead, real-time and retrospective.

Despite the clear risks, India's approach to cybersecurity remains lackadaisical, with many believing that decoupling from China is impossible and not worth the effort

We need to acknowledge that those CCTV cameras in Taiwan and South Korea could be used to sabotage India's electricity supply. This indicates how digital technology has enabled covert action on a grand scale; virtual sabotage is now a reality; superseding the need for front companies, physical infrastructure and agents armed with tools for sabotage. It is also apparent that private entities like Microsoft and Future Recorder can monitor and analyse the enormous quantities of digital data flowing out of digital devices in real time to detect virtual threats?

But where does all this leave India? Look at the number of Chinese smartphones being used by Indians. A senior naval veteran writes that the Indian economy is entirely based on Chinese electronic Innards. India is also dependent on Chinese heavy machinery like tunnel boring machines for metro railway lines. All this was adopted as an easy way out for mass production so that the poor could have mobiles, TV, fans and the like. The Indian corporate enjoys the benefit of cheap Chinese components resulting in Chinese imports booming at $100 billion plus.

The rise of private intelligence companies, capable of monitoring and analysing vast quantities of digital data, has transformed espionage into a high-stakes technological competition, challenging state agencies

The above is largely true, which implies that China can carry out enormous sabotage at will, especially at critical times. The daily lives of individuals rely more than ever on digital technology: more things run on software (fridges, cars, phones), those things have a greater array of sensors (GPS receivers and radio transmitters) and they are increasingly connected, often over the internet, allowing data, often embodying our most personal secrets, flowing to and fro. We may have more means to keep our data secret but there is much more data to contend with and multiple sources from where it can seep out in the open, where a sprawling ecosystem of private intelligence can collect, analyse and use it.

The general attitude India towards cyber security is lackadaisical. Some even say that everything is known to everybody (especially China and the US), so why bother. It is also said that it is not possible for India to decouple from China, which is true. But should we not see anything and everything Chinese with suspicion and adopt appropriate measures? With respect to Chinese investments in India, the government stance is that it is not in critical sectors and Chinese nationals will not be allowed to occupy important positions in joint ventures. However, the above mentioned Chinese intrusion proves that such a policy is inadequate against Chinese spy-cum-sabotage operations.

India must develop a robust ecosystem of private cybersecurity firms to detect and counter digital threats in real time, alongside establishing credible deterrents to secure national interests

Finally, we must acknowledge that in a world inundated with digital data, private intelligence companies now compete with state agencies, turning everyone into potential spies and transforming the age-old craft of espionage into a high-stakes technological competition. To this end, India must build a comprehensive ecosystem of private cyber security companies to monitor and detect digital threats to our national security in real time. Also essential is the need to work on credible deterrence against such threats, which could be selectively demonstrated to establish its credibility.