US and China will continue to be ‘friends’ and ‘cyber enemies’ at the same time and this will be the new exemplar of global relations, also applicable in India’s international environment.

Two incidents in the recent past once again highlighted the vital role of cyber prowess in today’s world. The effect of cyber attack on government sites in Maldives on June 1 was so massive that no less than 117 websites were defaced albeit they had been hosted on a single server because of cost considerations, ignoring security considerations.

Logically, even if these websites were hosted on the same server, they should have been properly secured individually. The defacing was apparently done after accessing the sites and gaining elevated privileges. Though Maldives was able to restore the websites within 24 hours, possibility remains of an exploit code having been loaded that can remain dormant till activated and is difficult to be detected, compromising these websites when required to exploit advantage over individuals, organisations and government of Maldives.

The cyber attack was likely executed by a Syrian anti-war group. Significantly, a second Maldivian radical was killed in Syria on May 25 this year fighting alongside Jabhat Al Nusra, Al-Qaeda affiliated fighters in Syria. Minivan News of Maldives says individual sites had been hacked in the past by a group calling itself ‘Syrian Revolution Soldiers’, leaving messages that the site has been backed because of ongoing massacres in Syria. The second incident was the first time indictment of five officers of China’s People’s Liberation Army (PLA) for cyber spying by the US. It is not the first time that US has accused China of cyber spying. China has been accused in the past of stealing the US F-16 B1 Bomber, US Navy’s quiet electric drive and US W-88 miniaturised nuke used in Trident missiles, to name a few.

However, the indictment for stealing US corporate trade secrets significantly escalated the cyber espionage battle – despite strong economic linkages. Though China denied any cyber spying and termed the episode as US hypocrisy, a US official maintained that the indictment was to drive home to the Chinese that the source and the individuals could well be fully identified in this case. The episode indicates a new paradigm of engaging in open cyber espionage in the defence and commercial sectors, coupled with bland denial by the attacker. So, US and China will continue to be ‘friends’ and ‘cyber enemies’ at the same time and this will be the new exemplar of global relations, also applicable in India’s international environment.

Vulnerabilities to cyber attacks in India is no different from the rest of the world. However, despite our technological and knowledge prowess, we continue to import bulk hardware and critical software, telecommunication equipment, and have no facilities to check for malware and embedded vulnerabilities, and ‘bot’ infected computers are multiplying at alarming rate. Absolute cyber defence being a misnomer, there is no other way to defeat cyber attacks and ensure strategic defence other than building adequate deterrence through developing offensive cyber warfare capabilities.

If we want to deter adversaries from attacking us in cyberspace then we must have following abilities with respect to our adversaries/potential adversaries: one, stop them from accessing and using our critical information, systems and services; two, ability to stealthily extract information from their networks and computers including vulnerabilities, plans and programmes of cyber attack/war; three, ability to penetrate their networks undetected and stealthy insertion of dormant codes, to be activated at opportune time for thwarting cyber attacks; four, ability to manipulate and doctor radio transmissions; five, ability to destroy their computer networks, if and when necessary; and six, ability to manipulate their perceptions, in line with ongoing global research on the issue.

While hardening of critical infrastructure is being looked at we need to develop ‘stealthy’ offensive cyber security capabilities to establish credible cyber deterrence, which though meant for covert use, may have to be selectively demonstrated in order to establish capability. An important adjunct would be the incorporation of deception measures to lead the adversaries/hackers effectively down the garden path. Our cyber security strategy should ensure the government, military, economy, industry, business and citizenry enjoys full benefits of a safe, secure and resilient cyber space.