Indian Cyber Warfare Capabilities
4.1.1 Information Technology (IT)
Advancement in India. Indian
ambition of becoming an IT giant in the future is evident from Banglore, “The
Silicon Valley of India”. Its energetic IT production has expanded the
IT reach in social, industrial and economic sectors at a very fast pace. Case
in point is the 37% dominance of top officials at Microsoft by Indians.
Availability of large talent pool of technical qualified manpower serves the
spine of a rapid growth of IT investment in the country. Key indicators of this growth of IT industry
are as following:-
India’s software and allied
exports had risen at a rate of 29% on almost year basis to approx $7.5 billion.
Out of 500 most recognized enterprises, 185 subcontracted their software
requirements to promising Indian software industry.
Indians are utilizing
progression in telecommunication as road map for riding on bandwagon of IT.
Expansion of Indian NTP (National telecommunication Policy), National
Information Infrastructure (NII), Corporatizing Department of telecommunication
Services (DTS) into Bharat Sanchar Nigam Limited (BSNL) and IT Act 2000 are few
4.1.2 Indian Cyber Warfare Policy at National
/ Strategic Level. In August 2010 the Indian government told its agencies
to enhance their capacities in cyber warfare. The strategic directed government
agencies to develop capacities to break into networks of unfriendly countries,
set up hacker’s labs, set up a testing facility, develop counter measures and
set up CERTs for several sectors. The agencies at the forefront of the strategy
were National Technology Research Organisation, Defence Intelligence Agency and
the Defence Research and Development Organisation. Thus India has an offensive
– defensive policy. Indian National Security Advisor (NSA), under PM, is over
all looking after the coordination of cyber warfare issues for both offensive
and defensive purposes1.
Defensive Cyber Warfare Policy
National Cyber Security Policy. India has issued a National
Cyber Security Policy in July 2013. This is a policy framework by Department of
Electronics and Information Technology (DEITY), Ministry of Communication and Information Technology and Government of India. It aims
at protecting the public and private infrastructure from cyber attacks.
National Technology Research Organisation (NTRO). Under NSA, NTRO is responsible
to protect the critical IT infrastructures of India. It has both offensive and
defensive cyber warfare tasks to perform.
Emergency Response Team (CERT-In). The Department of Information
Technology established CERT-In in 2004 to counter cyber-attacks in India. This
organisation is partially successful in detection and reporting of cyber
Centre (NCIIPC). In 2011, the Government of India established another
sub division, NCIIPC to thwart attacks against energy, transport, banking,
telecommunication, defence, space and other sensitive areas. However, there is
no public face of NCIPC and some experts believe that NCIPC has failed to
materialize and perform its job.
TRINETRA. Indian Navy
has dev ‘TRINETRA’ which is an encryption organisation for securing
communications. Likewise, Defence Research and Dev Organisation (DRDO) also
manages cyber security, encryption and transmission security (TRANSEC) related
projects. Government of India has paid over 3 Billion US $ for these cyber
security related projects during last decade.
Reduced Reliance on Internet by Public Sectors. India is promoting the culture
of reducing dependence on internet particularly social media e.g. facebook,
twitter etc and communication on search engines like Yahoo, Google etc.
Offensive Cyber Warfare Policy
Offensive Cyber Warfare Strategy.
Indian government decided to recruit for cyber army of software
professionals to spy on the classified data of adversaries (mainly Pakistan and
China) by hacking into their computer systems. A strategy was drafted for this
purpose by Indian National Security Advisor AK Dovel and the Director of Indian
Intelligence Bureau (IB) as well as the senior officials of the
telecommunication department, IT ministry and RAW. According to the strategy
drafted in the meeting, India is recruiting 5,000 IT professionals and hackers
who will be assigned to be on the offensive or to launch pre-emptive strikes by
breaching the security walls of enemy’s computer system.
RAW’s Cyber Wing. Within
this wing, the National Technology Intelligence Communication Centre provides
technology and elelectronic intelligence to different agencies and intercepts
communication from adversaries. More
recently, India’s National Security Advisory Board recommended the creation of
central cyber security command modelled on the United States’ Cyber Comd.
NTRO / Defensive Intelligence Agency (DIA).
The most important factor to note is the involvement of NTRO along with
the Defensive Intelligence Agency (DIA) who is responsible for creating these
cyber-offensive capabilities. NTRO
is a key government agency of India that gathers technology intelligence while DIA is tasked with collating inputs
from the Navy, Army and the Air Force.
Indian Hackers Task Force. Indian
government has formed a Hacker Task Force, called the “Desi Hackers” 2 for aggressive cyber warfare.
Divine Matrix. The
Indian Army conducted a war game called the Divine Matrix in Mar
2009. The interesting aspect of this exercise was that Indian Military created
a scenario in which China launches a nuclear attack on India somewhere in 2017.
The purpose of this exercise was to describe how China will launch a cyber
attack on India before the launch of the actual nuclear strike3.
Indo-Israeli Cyber Nexus against
has announced complete and unconditional support for India. Israelian Deputy
Director General of Israel’s foreign ministry, Mark Sofer has said that there
is no difference between Hamas and other such organisation. “We feel that
India has a right to defend itself against Terrorists in the same way as Israel
has a right to defend itself from Ts. We are both suffering from the same
scourge. I really don’t see any difference between the Hamas and other such
organisation; I never did and I don’t today. A Terrorist is a Terrorist4.
4.1.5. Possible Effects.
Possible effects from the above mentioned resources are as fol:-
Electro Magnetic Pulse (EMP) through non-nuclear means to
disrupt communication and other electronic sys at various sites. Entry into our
communication systems networks to cause havoc at the time of choosing.
Not permitted admittance of computer
system to obtain or alter sensitive information.
Hacker’s activities to explore
vulnerabilities of our system in peacetime.
Injection of computer viruses into computer network,
exchanges, weapon systems and other computer-based systems.
Implementation of logic bombs to introduce time activated
virus in the computer systems without physical access. The economic hold can be
used to exploit the defensive equipment vendors to deploy logic bombs and use
of chipping against Pakistan.
Introduction of microbes to eat away
chips and insulating material to cause long term degradation.
Jamming of military communication
through satellites/ airborne.
Piecemeal entry into Pakistan defence related sites
either for propaganda or for hacking. This access can be used to obtain or
alter sensitive information.
Fire and forge type jammers can be depl for crippling the
C4I Sys of Pakistan
Army using short-lived high power, broad band noise
transmitters to disrupt sensitive electronic sys.
4.2 Response Capabilities And
Vulnerabilities Of Pakistan In Cyber Space. Today’s Pakistan is captivating the technology innovations
and heading towards information and communication technology (ICT) based
infrastructure, e-government and services. At the same time, technology hazards
and cyber security concerns have also increased in the region5. The
increased reliance on ICT is making our society increased vulnerabilities to
cyber espionage and widespread disruption of services. Moreover, the
unchecked usage of Pakistan’s cyber space by the T organisations
or international rival states may endanger our auth and lead to inauspicious
4.3 It is therefore mandatory for us both at
national and army level to take a stock of our existing response capabilities
and identify our vulnerabilities in order to strengthen our capabilities to
establish appropriate response mechanism in an organised fashion.
Response Capabilities in Cyber Space. Currently,
Pakistan lacks an organisational cap to counter any cyber threat. As part of digital society, Pakistan needs to
take concrete initiatives at national level to improve the effects of its
actions and policy of a responsible state against the abuse of cyberspace. The response mechanism and initiatives have
two main compositions namely management and technology responses. The present
capability of Pakistan in terms of management and technology response is
discussed in subsequent paras.
Response. The cyberspace
benefits as well as the threats are beyond the jurisdiction of normal and
traditional geographical boundaries of the nations. The enormous speed of cyber
incidents outstrips the traditional response mechanism. The speed and quantum
of such incidents can be huge in volume and multidimensional in terms of
sources range from an individual hacker to the state level. Thus the
composition and pulsating nature of threat stresses upon a composite, flexible
and well managed response mechanism6. Though
Pakistan has established a certain level of expertise in the cyberspace however
it needs a no of organisational framework, documents and procedures to be
defined and established at the top most government level. Pakistan has yet to
decide the basic comp of management response i.e. National cyber security
strategy, National cyber security policy and legislation. These composites of
management response are discussed below.
National Cyber Security Strategy. At present
there are more than one hundred countries in the world who have established a
certain level of cyber capacity at government level, out of which more than
fifty percent countries have published their cyber security strategy by
defining the national security objectives and goals intended to be achieved7.
Pakistan is yet to identify and define objectives and goals required to be
achieved through cyber security in terms of a national cyber security strategy.
National Cyber Security Policy. Pakistan is
among those countries in the world who has not defined their cyber security
policy as yet. In Jul 2013, Senate Committee on Defence established a Task Force for Cyber Security
that was given the mandate of defining the national cyber
security policy8. Till
date it lacks highest level organisational body having sole responsible of
defining and implementing the cyber security policy in the country by
establishing the control mechanism and corresponding regularities to achieve
each objective and goal defined in the national cyber security strategy.
Legislation. The legislation by Pakistan government on cyber crimes
started in 2002 by implementing the Electronic Transaction Ordinance (ETO). ETO
was first step in providing accreditation to the service providers. The
ordinance was having objectives to facilitate and documented the electronic
transactions and ICT related information in electronic form. In 2009, Pakistan government issued first
ordinance on cybercrimes named Prevention of Electronic Crimes Ordinance
(PECO). PECO defined and laid down legal terminologies related to cybercrimes,
types of crimes and punishments pertinent to each crime. However the ordinance
was never debated in the National Assembly and has expired due to
non-promulgation within constitutional timeframe. Currently the government has
passed the cybercrime law after facing much criticism from the opposition as
well as civil society. The act which has been given the title of the
‘Prevention of Electronic Crimes Act 2015’ provides legal mechanisms for the
investigation, prosecution, trial and international cooperation of crimes in
connection with information system. But till date the federal government has
failed to implement this recently passed bill.
4.4.2. Technology Response. The security threats can never be eliminated
from digital world; they can only be minimised and curtailed. The nature of
cyber incidents is not stagnant and uniform as the hackers and malicious actors
keep exploring and inventing new technologies and attack methodologies. This versatility in cyber threats can be
dealt by established a response body with requisite technology capacity,
capability and flexibility at government and organisation level. This body of
experts is typically referred as Computer Emergency Response Team (CERT) or
Computer Security Incident Response Team (CSIRT). A traditional and standard
CERT is comprised of cyber security professionals like Intrusion Detection
Experts, Malware Analysts, Application Security Professionals, and Emergency
Response Experts. The level and composition of CERT can however vary and differ
depending upon its specific mission and constituency. The typical types of CERT
are Coordinated CERT, National CERT, Organisation or Corporate CSIRT, Academic
CSIRT and internal CSIRT9.
Currently, Pakistan has no recognised CERT at national or organisational level
dealing specifically with communication or advance cyber threats. Government of
Pakistan has however established National Response Centre for Cyber Crimes
(NR3C) since 2009 under FIA but it cannot perform the assigned tasks in absence
of state laws10.
1 Indian Start studies, Cyber Warfare and Information Security for
India, Asif Ahmed 19 Feb 2014
2 Gary D. Brown, The Cyber Longbow & Other Information
Strategies: U.S. National Security and Cyberspace, 5 Penn. St. J.L. & Int’l
Aff. Apr 2017, Available at: http://elibrary.law.psu.edu/jlia/vol5/iss1/3
3 Indian Army fears attack
from China by 2017, Rahul Singh, Hindustan
Times, 26 Mar 2009
4 Israel to extend all possible support to
India against Pakistan, Discussion in ‘Central
& South Asia’ started by kahonapyarhai, Jul
5 Fahad Abdul Momein and M
Nawaz Brrohi, “Cybercrime and internet growth in Pakistan.” Asian Journal of Information
Technology 9(I), 1/4/15
Cyber Security Strategy, “Protecting and promoting UK in the digital world”,
7 Alexander Klimburg (Ed.),
“National Cyber Security Framework Manual”, NATO CCD COE Publication, Tallinn
8 Online source, Dawn News
PECO, Ordinance, Published in the gazette of Pakistan, Part-1, Dated 08 July
10 Usman, Mehboob, “Cyber Crimes: A Case Study Of Legislation In
Pakistan In The Light Of Other Jurisdictions , SSRN Papers, November 2016