By Lt. General P.C. Katoch (Retd) Former Director General of Information Systems, Indian Army

Digital information is multiplying more than tenfold every three to four years. Cyber warfare has become one of the best and easiest asymmetric battlefields where low priced, anonymity, asymmetrical vulnerability, swiftness of attack and ease in achieving targets implies smaller actors have more capacity to exercise hard and soft power in cyberspace than in traditional forms of attack.

While information communication technology (ICT) has contributed tremendously in development, cyber domain is also a volatile man-made environment that has vulnerabilities in abundance. The ease with which critical infrastructure of a country can be harmed or destroyed through cyber attack proves that as the global information age progresses, more and more things are happening outside the control of even the most powerful states. Look at the horrendous nuclear emergency in Japan in the aftermath of the tsunami and earthquake. The real reason for the nuclear reactor meltdown was shutdown of the cooling system courtesy prolonged power breakdown – something that can also be achieved through cyber attack especially if precisely timed with already unfolding disaster.

As complexity of cyber threats multiply exponentially, measures of information assurance including cyber security need to be enhanced commensurately. Information assurance leading to information dominance will assist India’s rise as a global power. Comprehensive cyber security measures are required right from the national apex down to every data centre operator, network administrator and computer professionals.

We need to adopt a double pronged approach at the international and national levels. Internationally India should join hands with suitable cyber coalitions to establish global norms for cyberspace behaviour, legislating information exchange, including system of punishing violators and provision of protection of networks and computer systems. Nationally, information must be recognised from the strategic viewpoint as a mission critical resource essential to the survival and success of the nation and not treated like any other asset. The complexity and criticality of information assurance and its governance demands that it be elevated to the highest organisational levels. India needs to put in place security consciousness, security measures to overcome existing voids and requisite organisational structures. We need a comprehensive approach involving the entire nation – the government, military, research and development, industry, business sectors, academia and population as a whole.

A comprehensive national cyber security policy must be coined forthwith. It is tempting for policymakers, especially for those with distaste for technology and with understanding of traditional military threats better than virtual enemies, to view cyber warfare as an abstract future threat but we must find ways to get over such fixation. From this should flow out a national cyber security strategy while the Ministry of Defence should define a comprehensive cyber security policy for the Armed Forces.

The organisational structures to cope with cyber warfare should include establishment of a national cyber command and a Joint Services cyber command/military cyber command. Immediate review of protection of existing data centres and networks is mandated including examining financial support required by private sector including banks, stock exchanges, etc for installing adequate cyber security measures.

The Services must institute early comprehensive measures to graduate from cyber security to holistic information assurance. A full-fledged tri-service information assurance agency needs to be established. An information security and assurance programme (ISAP) must be developed and tailored to specific organisational mission, goals and objectives. We need a fundamental shift from individual entity to central overview, control and assessment of security measures. If we want India to continue to grow globally then a proactive approach is required for defensive and offensive cyber warfare capacity building as total cyber security will continue to remain a myth.