Indian Cyber Warfare Capability | An Analysis

Indian Cyber Warf ar Capability An AnalysisIndia is getting rapidly pumped up(p) to the info superhighway. As India gets connected to the global village, asymmetric IW panic posed by the adversaries as come up as non-state actors would be on the rise. With always ON broadband connections through DSL (Digital Subscriber Lines), line of reasoning modems and 3G (third generation) cellular cyberspaces, widely spread across homes and offices, the cyber threat capableness, has become to a greater extent pronounced. As per, Mr. S.K. Gupta, Advisor (CN IT), TRAI, the definition of broadband has been modified to include totally those work that offer access speeds of 512 kbps from 01 Jan 2011. This is pass judgment to be upgraded to 2 Mbps network speeds from Jan 20151.As brought out earlier India has carried a niche for itself in the IT Sector. Indias assent on technology similarly reflects from the fact that India is shifting gears by entrance into facets of e-governance. Ever since the launch of the cosmicst soft state of w atomic number 18 project implemented in India, the earth Wide Network for reckonerised Enhanced Reservation and Ticketing (CONCERT) for the Indian Railways in 19862, India has without delay brought sectors like income tax, passports, visa infra the realm of e-governance. Sectors like legal philosophy and bench are to come. The travel sector is in addition heavily reliant on this. Most of the Indian banks wear gone on full-scale computerisation. This has in any case brought in concepts of e-commerce and e-banking. The stock markets aim also not remained immune. To execute butchery in the country these are lucrative targets to paralyze the economic and fiscal institutions. The damagedone can be catastrophic and irreversible.Fig-1 Indias Information fundament (Source CERT-India).India currently occupies a leading position in the IT outsourcing and Business impact Outsourcing (BPO) industry. India is ideally situated in Sou th Asia, offering a 10-12 minute of arc time differential to North America and Europe that together dig nearly 80 per centime of the global IT business. The time zone divergence ensures round the clock productivity for these nations wanting to outsource their software as well as other work requirements3. Indias total revenue repayable to IT and BPO outsourcing was US$33 billion, which is estimated to grow to US$60 billion by the annihilate of year 2011. infomonitor, a leading UK-based business information company, inquiry indicates that 67-72% of costs to call centers operating in the US/UK are outright linked to man power costs. India, on the other hand sp fetch ups only 33-40% of costs on man power. This includes training, benefits and other incentives for labor4. 83 per cent of Indian businesses had keyed a security breach (against the global 64 per cent) and 42 per cent of these had three or more breaches (as of Sept 2004). be Counter Cyber Security Initiatives. Havi ng realised the importance of racing ahead of its adversaries in cyberspace, the Indian Govt has put in place various initiatives. Salient features of these initiatives cod been discussed in succeeding paragraphs.NASSCOM is in the process of setting up the Data Security Council of India (DSCI) as a Self-Regulatory Organization (SRO) to establish, popularize, monitor and enforce privacy and data protection standards for Indias IT ITeS industry.theme Informatics Centre (NIC). A phase modulation organisation providing network backbone and e-governance support to the Central Government, State Governments, heart and soul Territories, Districts and other Governments bodies. It provides wide range of information and communication technology services including nationwide communication Network for decentralized planning improvement in Government services and wider transparency of national and local governments.Indian Computer Emergency reaction Team (Cert-In). Cert-In is the most import ant constituent of Indias cyber connection. Cert-In is a functional organisation of Dept of Information Technology, Ministry of Communications and Information Technology, Govt of India, operational since 2004, with the fair game of securing Indian Cyber space. It serves as a national agency for computer ensuant response. Its mandate states, ensure security of cyber space in the country by enhancing the security communications and information infra structure, through proactive action and in force(p) collaboration aimed at security casualty prevention and response as well as security assurance.National Information Security distinguish-so Programme (NISAP). This is for Government and critical infrastructures, cozy ups are Government and critical infrastructures should baffle a security policy and create a guide on of contact.(b) authorization for organizations to implement security control and report any security incident to Cert-In.Cert-In to create a panel of auditor for I T security.(d) All organizations to be humble to a third party audit from this panel once a year.(e) Cert-In to be reported intimately security compliance on semiweekly basis by the organizations.Indo-US Cyber Security Forum (IUSCSF). Under this forum (set up in 2001) high power delegations from both side met and several initiatives were announced. Highlights are Setting up an India Information Sharing and Analysis Centre (ISAC) for break dance cooperation in anti-hacking measures.Setting up India Anti Bot Alliance to raise sensation about the emerging threats in cyberspace by the Confederation of Indian Industry (CII).Ongoing cooperation between Indias Standardization Testing and Quality deposition (STQC) and the US National Institute of Standards and Technology (NIST) would be expanded to untried areas.The RD group will work on the hard problems of cyber security. Cyber forensics and anti-spasm query.Chalked the way for step up bilateral cooperation to control cyber-cri me between the two countries.Challenges and Concerns. Some challenges and concerns are highlighted below (a) Lack of awareness and the culture of cyber security at individual as well as institutional level.(b) Lack of trained and qualified custody to implement the parry measures.(c) Too many information security organisations which pay off become weak due to turf wars or financial compulsions.(d) A weak IT Act which has become redundant due to non-exploitation and age darkened cyber laws.(e) No e-mail account policy especially for the denial forces, police and the agency personnel.(f) Cyber-attacks convey come not only from terrorists but also from neighboring countries inimical to our National interests.Recommendations. Certain recommendations are given below Need to sensitize the common citizens about the dangers of cyber terrorism. Cert-in should engage academic institutions and follow an aggressive strategy.(b) Joint efforts by all Government agencies including defence f orces to rip qualified skilled personnel for implementation of counter measures.(c) Cyber security not to be given more lip service and the organisations dealing with the similar should be given all support. No bureaucratic dominance should be permitted.(d) Agreements relating to cyber security should be given the same importance as other conventional agreements.(e) More investment in this field in scathe of finance and manpower.(f) Indian agencies working later cyber security should also come on a close vigil on the developments in the IT sector of our potential adversaries.National security adviser M K Narayanan set up the National Technology Research Organization, which is also, involved in assessing cyber security threats. entirely the cyber security forum of the National Security Council has become defunct after the US spy incident. This has scarred the Indian establishment so mischievously that its now frozen in its indecision. This has poorly hampered Indias decision-m aking process in cyber warfare.Cyber attacks normally happen very quickly and often with great stealth. Critical war fighting operations must continue to function effectively plot down the stairs cyber attack. India is yet to formulate a framework to evolve able response to PLA cyber warfare developments.Organisations in the pipeline. After existence at the receiving end of cyber attacks from across the border for many years, India is preparing a approach pattern for undertaking counter cyber warfare on unfriendly countries. According to a proposal being considered by the National Security Council, Indian agencies may be told to prove capabilities to exploit weaknesses in the information systems of other countries and also collect online learning of gravestone military activities. The proposal includes setting up laboratories in research institutions to simulate cyber attacks with the help of ethical hackers. These laboratories would be utilise for training information age ncies for offensive and defensive cyber warfare techniques. Personnel working in this area may be given legal immunity for carrying out these activities.The blueprint is likely to be put into action by the National proficient Research Organisation, the Defence Intelligence Agency and the Defence Research and evolution Organisation. The plan also talks about setting up early-warning capabilities about impending attacks on the countrys information systems and developing expertise in cyber forensics, which includes tools that stress on acquiring information from attacked systems to find out sources of attacks.The Government is feeling at setting up a National Testing celerity that will certify all imported software and hardware procured for key information systems. Security agencies are concerned about spyware or malware plant into imported products which can be used by unfriendly countries to crock up key sectors. The proposed testing facility will be on the lines of the cuss Technology Assessment Programme in the US. In order to seize key areas such as banking, Defence, the Railways, civil aviation, atomic energy and rock oil and gas, it is being proposed to set up a Computer Emergency Response Team for each of these sectors.Privileged information suggests the Indian government could seriously consider creating the position of a cyber security tzar whose mandate would be to fundamentally overhaul cyber security and bring the currently fragmented networks under a clearly defined structure.The overhaul will demand a whole new approach outside the bureaucratic confines considering that it necessarily requires tapping the cyber security community constituted by juvenility professionals in their 20s and 30s. Since this community is used to working in a highly non-hierarchical environment with a great deal of personal freedom the government will have to use the office of the cyber security czar as its interface with the young professionals.Threats Faced b y Indian Cyberspace. Although cyber security had already been coming under government focus for some time now, a 10-month-long investigation by the University of Torontos Munk Centre for International Studies, Canadian security firm SecDev Group and US-based cyber monitor organisation Shadow server Foundation has added extra urgency to the task. The investigators have issued a report titled Shadows in the Cloud An investigation into cyber espionage 2.0 which highlights how Indias defence establishment was seriously penetrated by cyber attackers based in Chengdu, the capital of Sichuan province in southwest China.The report exposes widespread penetration of computer systems at the National Security Council Secretariat, which is part of the Prime Ministers Office, Indian diplomatic missions in Kabul, Moscow, Dubai and Abuja, Military Engineer Services, Military Educational Institutions, the Institute of Defence Studies and Analyses, the National Maritime Foundation and some corporat ions. It is hard to quantify the damage the information obtained by the hackers can cause, but it could be potentially significant.The report has served to highlight serious flaws and vulnerabilities in Indias official information networks. Those who know how the systems work point to a lack of discipline in even seemingly petty(a) details such as senior government officials in culture medium positions still using email addresses on Yahoo, Hotmail and Gmail. They say inasmuch as no email system can be made foolproof, these free accounts are even less so. Even the use of social networking sites such as Facebook and Twitter are known to be prone to systematic attacks.aside from the inherent interest in Indias defence and other establishments because of its rise as a major power, there is also another reason why the country has emerged as an important target. Its position as home to large IT companies which are in turn repositories of vast global information also makes India particul arly attractive to hackers. In a sense hacking India could lead to a great deal of diverse economic, financial, health and other forms of valuable intelligence. ace of the primary mandates of any future cyber security czar would be to create a multi-layered security system around its national assets in a manner that no single successful penetration would yield a treasure trove of information in one place. The cyber security czar could also be mandated to lay down standards and code of conduct for those in the government handling data of certain sensitive temperament. Informed sources say the czar would report to the National Security Advisor and would often end up operating outside the traditional command and control structure of the Indian bureaucracy because of the kind of monitoring the office would be expected to do.One specific approach that the Indian government might have to consider adopting relates to what in industry parlance are known as defensive and offensive hackers. While the formers job would be to ensure hearty defences against all attacks, that of the latter would be to actively be part of hackers universal who perform the role of flooding malware or malicious software codes used to infiltrate large systems. Such participation is crucial to pre-empting attacks. It is in this consideration that the Canadian investigation makes an interesting point. Under the section Patriotic Hacking the report says, The PRC has a vibrant hacker community that has been tied to targeted attacks in the past and has been linked through informal channels to elements of the Chinese state, although the nature and extent of the connections remain unclear. One common theme regarding attribution relating to attacks emerging from the PRC concerns variations of privateering model in which the state authorizes private persons to perform attacks against enemies of the state. contrary China, which has developed a sizable community of defensive as well as offensive hacke rs, India has not even begun to evolve a gummy approach to what cyber security experts regard as a decisive font of the information technology-driven world. Since the government cannot officially or even unofficially introduce these hackers, it will have to find creative ways to utilize their services and create enough indirect protections in the event some of them cause afoul of law-enforcement agencies which may not know about their existence.This is clearly a grey area which many cyber security experts say is a essential evil. It is conceivable that India may have to create its own version of fast(a) hackers if it has to effectively thwart hacking attacks.