oa South Asia's Cyber Insecurity: A Tale of Impending Doom

In the digital era, India's national security has extricably been linked with its cyber security. However, although India has digitalized its governance, economy and daily life on an industrial scale, it has never paid adequate attention to adopt a programme side-by-side to securitize its digitalization plan. Resultantly, not only India's cyber space but also its physical spheres have been exposed and facing constant attacks from its rivals and enemies. India is the single biggest supplier of cyber professionals around the world and successfully leading cyber space across the globe. But India's army of cyber professionals falters when it comes to detect the simplest of cyber crime, which often led to devastating consequences. Cyber security is ensuring secure use of computers, smart phones as well as computer network including internet from security threat – physical or virtual (emphasize mine). There are two types of threat attached with cyber security. First is threat to digital equipment from unauthorized access, with the intention to change, destruct or misuse the information available on that system which would wreck havoc on the intended service linked with that system. The second threat, which is still to be analysed by digital practitioners, analysts, security agencies and academics, is ‘the authorized use of cyber tool to aid, organize and orchestrate terror attacks and conduct or facilitate devastating physical damage to life, property and national assets (interpretation mine)’. In India, nearly all efforts, public and private, to prevent cyber threats are employed within the description of first type of threat. No endeavour spared on either to monitor or prevent the second type of threat. All cyber security related debates, government commissioned reports, private initiatives and public discourses are confined on how to secure the cyber information, data, secrets stored in computer networks and the seamless functioning of software enabled services. But contrastingly, most of the damages suffered by India during the past decade are because of the second type of security threat where enterprising terrorists and criminals have been exploiting the cyber world to inflict severe damage to personal as well as national security. Terrorists and criminals have been using telephone, email, internet, instant messaging, VoIP and other method of communication to execute terror plot and crime. Therefore, it is essential for the security agencies to keep pace with the plotters. Western intelligence agencies like the British MI6 and American Central Intelligence Agency (CIA) have been using eavesdropping technologies to chase, arrest, and pre-empt ominous attack plot as well as imminent crime. India's Military Intelligence uses the eavesdrop method to intercept the instructions of rival armies to their corps commanders and cadres while its Intelligence Bureau employs the method on a limited scale to unravel domestic disturbances and violence. Eavesdropping is the unauthorized real-time interception of a private communication, such as phone call, email, instant message, internet search, videoconference, and fax transmission. Owing to its robust cyber security programme and a pro-active interception policy, the United States has successfully prevented 25 terrorist attacks since 11 September 2001. In the contemporary era, potential recruits and cadres for various terror organizations and crime syndicates are found on social media. Therefore, the terrorist organizations are not looking recruits from the campus of orthodox madrassas or from poverty stricken ghettos but on the social sites to enlist the participation of highly educated radicals with an ability to crack government security. Leading terrorist organizations and various terrorist leaders are openly visible on cyber space flaunting their idiosyncratic agenda to lure potential foot soldiers. For example, three Muslim youths from an upmarket Mumbai suburb have recently not only joined the Islamic State of Iraq and Syria (ISIS) through social media but also travelled to Mosul in Iraq and received training to become suicide bombers. In India, the ISIS has not been soliciting cadres through mosque-madrassa sermoning but by a self-motivated cyber savvy information technology professional from Bangaluru. The cyber world provided an extensive and expansive platform to the terror recruiters and the recruits to meet, give-and-receive indoctrination and orchestrate high volume terror attacks. All nineteen 9/11 attackers, all four 7/7 London suicide bombers, and even the kingpin of 26/11 Mumbai attacks David Headley were recruited by their respected terrorist organizations from the cyber world. Therefore, it is essential to install a proper mechanism to monitor and restrain the users not to fall in the trap of terror organizations. Indian security agencies have been functioning in a reactionary fashion where prevention is received least priority. The country's British era security system is so archaic that the police officers on duty at street, which form the first line of citizen's defence, do not understand what cyber crime is. Security is a state subject and due to lack of evolution, provincial police departments have been using obsolete methodology to deal with modern day crime. Because of the inertia of security agencies, citizens do not trust the state police. Added to the malice is the fact that state police are neither capable nor trained to deal with cyber related crimes. At the federal level, India is still to develop a data base of criminals, home-grown militants and international terrorists with recognizable information like facial images, fingerprints, voice samples and biographical descriptions. In the absence of such a data bank, the viability of the system installed at India's entry-exit ports to effectively screen individuals entering or departing the country is worthless. It is time to correct the anomalies and absence of a robust cyber security system in India. While the Modi government is spreading the digital web throughout the country as part of its ‘Digital India’ campaign what India lacking is a definite monitoring mechanism. Misguided exuberance on the part of the government to digitalize India would prove counterproductive sooner than later. Ibn Khaldun, the all time great Arab historian, in his seminal ‘Muqaddimah’ explained how simple court intrigues devastated and defeated mighty emperors who were otherwise invincible and matchless in open battle. On cyber security issues India is following the maxim of Iban Khaldun. As per an estimation of the National Security Council, China, with its 1.25 lakh cyber security experts, is a potential challenge to India's cyber security. In humiliating contrast, India has a mere 556 cyber security experts. At stake is India's US$ 2.1 trillion GDP, power grids, telecommunication lines, air traffic control, the banking system and all computer-dependent enterprises. India and China's cyber security preparedness is a striking study in contrast. India is a reputed information technology-enabled nation while China struggles with its language handicap. India, with a massive 243 million internet users, has digitized its governance, economy and daily life on an industrial scale without paying adequate attention to securitize the digitization plan. In the digital era, national security is inextricably linked with cyber security, but despite being the single biggest supplier of cyber workforce across the world India failed to secure its bandwidth and falters to detect the simplest of cyber crimes, which often leads to devastating consequences. India's Cyber Naiveté India's inertia to induct cyber security as an essential element of national security and growth is tremblingly palpable. Cyber security is less debated, sporadically written about, and rumoured at best in India. Because of this apathy and despite India's grand stature in the cyber world, India is vulnerable to the cyber snarls of China and other countries. With its archaic governmental architecture, India is still in expansion mode with little time spared on digital security. One of the significant reasons of India's inertia is its lack of understanding and appreciation of the gravity of cyber security. Added to that, despite being a proclaimed land of young people, India's age-old lamentation for its youth is one of the vital stumbling blocks to adopting a strong cyber security policy. For example, the Narendra Modi-government appointed expert group ‘to prepare a roadmap on cyber security’ is comprised of aged professors and busy bureaucrats who cannot keep pace with the speed, agility and thought of modern-day hackers. China and all other countries' cyber security, on the other hand, rest in the hands of their young cyber experts. Prime Minister Modi might be a cyber wizard but the country's political apathy to cyber security is blatant. While the Chinese President and Prime Minister have been involving themselves directly with the cyber security initiative, no political figure in India has ever shown the slightest interest in securing India's cyberspace. The Ground Zero Summit, which is considered as the Mecca of India's cyber security debate and an earnest endeavor of cyber security professionals, failed to get a single political figure to deliberate on the issue. The lone reluctant political participant, former army-general-turned-politician Gen. V.K. Singh addressed the gathering through video conferencing. Prime Minister Modi talks about Digital India and the next wave of internet growth will have to come from vernacular users who would be far more vulnerable to cyber-related deception than their city-based English-speaking counterparts. The apathy of aging politicians and bureaucrats stem from the fact that this new field is dominated by twentysomethings with cans of Diet Coke and a constant chat history with their girlfriends. India is delaying the rightful prestige to its young cyber security professionals at its own peril. China, US, Israel and even war-torn Syria has long been cherishing the ability of its young cyber professionals. India's vulnerability to Chinese cyber attacks could be judged from the fact that a colonel rank officer from People's Liberation Army informed Swarajya contributing editor Ramanand Sengupta that India's cyber infrastructure to protect its stockmarkets, power supply, communications, traffic lights, train and airport communications is so ‘primitive’ that can be overwhelmed by the Chinese in less than six hours. So if there is a second India-China War, India's adversary does not need to send troops to the trenches of the Himalayas but to ask its cyber warriors to cripple India's security infrastructure from their cool air-conditioned computer rooms. India is nowhere in the cyber war that has engulfed the globe. India's response to such a critical situation is a timid National Cyber Security Policy that the government circulated in 2013. There is no national overhaul of cyber security and the Indian Computer Emergency Response Team, the statutory body to look after cyber attacks, has little critical strength or capability. Its endeavour to recruit young talent and meaningfully engage them is still to take off. After the 2013 National Security Council note that exposed India's cyber security unpreparedness, the government decided to augment infrastructure and hire more professionals. However, what is required is a strategic vision to ensure stealth in India's cyber security and a political conviction to plug strategic vulnerabilities. The National Technical Research Organization has regularly been alerting successive governments about the danger from Chinese cyber attacks. India cannot afford to be passive and unresponsive because if it does not not act now, by the time a sophisticated cyber-attack happens, it will probably be too late to defend against it effectively. India's immediate requirement is to understand the impending cyber security threat from China and build better network filters and early warning devices and add new firewalls around computers that run the Indian economy and regulate vital civil and military installations. But in any battle the attackers are always embedded with all advantages from choosing the battlefield to deciding the time of war to the choice of instrumentalities. Poor defenders end up defending an attack that they even cannot imagine.