Seizing The Enemy Without Fighting

Published Date: 02 Nov 2017

INTRODUCTION

"One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful."

Sun Tzu Sixth Century B.C

1. The nature of conflict and war has been impacted by evolution of technology. The modern day conflict is "no contact war" (NCW) [1] with no "physical" or "kinetic" action across borders. Operations are conducted in a covert manner using resources such as agents in the information domain to weaken or strike at an adversary to achieve political objectives. These are clouded in ambiguity and deniability. The enemy is unseen and the victim unsure of how and where to react.

2. Cyber Warfare a component of Information Warfare conducted in cyber domain is new form of war. Today cyberspace is a national asset, which enables a host of business and government services to citizens. Critical infrastructure such as energy, telecommunication, banking, stock exchanges, etc and economies of advanced nations almost entirely depend upon technology in cyberspace. Businesses are leveraging technology to transform their business models. Defence and Police agencies are making strategic use of technology to modernize.

3. Social networking platforms have enabled people to come together and change the way they interact socially. It has not only initiated connections, but has managed to sustain the growing interconnect by engaging people in different interests of their choice. Currently Facebook has 1 billion users, there are 1 billion tweets every week this year with a community of 225 million users. The Arab Spring, Jasmine Revolution, Occupy Wall Street etc have exemplified that the growing community of hundreds of thousands of people can be mobilized for a cause through social media. In contrast, London riots were supposedly fuelled by social media. Recently the regular failure of electricity grid in north India, the mass exodus of people all across the country to North East and Assam riots are testimony to what cyber domain can trigger and its enormous power.

4. Given the kind of activities being carried out in the cyberspace, cyberspace merges seamlessly with the physical world. But so do cybercrimes. Cyber attackers can disrupt critical infrastructures such as financial and air traffic control systems, producing effects that are similar to terrorist attacks in the physical space They can also carry out identity theft and financial fraud, steal corporate information such as intellectual property, conduct espionage to steal state and military secrets, recruit criminals and others to carry out physical terrorist activities. With this growing threat landscape, cyber-readiness of the security systems has been constantly put to test. While security systems are increasingly expensive, launching cyber attacks is relatively much economical. This growing imbalance is a game changer. It has ascertained cyberspace to be offense dominant, wherein defenders have to defend all the time at a heavy cost, while the attacker needs to succeed only once.

5. The damage inflicted by cyber attackers may not be easily recognizable and in some cases, may even go unnoticed. Even if an attack is successfully defended, it is possible to cover tracks and thus attribution of a cyber attack, in some scenarios, becomes very difficult, if not impossible. Tracing a cyber attack is not easy as Internet has no geographical boundaries and cuts across jurisdictions. There are no international laws/agreements that could help in tracing cyber attacks. This makes it all the more difficult to fight back against cyber warfare.

6. Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multi layered initiatives and responses. It has proved a challenge for govt, the task is made all the more difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.

7. There is a urgent need to establish National Structure for Cyber Security which clearly defines roles and responsibilities for every stakeholder, establishes coordination & information sharing mechanisms, focuses on building Public Private Partnership models and creates environment for enhancing trust between the industry and government. A fully empowered head for Cyber Security should be appointed, positioned at the highest level within the government. Also we need to establish a Cyber Command within the defence forces to defend the Indian Cyberspace. The Cyber Command should be equipped with defensive and offensive cyber weapons, and manpower trained in cyber warfare.

METHODOLOGY

Statement of Problem

To study & analyse the need to establish unified cyber command at national level to include Services , suggest its structure, envisaged role & capability in Cyber Warfare domain against ever increasing Cyber security threat, to safeguard national interests.

Hypothesis

9. The present & future will see ever growing threat manifestation to national security from Cyber Space which has become fifth dimension of warfare. India being pioneer in IT sector, can successfully secure itself from cyber threat under a unified cyber command. Thus there is urgent need to establish unified cyber command at national level in general & Services level in particular to counter the ever increasing cyber threat.

Justification for the Study

10. Cyber has become a fifth dimension of warfare in recent years. Due to ever increasing dependence on information and communication technologies, especially the Internet, for delivery of services, one of the biggest challenges the world faces is that of cyber security. Governments around the world are formulating cyber security strategies and policies to effectively manage the risks, which are global in nature.

11. Given the importance of cyber security because of it being closely associated with national security. The security situation in 2020 is bound to be far more complex and dangerous. The future will see wired society with the e-governance, communication, power and transportation networks, financial transactions, health and medicine, all dependent on the cyber domain. Alongside will be the aspect of increased transparency and instant dissemination or democratisation of information. All this will also create vulnerabilities and impact on security with disastrous consequences.

12. Today, sophisticated set of nation states and non-state actors are increasingly making efforts to intrude the networked domain of its adversaries. The known activity is fraction of adversary exploitation and there is routine exploitation of known vulnerabilities. The targets and intentions are clearly on gaining operational information and foothold in the networked domain. Operating in a contested environment requires situational awareness and improved defence against cyber attacks.

13. There is urgent need felt at national level and also at services level to understand the nature of threat from cyber warfare and also defensive and offensive cyber warfare measures to be taken. The efforts in cyber domain can only be organised and coordinated by establishing a unified cyber command at national level. Thus there is need to study the structure, role and capabilities of cyber command in detail.

Scope

14. This study has concentrated on taking into account the threat posed by cyber warfare and understanding the need to establish unified cyber command to safeguard national interests. This study proposes to suggest the structure, role and capabilities of unified cyber command of India by carrying out in depth analysis of cyber threat environment and studies of cyber command of developed countries.

Method of Data Collection

15. The major source of information for this study has been from internet. A few books and reference material that were available in the DSSC library have also been consulted. Besides this interaction with senior military officer on the subject have also contributed towards the study. The bibliography of the source is appended at the end of the text.

Organisation of the Dissertation

16. It is proposed to study the subject in the following manner:-

(a) Chapter 1. Introduction.

(b) Chapter 2. An overview on cyber security threats and challenges.

(c) Chapter 3. Indian Cyber space and cyber security initiatives.

(d) Chapter 4. Establishment of Unified cyber command.

(e) Chapter 5. Recommendations.

(f) Chapter 6. Conclusion.

CHAPTER 2

AN OVERVIEW ON CYBER SECURITY THREATS AND CHALLENGES

Cyberspace and its Importance to Nations

1. Cyberspace has no boundaries, it is man-made and ever expanding. It comprises IT domain to include computer networks, computer resources, all the fixed and mobile devices connected to the global Internet. In the evolutionary stage of Internet, the key considerations were interoperability and availability. What started as a closed user group involving academics from a few universities, was thrown open to the world and has grown exponentially ever since. The rapidity in the development of information technology (IT) and the relative ease of using applications has commercialised the use of cyberspace and its expansion dramatically in its brief existence.

2. In today’s networked world, cyberspace is considered as a national asset, it has enabled a host of business and government services to citizens, efficient operations of critical infrastructure depends on it. In fact, economies of many nations across the globe almost entirely depend upon technology in cyberspace. It has become the lifeline of critical infrastructures such as energy, telecommunication, banking, stock exchanges, etc. Businesses are leveraging technology to transform their business models. Defence and Police agencies are making strategic use of technology to modernize.

3. Social networking has gripped the entire world and revolutionised the way people come together and change the way they interact socially. It has not only initiated connections, but has managed to sustain the growing interconnect by engaging people with different interests of their choice. Currently, Facebook has around 800 million users, which are expected to reach 1 billion by August 2012. Tweets on Twitter grew from 500 K in 2007 to more than 4 billion in Q1 of 2010, to over 1 billion tweets every week this year with a community of 225 million users.

The Arab Spring, Jasmine Revolution, Occupy Wall Street etc. have exemplified that the growing community of hundreds of thousands of people can be mobilized for a cause through social media. In contrast, London riots were supposedly fuelled by social media.

4. Activities carried out in the cyberspace domain has merged cyberspace seamlessly with the physical world. Cyberspace has provided a tool for globalisation and tool to Cyber attackers to disrupt critical infrastructures such as financial and air traffic control systems, producing effects that are similar to terrorist attacks in the physical space Cyber attackers and cyber criminals can also carry out identity theft, financial fraud, conduct espionage to steal state and military secrets, recruit criminals and others to carry out physical terrorist activities.

5. Nations across the world are facing, an evolving array of cyber-based threats arising from a variety of sources in cyberspace. The cyber threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness

to act, and their motives, which can include monetary gain or political advantage, among others. Moreover, potential threat actors have a variety of attack techniques at their disposal, which can adversely affect computers, software, a network, an organization’s operation, an industry, or the Internet itself. The nature of cyber attacks can vastly enhance their reach and impact due to the fact that attackers do not need to be physically close to their victims and can more easily remain anonymous, among other things. The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals, businesses, critical infrastructures, or government organizations.

6. Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multi-layered initiatives and responses. It has proved a challenge for governments because different domains are typically administered through soiled ministries and departments. The task is made all the more difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.

Array of Cyber Threats Faced by Nation

7. The security of cyberspace, systems and networks is essential for protecting national and economic security, national data, public health and safety, and the flow of commerce. Ineffective information security controls can result in significant risks to security of the nation which include following:-

(a) Loss or theft of resources and critical data.

(b) Unauthorised access to and disclosure, modification, or destruction of sensitive information, such as national security information, personal taxpayer information and proprietary business information.

(c) Disruption of critical operations supporting critical infrastructure, national defense and emergency services.

(d) Undermining of agency missions and its credibility due to embarrassing incidents that erode the public’s confidence in government.

(e) Use of cyber domain for unauthorized purposes or to launch attacks on other computers systems.

8. Cyber Threats. Cyber threats can be classified on the basis of the perpetrators and their motives, into four categories. These are:-

(a) Cyber espionage.

(b) Cyber warfare.

(c) Cyber terrorism.

(d) Cyber crime.

Cyber attackers use numerous vulnerabilities existing in cyberspace to pose cyber threat. They exploit the weaknesses in software and hardware design through the use of malware. DDOS (Dedicated Denial of Service) attacks are used to overwhelm the targeted websites. Hacking is a most common practice of piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also most common. The scope and nature of threats and vulnerabilities in cyber domain is multiplying with every passing day.

Cyber Warfare. No agreed definition of cyber warfare exists, but many states are indulging in attacking the information systems of other countries for espionage and for disrupting their critical infrastructure. The attacks on the websites of Estonia in 2007 and of Georgia in 2008 have been widely reported in past. Although there is no clinching evidence of the involvement of a state in these attacks, it is widely held that in these attacks, non-state actors (e.g. hackers) may have been used by state actors. Since these cyber attacks, the issue of cyber warfare has assumed urgency in the global media. Many a countries have set up a cyber command to counter the threats and accepted cyberspace as fifth dimension of warfare.

11. Cyber Crime. The increasing online population has become a happy hunting ground for cyber criminals, with losses estimated due to cybercrime being in billions of dollars worldwide. While countries across the globe are reporting enormous losses to cybercrime, as well as threats to enterprises and critical information infrastructure (CII), in India insignificant number of cases has been reported, other than those relating to cyber espionage. Though the report of the National Crime Records Bureau (NCRB) for 2012 reported an increase of 50% in cybercrime over the previous year. Nationally, Andhra Pradesh (349) ranked first, followed by Maharashtra (306) and Kerala (227). In cities, Bangalore (117) reported the most incidents while Visakhapatnam (107) and Pune (83) ranked second and third. Nationally, most cases were reported about loss of computer resources and obscene publications online. All over the country 157 cases of hacking were reported and 65 persons were arrested for the offence. Other offences include misuse of digital signatures, forging digital documents, unauthorized access and breach of confidentiality [2] . The low numbers of cybercrime cases registered could be because cyber laws have proved ineffective in the face of the complex issues thrown up by Internet.

12. Cyber Terrorism. Cyberspace has provided most potent and cheaper tool to non-state actors for planning terrorist attacks, for recruitment of sympathisers, or as a new arena for attacks in pursuit of the terrorists’ political and social objectives. Terrorists have used cyberspace for communication, command and control, propaganda, recruitment, training and funding purposes. From that perspective, the challenge of non-state actors to national security is extremely grave. The government has taken a number of measures to counter the use of cyberspace for terrorist-related activities, especially in the aftermath of the terrorist attack in Mumbai in November 2008. Parliament passed amendments to the IT Act, with added emphasis on cyber terrorism and cybercrime, with a number of amendments to existing sections and the addition of new sections, taking into account these threats.

Further actions include the passing of rules such as the Information Technology (Guidelines for Cyber Cafe) Rules, 2011 under the umbrella of the IT Act. In doing so, the government has had to walk a fine balance between the fundamental rights to privacy under the Indian Constitution and national security requirements. While cyber hactivism cannot quite be placed in the same class, many of its characteristics place it squarely in the realm of cyber terrorism both in terms of methods and end goals [3] .

13. Cyber Espionage. Instances of cyber espionage are on rise with financial losses worth millions being exfiltrated from the websites and networks of both government and private enterprises. The theft of intellectual property from private enterprises is not an issue because R&D expenditure in India is only 0.7% of GDP, with government expenditure accounting for 70% of that figure. Companies are also reluctant to disclose any attacks and exfiltration of data, both because they could be held liable by their clients and also because they may suffer a resultant loss of confidence of the public. As far as infiltration of government networks and computers is concerned, cyber espionage has all but made the Official Secrets Act, 1923 redundant, with even the computers in the Prime Minister’s Office being accessed, according to reports. The governments currently can only establish measures and protocols to ensure confidentiality, integrity and availability (CIA) of

data. Law enforcement and intelligence agencies have asked their governments for legal and operational backing in their efforts to secure sensitive networks and undertake offensive against cyber spies and cyber criminals who are often acting in tandem with each other, and probably with state backing. Offence may not, necessarily the best form of defence in the case of cyber security, as seen in the

continued instances of servers of the various government departments being hacked and documents exfiltrated.

Sources of Cyber Security Threats [4] 

14. Bot-Network Operators. Bot-net operators use a network or bot-net of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services bot-networks are sometimes made available on underground markets (e.g. purchasing a denial-of-service attack or services to relay spam or phishing attacks).

15. Criminal Groups. Criminal groups seek to attack systems for financial gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, online fraud and computer extortion. International corporate spies and criminal organizations also pose a threat to the nations through their ability to conduct industrial espionage, large-scale monetary theft and to hire or develop hacker talent.

16. Hackers. Hackers break into networks for varied reasons like thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain and political activism. While gaining unauthorized access one requires a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. With advent of technology attack tools have become more sophisticated and easier to use. The worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

17. Insiders. The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization as well as careless or poorly trained employees who may inadvertently introduce malware into systems.

18. Nations. Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications and economic infrastructures that support military power or impacts that could affect the daily lives of citizens across the country. Among state actors, China and Russia are of particular concern.

19. Phishers. Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.

20. Spammers. Individuals or organizations distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware or attack organizations (e.g., a denial of service).

21. Spyware and Malware Authors. Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware or malware. Several destructive computer viruses and worms have harmed files and hard drives. Some examples include the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer and Blaster.

22. Terrorists. Terrorists seek to destroy, incapacitate or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information.

Types of Cyber Exploits [5] 

23. Cross-Site Scripting. An attack that uses third-party web resources to run script within the victim’s web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information and remotely access and control the victim’s machine.

24. Denial of Service. An attack that prevents or impairs the authorized use of networks, systems or applications by exhausting resources.

25. Distributed Denial of Service. A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

26. Logic Bomb. A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

27. Phishing. A digital form of social engineering that uses authentic looking, but fake, e-mails to request information from users or direct them to a fake website that requests information.

28. Passive Wiretapping. The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

29. Structured Query Language (SQL) Injection. An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

30. Trojan Horse. A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms. For example, masquerading as a useful program that a user would likely execute

31. Virus. A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

32. War Driving. The method of driving through cities and neighborhoods with a wireless-equipped computer with a powerful antenna, searching for unsecured wireless networks.

33. Worm. A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

34. Zero-Day Exploit. An exploit that takes advantage of security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed timeframe between public discoveries of both makes it difficult to defend against.

Cyber Security Challenges

35. Cyberspace as described above, with its unique characteristics pose numerous challenges in cyber security. The most critical challenge is of coordination and cooperation between different stake holders at national and international levels. A comprehensive framework is required to ensure coordinated response, recovery, intelligence and information sharing mechanism, clarity in roles & responsibility of various agencies and governments. Specified role of industry in public private partnership models is also lacking at the national level. At the international level, absence of globally accepted norms featuring cooperation across jurisdictions to track cyber criminals and their extradition is making it difficult for the law enforcing agencies to bring cyber criminals to justice. Lack of adequate knowledge and training of law enforcing agencies and judiciary in many countries for understanding cyber crimes and relevance of evidence in the form of cyber forensics.

36. Protection of critical information infrastructure has emerged as a major challenge. National Security has traditionally (for air, land and sea) been the sole responsibility of the governments. The new responsibility of securing the critical information infrastructure against the rising number of cyber attacks has come within the ambit of national security. This new responsibility, however, does not lie solely with the government. Private sector has a major role to play, as majority of the critical information infrastructure is owned and operated by the private sector. However, private sector’s investment in security is driven by business requirements and not by national security concerns. So how can government intervene? By incentivizing or regulating the private sector? There is an ongoing debate on which direction the nations should take. Many believe that market forces cannot deliver the required investments and efforts for ensuring public safety and national security. Whereas some believe that too much of government intervention through regulations can undermine business innovation. No clear universal solution to this problem has emerged presently.

37. There is yet another area of global concern, namely the ICT global supply chain. Given the increased dependence on global ICT products, especially in operating critical sectors and growing realization of cyber risks, countries are doubting the integrity of these products, fearing that adversaries may introduce malicious codes / functions to do surreptitious surveillance, disrupt services, or at worst paralyze a nation. Alleviating such doubts and fears to continue benefitting

from global ICT supply chain is one of the biggest challenges the world faces in cyber security today. Where some countries are trying to address this challenge by building global and national capabilities to address supply chain risks without undermining the international competiveness and legitimate trade flow; others are focusing on developing indigenous products to reduce the dependency on foreign players.

38. Another very important challenge requiring ongoing efforts is poor awareness and education about cyber security threats and the need to follow best practices, across different levels – ranging from school children to top government officials, and management in the corporate world. Adding to the problem is the non-serious and reactive approach towards security. Lack of knowledge and awareness among users increases the risk manifold. Because of poor awareness, we become vulnerable and easy victims of social engineering attacks, phishing sites, spurious email communications, etc. Many such cyber threats can be easily mitigated if individuals are aware and vigilant.

39. Other major difficulties in addressing problems related to cyber security at an organizational level include: lack of high quality software development; treatment of security function as a cost centre; compliance driven approach to security; lack of multi-departmental coordinated roadmap; treatment of security as merely a technology issue and not a management issue; and difficulty in calculating Return on Investment (RoI) for security investments.