India unprepared to counter cyber warfare (Sunday Guardian)
‘India suffered two power grid blackouts in 2012, which were assumed to be routine overdrawing of power. Possibility of a cyber attack was never examined.’
MADHAV NALAPAT New Delhi | 20th Dec 2014
Military experts warn that the cyber sphere will be the means through which future wars, espionage, economic destruction, creation of paralysis through mass eruptions and social tensions through misinformation get waged. As yet, however, official focus is on conventional warfare, although even that will increasingly have a cyber dimension. Regarding information security, although more than $100 million was spent two years ago in procuring RAX telephones to ensure security of communications within the Government of India, officials warn that several of the units are as yet unused, and that "each day, crucial information on decisions impacting national security get intercepted because of cell phone conversations by senior officials". A senior official pointed out that "RAX phones are allocated only to officers of Joint Secretary level and above, when the fact is that it is junior officers who make the initial file notings guiding decision-making". He warned that intelligence agencies of foreign countries, as well as corporate conglomerates "focus their attention on junior officials, knowing that even the most sensitive files either originate from them or finally get back to their level from higher echelons". It may be mentioned that the RAX system got introduced 35 years ago, but has yet to be improved in order to take account of changes in technology and in the nature of threats. An official pointed out that international service providers routinely allow intelligence agencies in their home countries full access to the conversations routed through them in the countries where they are located.
Another example of official obtuseness in cyber communications is that lower level officials seeking an "nic" (government) email account still have to go through a cumbersome procedure of applying for the same and getting it approved, a process which can take weeks. "Instead, what is needed is to make an 'nic' account automatic for all officials", a senior official pointed out, adding that "nic email is cumbersome and lacks several of the features of Gmail, Yahoo or Hotmail", with the result that the latter get preferred even for communications involving official matters. Worse, "hacking into nic mails has become commonplace". Another official pointed out that despite multiple warnings by the Ministry of Home Affairs, "most official computers are still connected to the internet" and therefore vulnerable to hacking and interception from locations across the globe. A senior official claimed that "none of the data with government is secure".
This is in a context where cyber threats are multiplying across the globe. In 2013, more than 60% of the data passing through undersea cables in the Pacific Ocean got routed through servers in China for nearly 20 minutes. Three years ago, US authorities discovered "worms" in its power grid software that — if activated — could shut off electric supply across much of the country.
"India suffered two huge power grid blackouts in 2012, which were assumed to be routine overdrawing of power. The possibility of a cyber attack was never examined", a senior official warned, adding that "to the Indian establishment, the cyber world is something of interest only to their children".
Given the country's talent, developing cutting-edge cyber capability would be possible for the government. At present, small cyber task forces exist within DRDO, NTRO, R&AW, IB and the armed forces, but as yet, according to senior officials, none of these is approaching the standards needed to keep India secure from cyber threats. While Prime Minister Narendra Modi has spoken of Digital India, as yet concrete action to translate his wish into reality appears to be missing even after 26 May 2014. Instead of seeking to assist in the development of homegrown versions of Yahoo!, Google, WhatsApp, Facebook and Twitter, "all that the government is doing is continuing the Manmohan Singh policy of facilitating their monopoly in the Indian market", an official claimed. He added that "domestic competitors such as Flipkart find themselves enmeshed in trouble from mysterious quarters when they seek to challenge global competitors even in the domestic market". It may be pointed out that as yet, Government of India does not require information on how, for example, the overseas travel and study of dependents of senior officials and policymakers is being funded, in contrast to countries such as the US or (since Xi Jinping took charge) China, where such information is routinely docketed.
In contrast to India, its northern neighbour (China) has developed homegrown alternatives to each of these platforms, with names such as WeChat, Sina Weibo and Baidu, so that the vulnerability created by platforms over which state agencies in India have no control gets eliminated. In contrast, successive governments in India have ignored such a need, indeed with several top policymakers becoming avid users of foreign platforms. "They forget that the Muzaffarnagar and Saharanpur riots were fanned through social media platforms, which were also used to create fear within the northeastern community in Bangalore", an official pointed out, adding that "for a country of India's size and complexity, it is criminal that as yet, cyber platforms and much of telecom is outside the control of government agencies". He warned that "street violence fuelled via social media platforms is very possible in mid-2015, especially if economic growth fails to rise".
Another official pointed out that @shamiwitness and @elsaltador were uncovered by a foreign newspaper rather than by authorities in India. He added that "this is just a single example of a pattern of inattention to the threat posed online". This is a threat that blunderbuss laws restricting freedom of speech such as the Information Technology Act are ill-equipped to deal with.
North Korea's cyber attack on Sony, which caused the corporation to freeze distribution of a film on President Kim Jong Un, is only the latest in a lengthening chain of cyber-attacks, including the 2011 US-Israel Stuxnet attack on Iran's nuclear programme, which almost caused a nuclear accident at Bushehr. In India, although 10% of the Union Budget gets allocated to defence, of this, less than 0.5% is spent on cyber protection and offensive capabilities. Experts within the system warn that "lack of attention to what has become a country-paralysing weapon of mass destruction has resulted in India having very poor defences against a determined cyber attack". They warn that daily, cyber attacks take place, including on domestic companies, that leach secrets or slow down processing, and that awareness of such threats is still very low within decision-makers across the board in India. "Prime Minister Modi has drawn attention to drug addiction in his radio talks. The PM should now talk of cyber threats and the need for vigilance", an expert pointed out, adding that "much more work needs to be done by his own government if the PM's desire for a secure Information Superhighway is to get realised". http://www.sunday-guardian.com/news/india-unprepared-to-counter-cyber-warfare