By Vijay Kumar
At the World Economic Forum, Microsoft’s Satya Nadella said Russia’s cyber onslaught on Ukraine started one year before its special military operation on February 24, 2022. While the Russian invasion had a combination of troops, tanks, aircraft and cruise missiles, the first shots were in fact fired hours before when the calendar still said February 23. This attack involved a cyber-weapon called ‘Foxblade’, which was launched to cripple Ukraine’s digital signals and distract the country before an actual military operation was launched.
Within days, Ukraine retaliated by hiring hundreds of global security experts/hackers to launch similar offensive cyber-operations on sensitive Russian entities, the aftereffects of which were globally felt. For any top commander, security today is much beyond tanks, missiles, frigates, torpedoes or fighter jets. Implicit earlier, cyber warfare is now an offensive digital stratagem while cybersecurity is defensive. The Ukraine war teaches that national security today must encompass safeguarding data integrity, availability, confidentiality, data privacy and data security.
1962 Sino-Indo War Vs 2022
Sixty years ago, in 1962, India fought with China at the McMahon Line, the boundary that separates India from China. In the aftermath, then Defence Minister VK Krishna Menon decided to start Sainik Schools across the country to train young boys from a very tender age (11 years) to eventually become officers in the Indian armed forces. The very next year in 1963, Pandit Nehru inaugurated the first Sainik School at Tilaiya, Bihar (now Jharkhand). In these six decades, these schools have pioneered themselves as successful nurseries for the National Defence Academy (NDA).
Masterminds might be aiming to hold to ransom an entire fleet, a corporation or a nation by exploiting glitches/vulnerabilities in the security ecosystem
The year 2022 brings the technology-steered cold war out in the open. While proxy wars and terrorism have been realities, the proxy cold war leveraging sophisticated technologies would be catastrophic. Events like 9/11 or 26/11 might not be realities anymore; masterminds might not just want to control a few airplanes or a few buildings any longer but might be aiming to hold to ransom an entire fleet, a corporation, or a nation by exploiting glitches/vulnerabilities in the security ecosystem.
The new cold war would be centred on the mastery of technology as the currency of power. Robots, drones, AI/ML, IoT, analytics, social, impersonation, camouflaging, metaverse, crypto, blockchain, wallets, AR/VR and technology-led weaponry and hyper-personalised cyberattacks would dominate the cloud era ahead.
While India is on a high growth trajectory, it has also been a victim of a targeted digital cold/proxy war. Losses in these wars have been incomprehensibly high and entities/victims don’t even get to realize for months that they had been taken for a ride but by then the damage is done.
India witnessed over 18 million cyber-attacks, at an average of nearly 200,000 threats daily, in the first three months of 2022, according to US-based security firm Norton. As per top American Cyber Security experts, intellectual properties of Indian companies have been getting stolen by Chinese hackers for quite some time now. In the past three weeks (June/July), 70 Indian government and other Indian private websites faced international cyberattacks.
India witnessed over 18 million cyberattacks, at an average of nearly 2 lakh threats daily, in the first three months of 2022 – US-based security firm Norton
Given this backdrop, what should India do? Should India start a National Cyber Academy (NCA) on the lines of the prestigious NDA? Or should India start Cyber Schools like it envisioned the Sainik Schools post the 1962 Chinese war? Should cybersecurity be an integrated part of the Ministry of Defence? Should the Indian states not have a separate cabinet portfolio for cybersecurity? Just as Dubai has ministers for AI and Blockchain and Australia has a Union Minister for Cyber Security, isn’t it time India appointed a Union Minister for Cyber Security? If not, how are we going to fight this snowballing digital massacre?
The VUCA Years
The last three VUCA (volatility, uncertainty, complexity, and ambiguity) years have been unprecedented, shuddering humanity like never before. With the 2020 lockdowns, the warmth of the world suddenly became cold. While it initially seemed temporary, it hasn’t really been so. The movies we watch have been great in educating us about the meaning of ‘Lockup’, but unfortunately the word ‘Lockdown’ was new, until March 2020, for the majority. Believe it or not, even 3-year-olds today understand the word lockdown while they might not grasp the word ‘Lockup’ yet.
Just as Dubai has ministers for AI and Blockchain and Australia has a Union Minister for cyber security, isn’t it time India appointed a Union Minister for Cyber Security?
While the beginning of 2022 did bring us the desired ray of hope, the party has been short-lived with the intermittent Omicron and monkeypox hissing at us time and again besides the worrying European confrontation that has gone unabated for months now. With borders being closed and with remote working being realities, these VUCA years have adversely contributed to the global spike in technology-led cyberattacks and in fueling the cold/proxy war.
With the virus outbreak originating from Wuhan and with China not much impacted until 2022, many globally believed that the epidemic was part of a covert Beijing’s ploy. Whatever the truth, the world sans China almost got united to form a cohesive force, much to the annoyance of the Chinese leadership. With time, the credence to the Wuhan virus theory got stronger, fueling the cold proxy war in the digital realm.
With closed borders and remote working becoming realities, the VUCA years have adversely contributed to the global spike in technology-led cyberattacks and in fueling the cold/proxy war
Cold War Returns
Global developments post-February 2022 suggest that the cold war might have been behind closets since the USSR disintegration (1991) but it is all set for a comeback in a treacherously digital way. More so, what nations preach and what they practice suggest that countries don’t truly walk their talks and that a trust deficit heavily exists worldwide. With Ukraine undeterred and siding with the EU, with NATO leaving no stone unturned in aggravating Kremlin, with Russia as emboldened as ever with its oil exports generating billions even amidst the confrontation, this conflict seems to have multiple catalysts, prolonging this forever.
It’s hard to believe that the collective global strengths have been unable to curtail the destruction even after months. It is equally hard to believe that the powerful combine is unable to even remotely influence the parties involved. It is flabbergasting that while the global forces could collectively control Covid, the same behemoths are struggling with the combatants here. On one hand, they import oil from Russia while on the other, they lament Kremlin over the aggression.
War in the Fifth Domain
But the biggest thing that has happened in the world in my life, in our lives, is this: By the grace of God, America won the Cold War — President George HW Bush, State of The Union Address, Jan 1992
Times have changed. Unlike earlier, the US is unable to control both Russia and China. Recent episodes in Afghanistan are testimonies to this fact, signalling past hegemony, successes and glory, if any, might not be the trusted compass to help us navigate the future. The fallout of the Ukraine war is going to be ruinous with newer blocs’ formation, mightier and sophisticated than ever before, creating deterrent forces and unleashing proxy wars on a 24X7X365 basis. There would be ideological and uglier confrontations, denting the concept of a unipolar world, capitalist ideologies, IMF and the World Bank, eventually rejigging focus on tech-powered covert under-handlers, surveillance, hacks and ploys.
While we have been able to defend our borders, proxy digital warfare will be ruthless; state-sponsored adversaries have a lot to win.
Hi-tech arsenals would be highly deceptive and strategic. The damage will continue forever with losses bigger than any physical war that has a definite start and end date. With rapid digitisation, everything today runs on bits. With automation all-encompassing across transportation, navigation, utilities, Industry 4.0, and ERP/supply chain dictating terms like never before, the Third World War would probably have cyber-ploys as the core offensive front.
Getting India Ready
Irrespective of whatever policy India adopts, it is time Indians brace themselves for the digital upheavals and cyber bloodbath ahead. It is time we were invested in cyber security. It is time for robust cyber intelligence. It is time cyber education was made mandatory early on.
Given the ever-changing warfare dynamics, it is time the Ministry of Defense integrated cyber warfare into its ambit. It is time India appointed a Union Minister for Cyber Security. It is also time India emphasised ‘Cyberpath and Cyberveers’ like “Agnipath and Agniveers”. It is time India fired on all cylinders to defend this new frontier.
• Fancy Bear, an organised cybercrime group believed to be linked with Russia’s GRU military intelligence agency, is alleged to have carried out attacks on Western governments, think-tanks and corporations
• The malware targeted Ukrainian rocket forces and artillery between 2014 and 2016
• Sony Pictures Hack followed the release of ‘The Interview’, which negatively portrayed Kim Jong Un. The attack is attributed to North Korean government hackers
• Stuxnet Virus is among the most sophisticated cyberattacks in history, targeting the Iranian nuclear program. Reports said it seriously damaged Iran’s ability to manufacture nuclear weapons
• NotPetya ‘wiper’ virus of 2017, allegedly linked to GRU, caused more than $10 billion of damage globally by infecting companies that do business in Ukraine with malware seeded through accounting software. It affected 65 countries and about 50,000 systems, including FedEx, Maersk and Merck
• NotPetya also hit the Chornobyl nuclear power plant and around 13,000 devices used by public institutions, banks, postal services, newspapers and businesses.
(The author is a v-CISO & CEO of DigiFortex Inc, a Cyber Security Consulting. https://digifortex.com)