India must aim not only to match Chinese cyber threat but outpace it as adequate deterrence. Investments in terms of manpower, technology, money and strategic partnerships must be constantly reviewed.

Recent discovery of a highly sophisticated malware, dubbed ‘Flame’, that has been targeting systems in Iran, Syria, Sudan, Lebanon, Middle East and North Africa for past two years has created considerable commotion. Flame spies on infected computers, steals data including documents, recorded conversations and keystrokes, opens backdoor to allow attackers to tweak toolkit and add new functionalities. Multiple modules can steal conversations over Skype, Bluetooth and enabled devices in the vicinity, e-mails, instant messaging and local network. The discovery was made by Kaspersky Lab, who terms it 20 times more potent than ‘Stuxnet’ that hit various countries in 2009-10. In contrast to ‘Stuxnet’, geographic scope of the systems targeted by Flame, its complexity and behaviour indicate that this is not handiwork of common cyber criminals.

Developments in Iran and the Arab Spring can help indicate who the originators might be. Whether it is a state or state hiring ‘non-state actors’ for developing spyware, non-state actors are misnomer as they need to live in a country and any state permitting cyber attacks from its territory is simply party to the crime advertently or inadvertently. Significantly, Iran’s computer emergency response team announced in May this year that it had developed a detector to uncover Flame and has also developed a removal tool for the malware.

In case of India, China poses major threat in the cyber domain. In India, while Stuxnet infected some 6,000 computers, in 2009, ‘Ghostnet’ that penetrated more than 1,200 systems in 103 countries and purportedly originated in China had also hit India. Then were cyber attacks on Commonwealth Games hosted in New Delhi and one that caused partial failure of INSAT 4B aside from hosts of government including defence-related sites periodically hacked.

Significantly, China has formed several Cyber Warfare Units hiring best IT graduates and culling required manpower from some 25,000 software companies. Focused research is being done at the State Laboratory for Information Security. Scores of specialists are working at another research facility at Datang since the past eight years to take control of national networks of countries like India, Taiwan, Japan.

A recent US Department of Defense report quoted in Defense News during May 2012 talks of China continuing to invest heavily in the development of offensive cyber warfare capabilities that pose a direct threat to global computer networks and that many of the efforts to target global computer networks for intrusions and data theft in 2011 originated in China. Interestingly, Ellen Nakashima quoting serving and former US officials wrote in the Washington Post dated March 19, 2012 that Pentagon is accelerating efforts to develop a new generation of cyber weapons capable of disrupting enemy military networks even when those networks are not connected to the Internet. This research is possibly to cater for eventualities like attacking enemy targets like air defence systems in countries where these are not connected to the Internet—preparing for hostilities against Iran and Syria? It is possibly also due to US/NATO experience in Libya where air defence systems could not be neutralised through cyber attack since they were not connected to Internet.

Military assets like command-and-control systems relying on Internet connections are theoretically vulnerable to cyber attacks. Incidentally, the US Cyber Command established in 2010 at Fort Meade has an annual declared budget in the region of $160 million. What needs to be noted is that both the US and China have hundreds of civilians in their cyber warfare programmes other than government officials. India must aim not only to match Chinese cyber threat but outpace it as adequate deterrence. Investments in terms of manpower, technology, money and strategic partnerships must be constantly reviewed.

The views expressed herein are the personal views of the author.