Cyber terrorism is not a future threat or a prospective threat, it is an ongoing, current threat, says cyber security expert Dr Vivek Lall
With increasing dependence on cyber space and the Internet, vulnerability to aggressors — whether it is terrorists, criminals or hostile countries, is also increasing. After China and the U.S., India has the highest number of Internet users. There are also an estimated over 381 million mobile phone subscriptions with Internet connectivity.
Experts at a conference on ‘Homeland Security’ organised by FICCI in the Capital recently were of the view that India must consider cyber security as an essential component of national security and foresee and plan for various challenges arising out of the growth of the Internet and digitalisation of governance. Threats abound: cyber crime, cyber espionage, cyber war and cyber terrorism, all represent genuine risks to nations, firms and individuals around the world. Experts reckoned it is a matter of time before cyberspace becomes an “independent theatre of war”.
Dr. Vivek Lall, co-chair of FICCI’s Homeland Security Committee, and a distinguished fellow of Observer Research Foundation, said cyber attacks can affect critical infrastructure like the banking system, air traffic control, power infrastructure and gas pipelines. The power outage that affected several States last year as a result of grid failure is a scenario that can easily be created through cyber attacks. “In the recent past, we have seen the case of Stuxnet virus which attacked centrifuges. While the targeted victim was the Natanz nuclear site in Iran, other organisations across the world, including in India, operating with the Siemens system suffered from collateral damage from the attack,” he pointed out.
Dr. Lall, who is a member of the Joint Working Group (JWG) on Cyber Security led by the National Security Advisor, said every week one learns about new weapons — ‘Flame’ being one of the latest which has cyber security experts worried. Flame appears to be a virus written solely for data gathering, or espionage. It can gather and report data back to its command and control network from many sources, including computer microphones and web cameras and files, he added.
With the rapid march of technology, such attacks will only become more widespread as the use of Internet for manipulating things increases. “We have now entered into a new phase of conflict in which cyber weapons can be used to create physical destruction in someone else’s critical infrastructure. And there is a distinct possibility that the disruptions and dislocations it causes are permanent and severe.”
Since 2000-01, there have been regular reports of Pakistani cyber criminals defacing Indian websites and writing derogatory messages against India. On the other hand, China has become a formidable adversary in cyber space. Recent cases of Chinese hacking into many Indian government establishment computers and even the highly secure national security domains provide enough evidence of its capability in waging cyber warfare. Since 2003, the People’s Liberation Army has trained more than 30,000 cyber warriors and another 150,000 in the private sector. According to several reports available in the public domain, the Chinese goal is to build the world’s best ‘informationised armed forces’.
At the global level, nations are stepping up their cyber defence efforts. The U.S. was one of the first countries that considered this to be a strategic problem in 2006, both in terms of national security and their future economic wellbeing.
“In India, we need to create an environment within which security is built into our cyber and communications working methods. While it is the government that correctly takes a lead in evolving a coherent picture of what constitutes vulnerability in our cyber domain and a strategy on how to counter attacks, the private sector needs to recognise the real threat it faces. And this is not a future threat or a prospective threat that we need to prepare ourselves against; this is an ongoing, current threat,” Dr. Lall states.
The private sector must realise that despite the firewalls and layered defences, we may not be always keeping our systems secure. “To protect and grow their revenue stream, companies must invest in putting up cyber defence architecture. The anonymity cyber space provides renders it as an easy medium of ‘economic warfare’…,” he remarked.
Policymakers need to recognise this and put in place structures that allow the sharing of cyber security information through both formal and informal cyber exchanges. That requires a fast, unified action between government agencies and the private sector. “India must take an early lead in creating a framework where the government, the national security experts and the industry catering to strategic sectors of economy, can come together, to pursue the goal of cyber security in the larger national cause,” Dr. Lall added.