Cyber : The Next Cold War

Issues Details: 
Vol 9 Issue 5 Nov - Dec 2015
Page No.: 
Sub Title: 
Securing our cyber frontiers and analysing options
Air Marshal Anil Chopra PVSM AVSM VM VSM (Retd)
Wednesday, June 22, 2016

The most important stumbling block for discussion during September 2015 meeting between US President Obama and his Chinese counterpart Xi was on the issue of cyber infringements and hacking used by China to steal designs and information from US Government networks and Private enterprises. Recent cyber attacks on US Office of Personnel Management allegedly by Chinese sleuths have been very aggressive. Cyber détente negotiations to establish code of conduct is of highest priority. After Snowden revelations, China too is concerned as much of China’s telecom hardware comes from US companies. With the world getting more and more networked and large quantum of military and commercially sensitive residing in soft form, cyberspace has become the new zone for warfare. Both attack and defence are key elements of national security apparatus of all countries. The current major powers USA and China are in the lead and setting standards. All others are trying to catch up. In response to recent cyber-attacks on April 1, 2015 President Obama issued an Executive Order establishing the first-ever economic sanctions.

Cyber Security Concepts

Cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts that either steals, alters, or destroys a specified target by hacking into a susceptible system. Cyber terrorism, on the other hand, is the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population. A peace time cyberattacks can greatly affect day to day living and in war it can cripple the defence and attack weapon systems. These include control systems, energy resources, finance, telecommunications, transportation, and water. A large number of professional hackers are either working on their own or employed by the government or military service. Attackers use malicious software like viruses, worms, and Trojan horses. These are injected through emails, web browsers, chat clients, remote software, and updates.

Threat and Major Attacks

Traditionally espionage is not an act of war, nor is cyber-espionage. Edward Snowden’s revelation of massive spying by the US on many countries, including friends, and the US NSA’s spying on Germany’s Chancellor Angela Merkel shook the world. USA and Israeli cyber attacks on Iran’s nuclear facilities for over a year are a near bench mark. Cyberspace has now become a main front in both irregular and traditional conflicts. Enemies in cyberspace will include both state and non-state players that range from the amateur to highly trained professional hackers. Early Feb 2015 the Twitter account of Newsweek, with 2.5 million followers, was hacked by a group calling itself the Cyber Caliphate, an affiliate of Islamic State. On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the website of India’s top investigating agency, the Central Bureau of Investigation. On 26 November 2010, a group calling itself the Indian Cyber Army hacked the websites belonging to the Pakistan Army and others including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a revenge for the Mumbai terror attacks. In September 2010, Iran was attacked by the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility. The worm is said to be the most advanced piece of malware ever discovered. In September 2007, Israel carried out an airstrike on Syria dubbed Operation Orchard U.S. industry and military sources speculated that the Israelis may have used cyber-warfare to allow their planes to pass undetected by radar into Syria. Russian security services have allegedly organized a number of cyber-attacks against other countries such as Estonia, Georgia, and Azerbaijan. In March 2014, a Russian cyber weapon called Snake or “Ouroboros” is reported creating havoc on Ukrainian government systems. UK’s MI6 reportedly infiltrated an Al Qaeda website and replaced the recipe for a pipe bomb with the recipe for making cupcakes.

There is no need for regular massive cyber armies equipped with all the paraphernalia of a conventional war; being trained, sustained and replenished. The malware can be inbuilt in to the computer system at manufacturing stage itself. It can be pre-designed in microchips for various items like sensors, routers, switches. It can be injected later into system as a sleeper cell. US $ 12 trillion are transferred daily via undersea cables and any compromise could halt the entire world economy. The distributed nature of internet based attacks means that it is difficult to determine motivation and attacking party, and difficult to declare it as an act of war.

US & Western Cyber Security Set Up

Cyber warfare is now considered a larger threat than Islamic State and Cyber space is now “the fifth domain of warfare,” and is as critical to military as land, sea, air, and space operations. USA set up a Tri-Services Cyber Command in May 2010 to protect the military and to take offensive action. Military would attack command-and-control systems at adversary military headquarters, and air defence networks and weapons systems that require computers to operate. All civil and utility networks will be covered by Department of Homeland Security. The United States has used cyber-attacks for tactical advantage in Afghanistan. USA plans to engage 30,000 cyber specialists in next five years. In 2009, President Barack Obama declared America’s digital infrastructure to be a “strategic national asset. Computer network warfare is evolving so rapidly that there is a “mismatch between technical capabilities to conduct operations and the governing laws and policies. USA is developing next generation of utility “smart grid” networks to protect from cyber-attacks. USA fears that for first time the war could be fought on their home soil.

European Union has set up ENISA (European Union Agency for Network and Information Security). Germany has a 200-person Computer Network Operation unit with around 130 hackers. South Korea has created 400 specialized personnel to neutralise North Korea’s more than 3,000 highly trained hackers. In the wake of the 2007 cyber war waged against Estonia, NATO established the cooperative Cyber Defence Centre of Excellence in Tallinn Estonia in May 2008 with United States FBI computer crime experts assisting. Iran boasts of having the world’s second-largest cyber-army.

Chinese Cyber Warfare Strategy

The Chinese have a more aggressive approach to cyber warfare, and will try pre-emptive strike in the early stages of conflict to gain initial advantage. China’s People’s Liberation Army (PLA) has developed a strategy called “Integrated Network Electronic Warfare” which guides computer network operations and cyber warfare tools. Cyber-warfare must mark the start of any future campaign. PLA would strike with electronic jammers, electronic deception and suppression techniques to interrupt the transfer processes of information. Aim to create windows of opportunity for other forces to operate without detection or with a lowered risk of counterattack by exploiting the enemy’s periods of “blindness,” “deafness” or “paralysis” created by cyber-attacks. The PLA conducts regular training exercises. China perceives cyber warfare as a deterrent to nuclear weapons, possessing the ability for greater precision, leaving fewer casualties, and allowing long ranged attacks. PLA’s computer spying network dubbed Ghost Net was revealed in 2014. China is reportedly using access to Microsoft source code and private sector talent to boost its offensive and defensive capabilities. In December 2009, China’s cyber-attack on Google gave assess to nearly 500 million Google user passwords. Chinese targets in the United States have included aerospace programs including Space shuttle design, C4ISR data, high-performance computers, nuclear weapon and cruise missile designs, semi-conductors etc. By early 2015 China reportedly had access to the confidential records of 18 million US federal employees. China is preparing for the ‘cyber cold war’ and has over 1,50,000 employed in the state controlled effort. All are specially trained and very proficient in English. China cyber espionage has hit European Aeronautic Defense & Space Company (EADS), German steelmaker Thyssen Krupp, and Australian intelligence agency. They are using a decentralized network of students, diplomats, and engineers from within the Chinese Diaspora. China has reportedly stolen rocket and space technology from Russia and aerospace engineering, and C4ISR data, nuclear weapons and cruise missile designs among others from USA. With the main centre at Shanghai, mandate is to win future cyber wars.

Cyber Security Options for India

“The World faces ‘bloodless’ cyber war threat” said Indian Prime Minister Modi while launching the ‘Digital India’ campaign on 01 July 2015. While meant to provide quick transparent governance and tap great IT resources, he was quick to add that “clouds of a bloodless war are hovering over the world”. As India unfolds new ‘Digital Highways’ there is a need to prepare for the possible cyber war. New Delhi fears Pakistan websites triggered violence in Mumbai and provoked the exodus of the northeast community in Bengaluru. Reports of India being among the top five countries compromised by US surveillance resulted in the formation of the National Cyber Coordination Centre (NCCC) whose primary job will be to carry out a real-time assessment of cyber security threats. According to data compiled by the Indian Computer Emergency Response Team, more than 1,000 government websites storing critical and sensitive data concerning national security have been hacked by cyber criminals in the last three years. Chinese hackers reportedly breached the computers of India’s Defence Research and Development Organization. While China looks to snoop into important defence information, Pakistan on the other hand defaces Indian websites and uses Indian networks to spread hatred via cyber space. Groups such as the Army-in-Kashmir, Pakistan Cyber Army, and Pakistan Hackers Club have targeted nearly 500 websites. Pakistan-based hackers are funded by its intelligence, and unlike their counterparts in India, are fully protected by government. What India needs is a dedicated cyber army, which will counter these attacks.   Indian government is trying to change the approach from reactive to pro-active.

In 2011 India’s National Critical Information Infrastructure Protection Centre (NCIIPC) was created to defend networks of energy, transportation, banking, telecom, defence and space. National Technical Research Organisation (NTRO) was also created to protect critical infrastructure. Nuclear Power Corporation of India has been defending itself against at least ten targeted attacks a day. Email accounts of over 12000 influential decision makers were reportedly breached in July 2012. The cyber security was then put under the direct preview of the National Security Adviser (NSA). The Armed Forces have also created their own CERT teams and have till now followed inherently defensive firewall like approach. Notwithstanding the fact that India has been a global leader in software, India is only now trying to get to the grips and understanding the importance and complexities of cyber warfare. The national cyber security policy of India 2013 is a fledgling document which is defensive in nature. Formally approved cyber warfare policy is still ‘Work-in-progress’.

NASSCOM report titled ‘Securing Our Cyber Frontiers’ released in April 2012 recommended establishment of a Cyber Command within the defence forces. India currently has cyber security workforce comprising a mere 2000 experts deployed in various government agencies compared to China’s 150,000, USA 30,000 and Russia 10,000. Indian government has decided to recruit 5,000 experts to be deployed in different departments. The Armed Forces will get a majority of these, followed by NTRO and others. The Cyber Command would be formed with putting together existing cyberspace resources, creating synergy and integrating assets of the three services. Military would handle its own networks and take cyber-offensive/defensive actions. Protection of Indian civil networks would be the responsibility of NCCC. Cyber Command could be called to support NCCC in case of cyber disaster. Such coordination could be at the level of the National Security Advisor. “Cyber warfare is the biggest threat to national security which will render even the Inter Continental Ballistic Missiles (ICBM) insignificant as a security threat” said former Indian President and most respected missile scientist Abdul Kalam. India buys technology from various sources but by carefully monitoring the procedural aspect we can reduce the breaches by 30 – 35 percent.

The Future

An act of cyber war could be potentially lethal. Till date not one single cyber offense on record constitutes an act of war on its own. It has been suggested that China and the United States agree to a policy of mutually assured restraint with respect to cyberspace. This would involve allowing both states to take the measures they deem necessary for their self-defense while simultaneously agreeing to refrain from taking offensive steps. With low barriers to entry, coupled with the anonymous nature of activities in cyberspace, the list of potential adversaries is broad. Furthermore, the globe-spanning range of cyberspace and its disregard for national borders will challenge legal systems and complicate a nation’s ability to deter threats and respond to contingencies. One of the hardest issues in cyber counterintelligence is the problem of “Attribution”, albeit United States has claimed capability to trace attacks back to their sources and hold them “accountable”. Most States consider military-led cyber operations an attractive activity, within and without war, as they offer a large variety of cheap and risk-free options. Considered from a long-term, geostrategic perspective, cyber offensive operations can cripple whole economies, change political views, agitate conflicts within or among states, reduce their military efficiency and equalize the capacities of high-tech nations, and use access to their critical infrastructures to blackmail them. Various attempted on international legal frameworks to clarify what is not acceptable, have yet to be widely accepted.

In September 2011, Shanghai Cooperation Organisation countries proposed to the United Nations a document called “International code of conduct for information security”.In contrast, the United States’ approach focuses on physical and economic damage and injury, putting political concerns under freedom of Speech. This difference of opinion has led to reluctance in the West to pursue global cyber warfare control agreements. In June 2013, President Obama and Putin agreed to install a secure Cyberwar-Hotline providing between the cyber security coordinators, should there be a need to directly manage a crisis situation. The feasibility of weaker states getting offensive cyber capability against those with greater kinetic/nuclear weapons ability gives them chance to counter asymmetry at very low cost and visibility. In kinetic warfare, deterrence has an important role. Fear of retaliation makes the attacker to pause and think twice. In the case of cyber warfare deterrence has still to evolve. Facebook has nearly a billion users and there are 250 million tweets every day. While suspected nuclear facilities can be inspected, how does one examine everyone’s computer in a given country to ensure covert hacking isn’t under way? The US dominates the global cyber security market and is likely to spend US$100 billion between 2015 and 2025 (56 percent of the global market). Since the world is still at the ‘waking up’ stage to cyber threats, there are no clearly defined laws. Collateral damage may actually be the intention in this type of warfare. International defence contractors like Raytheon, General Dynamics, Lockheed Martin, BAE Systems, Cassidian (EADS), Thales, Northrop Grumman, and General Dynamics are eyeing the cyber market.

Military Technology