Newsletters  |  Buy Print
Sections
Features
Essentials
Print Edition
Current IssuePast Issues

Cyber challenges

Published : Nov 20, 2009 00:00 IST

R.K. RAGHAVAN
A cellphone recovered from the Mecca Masjid in the old city area of Hyderabad on May 18, 2007. It was presumably used to trigger the blast.-P.V. SIVAKUMAR

A cellphone recovered from the Mecca Masjid in the old city area of Hyderabad on May 18, 2007. It was presumably used to trigger the blast.-P.V. SIVAKUMAR

IF one single phenomenon has facilitated terrorism and organised crime in the past few years, it is the exponential growth of channels of communication available to law-breakers and perpetrators of violence and fraud. We saw this to a great measure in 9/11. The kind of teamwork displayed by the 20-member gang would not have been possible without reliable means of exchanging information that included e-mail. This was evident in the Mumbai attacks of November 2008 as well.

In the Mumbai case, the intruders were in continuous touch with those who had orchestrated the whole exercise from Pakistan for several hours after the operation had begun. Satellite phones came in handy to them. There was possibly a resort to VoIP (Voice over Internet Protocol) also to receive instructions from the Pakistani masters. There is a long list of recent occurrences across the globe where electronic communication has served as the anchor to terrorism or conventional crime. This poses a great challenge to governments and law-enforcement agencies and highlights the need for eternal vigilance. Administrative responses to this apparent hole even in the best of security arrangements have been varied, ranging from the most sensitive and responsible, to the indifferent and illogical. It is difficult to place countries into pigeonholes.

Nevertheless, I would rate the United States as the most admirable of nations in protecting itself electronically. India has not done badly at all, but it needs to do a lot more to attain U.S. standards. It may first have to emulate the U.S. proposal to install a Cyber Czar, who would operate from the White House to monitor and ward off cyber threats to the nation. Appointing such a functionary who is directly accountable to the Prime Minister will be a great step forward. I presume it is the National Security Adviser (NSA), with the aid of the Information Technology Ministry and the Director, Intelligence Bureau (I.B.), who currently performs this vital role.

As in the case of a nuclear armoury, India needs to generate an ability to protect itself against cyber attacks on its sensitive establishments as also retaliate in quick time. Fundamentally, both these capabilities require an extraordinary up-to-date knowledge of cyber security and a willingness to invest in men and equipment. The IT Ministry has done its bid to establish a Computer Emergency Response Team (CERT) and also help mobilise the support of government and private sector agencies so that we are not caught off guard. This may not be enough. Cyber security will have to become a national obsession in order to protect our integrity.

We have a few lessons to learn from what happened to Estonia (2007) and Georgia (2008). Both suffered a major cyber attack. Computers based in Russia were suspected to have unleashed the offensive in the two instances. Relations between Russia and the other two nations are known to be frosty for quite a while. In the case of Estonia, life came to a standstill after being subjected to several Distributed Denial of Service (DDOS) attacks.

Incidentally, Estonia, despite its small dimensions, is a highly computerised nation, and its banking and government agencies received a battering that caused them immense harm. Since this episode, Estonia has taken several corrective measures to fortify itself against a repeat of the attack. Interestingly, it was the venue earlier this year for an European Union Council meeting dedicated to cyber security. We will be prudent in studying what Estonia has done in the area. Let us not be dissuaded by the fact that it is a very small country, because it has received abundant technical support from other European countries in securing its cyberspace.

Georgia has an uneasy relationship with Russia since the break-up of the Soviet Union. This became exacerbated with the controversy over South Ossetia, a disputed territory, where a large number of Russian nationals live. It was originally an autonomous region within the Georgian Republic of the Soviet Union. Ossetian separatists have fought the Georgian authority tooth and nail leading to several wars. When Georgia tried to recapture South Ossetia in August 2008, the separatists there and the Russian troops successfully repulsed the invasion. Russia launched a series of cyber attacks, which brought Georgia down to its knees. Several government sites, including that of Georgian President Mikheil Saakashvili were defaced. There were also DDOS attacks that blocked important public sites, forcing many Georgian government websites to switch over to U.S.-based hosts. Interestingly, the Ministry of Foreign Affairs moved to a blogspot account. These were ingenious steps, which should be kept in mind by India if ever it faces a similar cyber aggression.

There were several instances in the past of the Indian government websites being defaced by miscreants. The mischief was generally believed to be by pro-Pakistani elements from either across the border or within India. There has, however, been no major attack recently. It is difficult to explain this. It could be due either to an utter lack of competence on the part of Indias adversaries or the high quality of its own cyber preparedness against intrusion. In either case, there is no room for complacence.

The threat from China is far more serious. Several studies emanating from the U.S. speak of a Chinese dexterity in spearheading cyber intrusions. This charge may be difficult to prove. It cannot be dismissed as frivolous either, given that countrys superior technological prowess.

Indias preparedness on the border security front will have to be accompanied by arrangements to secure sensitive information that our defence networks carry. A few years ago, a pen drive containing valuable information on Defence purchases was smuggled out of the Navy headquarters. The incident is still being investigated by the Central Bureau of Investigation. In no other Ministry is the need for extreme circumspection in the area of cyber security more important than in the Defence Ministry. Defence officials may not be expected to go to town telling us what they have done to secure their computers. We go by the assumption that they are both competent and sensitive to the challenges.

Basic, however, to all exercises towards securing confidential information is an awareness of the growing sophistication of attacks and the inability of the best of cyber protection tools to prevent one. This is why the accent should be on two aspects. One is encryption of all that is stored in cyberspace and is transmitted to various authorised recipients. This is where one sees a lot of reluctance and lack of care. Encryption is both expensive and laborious and is not user-friendly. Laptops carried by senior officials invariably contain extremely valuable information. If they fall into wrong hands, it will be disastrous.

Instances of theft of laptops are too numerous for our comfort. Encryption is the only answer to this. The second objective is one of formalising an arrangement whereby the most sensitive of information is stored in handwritten documents, and not transmitted online, and which is circulated by the authors themselves personally to those authorised to see them. Accountability for any leakage of information is easy to fix this way, unlike in cyberspace where the intruder invariably goes unidentified. The rationale for this seemingly archaic arrangement is that online security is not absolute and it is liable to be breached with some effort by a determined adversary hunting for information. This is security discipline of the highest order that should be obtained in respect of matters that have a bearing on the countrys defence.

The sensitivity of the IT Ministry in two areas gives us some comfort. This is in respect of the threat from Blackberry and Skype transmission. Both are of international repute, especially the latter. A form of Internet telephony, Skype has so many admirers and users because it is economical beyond belief. Actually, Skype is a free service, and what you need is only a reliable Internet connection. Indian security agencies are extremely worried that these could be used by terrorists to pass on information, which is hardly likely to be intercepted.

There was an initial threat to ban Blackberry. The threat receded after lengthy discussions with Research in Motion (RIM), a Canadian firm that runs the service with the help of local providers. The belief is that government agencies have been able to crack the code used by RIM so that all encrypted messages going through Blackberry can now be decrypted for scrutiny from a national security perspective. A somewhat similar truce is in the offing in respect of Skype as well. U.S. agencies feel that the blogging tool Twitter can also be used by terrorists for transmission of confidential messages. With the growing popularity of Twitter, the Indian government may have to take a view on how to reduce the dangers from an unrestricted Twitter traffic.

Propaganda — The Lede

Movie trailers: The unofficial manifestos of our time

Lawrence Liang
Propaganda

Editor’s Note: When cinema becomes a tool for propaganda

Vaishna Roy
+ SEE all Stories
Sign in to Unlock member-only benefits!
  • Bookmark stories to read later.
  • Comment on stories to start conversations.
  • Subscribe to our newsletters.
  • Get notified about discounts and offers to our products.
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide to our community guidelines for posting your comment