By M D Nalapat
Given
the range of cyber interference, the source of the attack could have
been from thousands of kilometres or from only a few hundred metres
away.
Analysts
based in the vicinity of New York and St Petersburg warn that the loss,
days ago, of an advanced and mechanically certified as safe, Sukhoi 30
fighter aircraft, close to the border with China may be the result of
“cyber-interference with the onboard computers” in the cockpit. This may
explain why even the pilots may have found it difficult to activate
safety ejection mechanisms, once it became obvious that the aircraft was
in serious trouble, as such mechanisms too could have been crippled by
computer malfunctions induced from an outside source. They point to the
apparent loss of five Army vehicles, “due (according to the authorities)
to a misfired mortar strike” in the same zone, saying that a single
mortar round would not have enough firepower to take out such a large
number of vehicles. They add that the possibilities are that the damage
may have been caused by a larger projectile guided by electronic systems
that may have been interfered with during flight. Given the range and
complexity of cyber interference, the source of the attack could have
been from thousands of kilometres or from only a few hundred metres
away. These analysts warn that although India spends over Rs 200,000
crore on defence through the armed forces and another Rs 100,000 crore
on security via police units, hardly Rs 4,700 crore gets spent on cyber
capability. The analysts spoken to point out that almost all this gets
expended on foreign vendors, rather than domestic producers. However,
this reliance on foreign shores for defence and security is across the
board, so far as capital expenditure is concerned, in contrast to China,
which has almost entirely indigenised its capabilities over the past 15
years.
The international analysts spoken to, who are based in Russia and the
United States, two of the four giants in the cyber field (the others
being Israel and China), point to the devastating effect of the
lightning shutdown of the Northern Power Grid on two separate occasions
in August 2012. These were attributed by authorities to an “overdrawing”
of power by Uttar Pradesh, omitting to consider the fact that such
excess power consumption is routine, and that in the past, UP had
withdrawn far more electricity from the grid than had been the case when
it tripped. They say that it is probable that a cyber-related
malfunction of a key gauge may have occurred, leading to the breakdown
in supplies. It is pertinent to recall (to illustrate cyber
capabilities) that it was at that time that the US and Israel introduced
Stuxnet into even non-internet related control systems in the nuclear
industry in Iran. As a consequence, the nuclear process gauges showed
acceptable speeds, even while remote commands raised the speed of
certain processes to unsafe levels, thereby leading to a shutdown in
operations. Of course, they add that it is “next to impossible” that
either the US or Israel were behind the Northern Grid power outage,
although both have the capability to inflict such damage on essential
civilian infrastructure, and that the Stuxnet example was only given as
an illustration of the lethality of cyber weaponry.
The impact of cyber warfare on complex machinery may be judged by the
crippling of the USS Donald Cook in April 2014 by electronic
interference sourced from a high-flying Sukhoi-24. Exactly a year later,
yet another Sukhoi disabled the USS Theodore Roosevelt (an aircraft
carrier armed with multiple defensive and safety mechanisms) in the
Baltic Sea. Both naval vessels had to be towed to safety, as their
onboard propulsion systems got damaged by electronic interference. Other
large-scale disruptions caused by cyber warfare include the crippling
of operations of Stockholm airport for three days last year. There had
also been large-scale power outages in the US more than a decade ago,
after the worst of which a warning was conveyed by US authorities to the
(state) perpetrator that the next time around, there would be a
disproportionate cyber reaction to the event, targeting the offending
country. Needless to say, that was the last time large-scale disruptions
of the same kind occurred within the US.
Given the push towards digitalisation by the Narendra Damodardas Modi
government since 26 May 2014, the realm of cyberspace has become
critical in the security and economic matrix of the country. In this
context, cyber theft from banks is a vulnerability which needs to be
eliminated. However, as yet authorities have adopted a conventional
approach towards such crimes, as for illustration the overnight
siphoning of Rs 1,200 crore ($171.2 million) from Union Bank of India on
20 July 2016 through seven “swift” transactions. $166 million was taken
from Union Bank’s account in New York Citibank, while 5 million was
removed from J.P. Morgan Chase, again in New York. The money was wired
to seven accounts: Mrs Pornjit, SIAM Bank, Thailand; Mr Sithonno,
Canadia Bank, Cambodia; Sactec Corporation, Sinopec Bank, Taiwan; Mr
Cheng Nesgig, Indo-China Bank, Cambodia; and three other accounts.
During the same period, Bank of Maharashtra is reported to have lost
Rs 25 crore through fraud in their digital payments mechanism.
Interestingly, the same year, a Bangladesh bank lost $89 million in the
same manner as Union Bank of India. While the Bangladesh authorities
visited Sri Lanka to bring the account holders (into which the cash had
been transferred) to justice, thus far authorities in India do not
appear to have been to the locations where the money was sent, to
interview the recipients. In the Indian cases, authorities focused on
backdoor diplomacy to try and get back some of the money stolen, rather
than aggressively pursue the perpetrators and the beneficiaries. As a
consequence, India is widely regarded globally as a soft target for
cybercrime, despite harsh laws on the subject. “What counts is not law
but implementation and the capability to react, and in both, India has
remained well below its size and potential”, these experts claim. Based
in the vicinity of New York and St Petersburg, they warn that the
capabilities of Indian authorities in the cybercrime realm are of a
“Fourth World” standard. They claim that only Open Source tools are used
in this country to track depredators, including by locating IP
addresses. However, such addresses can be easily disguised by
experienced hackers, thereby leading to the wrong locations being blamed
for a cyber attack. Hence, in case an attack comes from a particular
country, it is close to impossible for Indian authorities to identify
the source, which means that there is no way of knowing who to complain
to and about whom. Unlike the US, Russia, Israel or China, where each
has the capability to penetrate through such dodges and establish where
exactly an attack originated from, India has thus far relied on outside
police forces to deal with cybercrime in this country, many of which are
in locations compromised by graft and connivance with criminal gangs.
Globally, geopolitics specialists consider Prime Minister Narendra
Modi to be among the top four global leaders (the others being Donald
Trump, Xi Jinping and Vladimir Putin). They, therefore, expect that
India under PM Modi will soon rectify the vulnerability caused by
decades of neglect of the fact that the realm of cyberspace is likely to
be the theatre of future conflict. MoS (MEA) General V.K. Singh, while
Chief of Army Staff, had put together a cyber warfare group, but this
seems to have been relegated in importance by his successors.
Interestingly, in the US, the backbone of that superpower’s cyber
capability in both attack and defence is talent from India, either still
holding Indian passports or naturalised citizens. They say that
military mishaps which may be passed off as accidents may in fact be the
consequence of cyber warfare from unknown sources, as there are
multiple groups of experienced hackers globally available on hire to the
highest bidder. They say that the creation of stronger firewalls
against cyber intrusions, including in the corporate and urban
infrastructure sphere, needs to become a top priority of the Modi
government as it crosses its first 1,000 days of existence.
No comments:
Post a Comment