As the 21st century advances, a new danger — the cyber threat — is becoming a hydra-headed monster. It is hardly confined to any one domain though the military is the one most often touted. Rather, it is the civilian sphere where the cyber threat is becoming more all-pervading today and, in turn, a serious menace. It is beginning to have a cascading effect with questions being raised on how this would fit in with our belief in, and need for, a well-regulated world order.
What is most unfortunate is that not enough attention is being bestowed on the ‘all-encompassing nature’ of the cyber threat. In the wake of the Russia-Ukraine conflict, the world seems awash with papers on artificial intelligence (AI)-driven military innovations and ‘potential crisis hot zones’, along with stray references to new forms of hybrid warfare. But there is very little about the threat posed by cyber attacks. Ignored also is the new reality of the ‘weaponisation of everything’ which has entered the vocabulary of threats. The latter clearly demands a ‘proto-revolutionary’ outlook on the part of policymakers, which is evidently lacking. Lost in translation is also the nature of today’s weapon of choice, viz., cyber. This lack of awareness is unfortunate at a time when states clearly lack the necessary resilience to face a variety of multi-vector threats.
‘Grey zone operations’
‘Grey Zone Operations’ which fall outside traditional concepts of conflicts have become the new battleground, especially in regard to cyber warfare. ‘Grey Zone Operations’ are already beginning to be employed to undermine the vitals of a state’s functioning, a trend likely to grow. The convergence of emerging technologies alongside new hybrid usages, pose several challenges to nations and institutions.
Cyber space has been described by Lt. Gen. Rajesh Pant (retired), India’s current national cyber security coordinator, as a “superset of interconnected information and communication technology, hardware, software processes, services, data and systems”. Viewed from this perspective, it constitutes a critical aspect of our national power. Cyber threats are not confined to merely one set of conflicts — such as Ukraine, where no doubt cyber tools are being extensively employed — extending well beyond this and other conflicts of a varied nature. The cyber threat is in this sense all-pervading,embracing many regions and operating on different planes. Hence, dealing with the cyber threat calls for both versatility and imaginative thinking. Demands for a cyber command by the Indian military ignore the widely varying nature of the cyber threat. That a group of United Nations government experts have been deliberating endlessly on how to promote responsible behaviour of states in cyber space, without much success is testimony to the difficulties that prevail.
With each passing day, we confront a new reality, viz., the extent to which exploitation of cyber space by criminally minded elements undermines our everyday world and beliefs. The recent arrest in India, of a Russian for hacking into computers involved in the conduct of examinations for entry into the Indian Institutes of Technology (IITs), is a reflection of how cyber criminals are significantly amplifying their ‘Grey Zone Warfare’ tactics. This is, perhaps, the tip of the iceberg for, as a general rule, it takes a long time for the general public to become aware of the nature and consequences of cyber attacks. At first these look like random accidents and it takes sophisticated cyber forensics to understand the contours of such attacks. It may surprise many that the IIT entrance examination should be an area for ‘Grey Zone Warfare’, but the real surprise should be that the perpetrators could succeed in compromising an examination software system deemed to be among the most secure across the world. Thus, ‘Grey Zone Warfare’ is set to become the predominant paradigm for the remainder of the century. This adds urgency to erecting proper defences against Grey Zone attacks.
Distorting the entry-level results of the Joint Entrance Examination is a blow to the nation’s prestige, apart from creating chaos across the board, since entry into higher educational institutions and entry-level jobs in the country is driven by examinations which employ various kinds of technology. Till now, technology was perceived as a foolproof means to end malpractices, but the recent incident calls into question the veracity of such assumptions. What is even more consequential is that it significantly raises the bar as far as the intensity and scale of cyber attacks on other national assets and infrastructure are concerned, with many more of them coming under still more aggravated assaults.
The extent to which the system has been compromised is terrifying to contemplate, even before the full facts are unearthed. Yet, it has grave implications for the entire spectrum of endeavours that are totally dependent on technologically-driven remote access functioning as a part of their everyday business activity. Niche solutions for such cyber intrusions are available (though little known or used) and it is important that those concerned undertake a leap of faith to install such solutions before the situation goes out of control.
Cyber space battles, dilemmas
It can be argued that there may be nothing radically wrong in highlighting cyber space as essentially a locus of geo-political conflict — the Russia-Ukraine crisis being an instance — but there is much more to the cyber threat than this. In the case of the Russia-Ukraine war, cyber space has become an experiment for various players to try and support a weaker nation against a more powerful opponent, through distortion of information and communication flows, which are considered essential to the success or failure of any war strategy. While Russia may not publicly admit to the fact that it is hurting, with most global information networks being ranged against it and distorting realities, it has certainly added a new cyber dimension to the ongoing conflict. While its effect on the course of the conflict may not be decisive, the potential for mischief is immense. Additionally, distortion by private players of the concept of ‘the information super highway’ casts a dark shadow over the entire current systems of belief, providing a great deal of fuel for thought — more specifically when such influences turn out to be fake or distorted.
All this again brings to mind shades of the past, when the Cambridge Analytica scandal erupted over the issue of its becoming involved in elections. Similar suspicions again surfaced regarding Facebook’s manipulation of personal data. Hence, it is evident that the cyber realm is no longer confined to events such as the Russia-Ukraine war and the battle is now in our own backyards, with several non-state actors engaging in hybrid warfare and distorting day-to-day practices, including examinations. These pose legal, ethical and real dilemmas. Left unchecked, the world may have to confront a new kind of Wild West, before states find a common denominator for regulating cyber space and lay down proper rules and practices to prevent anarchy and chaos.
M.K. Narayanan, a former Director, Intelligence Bureau, a former Chairman, Joint Intelligence Committee, Government of India, a former National Security Adviser and a former Governor of West Bengal, is currently Executive Chairman of CyQureX Pvt. Ltd., a U.K.-U.S.A. cyber security joint venture