Offence could well be the best defence in cyber warfare
4 min read 08 Mar 2021, 10:13 PM ISTIndia must be prepared to strike back at shadowy Chinese-backed cyber warriors if need be
PremiumEarly last week, The New York Times reported on a study by cyber security firm Recorded Future, which claimed that Chinese malware was flowing into the control systems that manage electric supply across India. It went on to say that a massive power outage in Mumbai last October, which sent economic activity in the city into a tailspin for some hours, could have been set off by Chinese state-backed hackers. Immediately afterwards came the news that Telangana power utilities TS Transco and TS Genco had successfully thwarted cyber attacks from China that targeted at least 40 electricity substations.
The Union power ministry has since stated that the Mumbai power crash was a result of “human error" and not any cyber attack. But Yashasvi Yadav, Maharastra’s inspector general of police, cybersecurity, revealed that last year, right after the Galwan Valley clash between Indian and Chinese soldiers, there were more than 40,300 cyber attacks originating from Chengdu in China’s Sichuan province on India’s infrastructure, banking and information technology sectors within a span of just five days.
Yet, all this is hardly a surprise. China’s imperialist ambitions are not a secret, nor its philosophy of “unrestricted warfare"—attack, subvert, destroy the enemy by any means possible. This column, in the last few years, has delved into this many times.
Since 2009, many critical Indian entities have been targets of allegedly-Chinese hacks—from defaced websites to breached servers. These include the Prime Minister’s Office, the ministries of home and external affairs, National Informatics Centre, Defence Research and Development Organization, Bharat Sanchar Nigam Ltd and the Indian Space Research Organization.
In 2017, an Indian Air Force Sukhoi 30 fighter jet was downed, purportedly by a cyber attack from China. And we will perhaps never know whether the collapse of the northern power grid in July 2012, which affected 400 million people, was actually a deadly hack.
China saw the scope and value of cyber warfare—negligible investments compared to physical combat, and with higher attrition potential, the ability to hit the enemy’s socio-economic foundations, easy deniability—very early. In April 1997, a 100-member elite corps was set up by China’s Central Military Commission to devise ways of hacking into American and other Western computer systems.
In 2004, Beijing’s strategic military guidelines were changed to set “winning local wars under conditions of informationization" as a basic aim. China’s National Defence paper stated that “informationization has become the key factor in enhancing the warfighting capability of the armed forces". In 2015, the People’s Liberation Army (PLA) decided to raise a strategic support force, wholly devoted to the cyber theatre of war.
The PLA also roped in hordes of civilian geeks, whose activities, if detected, could not be traced back officially to the Chinese government. So effective was this strategy that in 2017, Beijing went public with it, establishing the Central Commission for Integrated Military and Civilian Development, whose task is civil-military cyber integration. By one estimate, Chinese state-affiliated cyber militias have a membership base of over 10 million today. That’s a huge shadow army.
As India moves aggressively towards universal digitization—from individual identities and government services to financial transactions and vehicular movement—we are generating incredible amounts of data. Access to this data translates into enormous power. How strong are the walls around these databases? And the links between them? One can only hope that both state and private players are doing enough to protect us—and not only from China.
What we know is not reassuring. Over 46% of Indian businesses are operating on traditional legacy systems, which are sitting ducks for hackers. Kumar Ritesh, head of cyber security firm Cyfirma, says that his team has seen a 210% year-on-year increase in cyber attacks against Indian businesses and a 250% increase in attacks targeting government agencies and critical infrastructure since February last year. “There are many cases of exposed databases, and confidential processes and files being publicly accessible," he told the media. These holes need to be swiftly plugged.
The problem is compounded by the fact that much of Digital India runs on hardware made by Chinese companies that are thinly-disguised extensions of the Chinese state. There is no guarantee that this hardware does not come with hidden backdoors through which data can be stolen or malware introduced. Replacing Chinese equipment would not only be extremely complex, but also enormously expensive. In fact, a cynic could say that it’s a miracle that India has not been hit harder till now. Or maybe we just don’t really know how hard we have been hit.
This matter is code-red urgent. But while India builds its cyber-shields, the country should also develop powerful and agile attack capabilities, if we do not possess them already. We must have the option to strike back when need be to send a clear message to the adversary.
As the cliché goes, and all clichés ultimately have some basis in truth: Offence is the best form of defence.
Sandipan Deb is a former editor of ‘Financial Express’, and founder-editor of ‘Open’ and ‘Swarajya’ magazines
"Exciting news! Mint is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest financial insights!" Click here!
