Dsa august 2014 by Defence and Security Alert

editor-in-chief

DSA is as much yours, as it is ours!

ocial media is a game changer that has followed the logical development of the Internet. If the web was an equaliser in spreading knowledge beyond the confines of those in possession, then access to social media platforms spreads information faster than conventional media is capable of. Traditional media, be it state or privately owned, cannot match social media platforms for the speed of disbursement. It is also a fact that much of what goes as information through social media may lack credibility, but its distribution cannot be stopped. At least not in a free democratic country. And that is where the catch lies in terms of the utility of social media.

It is widely believed that social media helped carry the various Arab revolts that shook the established authorities out of their slumber. Even the most reticent of regimes, like Saudi Arabia, felt the pressure created by social media platforms. Egypt of course had a regime change that is credited to the power of social media. Hosni Mubarak seemed unshakeable, especially with the military firmly on his side. But they didn’t reckon with the power of the people united by common messaging platforms. Crowds were drawn together by the messages carried by various mobile networks. And the messages called for a change that became a reality. The same was largely true for the 2014 General Election in India. Social media played a vital role, well into the villages of the country. It can be safely said that the election was won and lost in the digital landscape fought over and through social media. Social media has a unique ability to connect people seamlessly over barriers that are either man-made or geographical. A football fan watching a World Cup match in Brazil was able to communicate instantly with his friend or countrymate seeing the same game on television separated by many time zones. People are now connecting seamlessly over distances unimaginable, across cultures unconnected, through continental separateness and into countries even though they may not be officially communicating. This has never happened before in human history. It is a power that a common citizen anywhere in the world can use to its optimum. Curtailing this power and the freedom that it bestows, comes with a heavy baggage. Increasingly fewer countries are willing to undertake the social and political risks involved in curbing this power. Even though this seamless global connectivity via social media comes with a cost that is unseen, unheard and largely unknown. Which makes this cost doubly dangerous. Social media leaves a digital footprint that can be used to track the users right into their homes. Now in an ordinary sense this shouldn’t be a worry. But when users are also involved in the implementation of national security programmes then there is enough reason to be alarmed. There are certain liabilities in the use of social media platforms and they impact on cyber security measures that a government must ensure. For starters, all those involved in the national security aspects of governance have to be kept secure from cyber attacks or sabotage through social media platforms. These platforms, while seeming to be harmless and friendly, can in fact be used as a deadly tool against officials in sensitive ministries and departments. Even as their identities can be tracked, their locations traced, inadvertent usage may allow them to be compromised. And that could well prove to be more costly for the country than any other countermeasure. It is necessary that countermeasures be in place for preventing the misuse of social media platforms. For the honour and responsibility of partaking in the nation’s security apparatus there have to be some compromises on liberties and expression. Government departments have to ensure that social media is accessed only on stand-alone computers. While this directive may have been issued its implementation is still shoddy. This enables hackers and cyber sleuths from other countries an entry into the digital world of the country, thus compromising its security disproportionately. In a first of its kind, the United States of America has named and charged some Chinese officials for cyber espionage. A digital entry has to be prevented first, before worrying about chatter finding its way into foreign hands. Users don’t realise how much they’re revealing and there is no reason that the listener should get to know so much.

Manvendra Singh August 2014 Defence AND security alert

publisher’s view

Social Media

And Its Impinging Omnipresence!

An ISO 9001:2008 Certified Magazine

Volume 5 Issue 11 August 2014 Chairman Shyam Sunder Publisher and ceo Pawan Agrawal Director Jaahnvi Agrawal Director Shishir Bhushan Editor-in-chief Manvendra Singh Corporate consultant KJ Singh Corporate communications Mamta Jain Sales Amit Kumar Creative Pankaj Kumar Representative (USA) Steve Melito Representative (J and K) Salil Sharma Correspondent (Europe) Dominika Cosic Production Dilshad and Dabeer Webmaster Sundar Rawat

he technological revolution of the twentieth century has given communication a new dimension and meaning. The advances and available choices in mobile communication devices are responsible for this paradigm shift, converting communication into a passionate necessity today from the luxury it was! It is difficult to imagine communication long before the hustle and bustle of email and text messaging, when surface transportation was the only means of sending messages and communicating with those who played an important role in one’s existence. Communicating through letters that were delivered by ships, homing pigeons and runners is beyond comprehension for this generation. Technological communication has grown exponentially, leaving snail mail to be a thing of the past. Came telegraphy and the art of communications as created by Morse, replacing the written word by dots and dashes intended to both codify and impart a kind of secrecy to the message. Information and Communications Technology has changed the way humanity interacts, exchanges and accesses information. Smartphones, mobile devices and social media are the latest in a succession of advancements growing at a feverish pace. A quantum leap in communications came with the launch of satellites into the orbit. The word ’Internet’ flashes many images upon the canvas of the human mind. The dominant one may be thousands of computers and networks connected with each other exchanging information. This momentous revolution saw every individual acquiring the tool for such connectivity, the ubiquitous cellphone. Before we could digest this phenomenon, Social Media had conquered our modern civilisation, becoming synonymous with communication and networking between individuals, groups, organisations and nations. All conflicts in the world have happened due to two major reasons: Non-communication and miscommunication! Mass communication has now latched on to this list. Social Media is instantaneous communication through hubs like Facebook, Twitter, LinkedIn, Google+, YouTube and Flickr that have been ardently embraced all around the world. Social Media has spread like wild-fire and emerged as the most effective and economical medium to disseminate information.

IT operations Mehar Dogra Mahendra Singh Ankit Kumar Photographer Subhash Circulation and distribution Anup Kumar E-mail: (first name)@dsalert.org info: info@dsalert.org articles: articles@dsalert.org subscription: subscription@dsalert.org online edition: online@dsalert.org advertisement: advt@dsalert.org Editorial and corporate office 4/19 Asaf Ali Road New Delhi-110002 (India) t: +91-011-23243999, 23287999, 9958382999 e: info@dsalert.org www.dsalert.org Disclaimer All rights reserved. Reproduction and translation in any language in whole or in part by any means without permission from Defence and Security Alert is prohibited. Opinions expressed are those of the individual writers and do not necessarily reflect those of the publisher and / or editors. All disputes are subject to jurisdiction of Delhi Courts. Defence and Security Alert is printed, published and owned by Pawan Agrawal and printed at Graphic World, 1686, Kucha Dakhini Rai, Darya Ganj, New Delhi-110002 and published at 4/19 Asaf Ali Road, New Delhi (India). Editor: Manvendra Singh

The ‘‘Darkside of Cyberspace’’ is a metaphor and conceptual framework defining a virtual environmental realm that includes all criminal, deviant, deceptive, harmful and malevolent activities in the abstract universe of cyberspace. Cyber crime includes legal and illegal online activities, as well as destructive and self-destructive online behaviours resulting in cyber bullying, cyber stalking, cyber harassment, Internet trolling, cyber terrorism, online sexual predation, Internet addiction, online deception etc. Generically described as cyber crime, it is not restricted to threatening emails or phishing but has dug its claws in each e-interaction, producing demons like call spoofing, advance fee fraud, mobile phone hacking, credit / debit card frauds, child pornography, DDOS attack, system hacking, fake profile cases and many more. This cyber threat has given rise to Cyber Security concepts that need to be incorporated into every computer and communications device to protect them from invasion. This edition of DSA features disquisitions and perspectives of renowned and distinguished Cyber Security experts in India and overseas. Dear reader, we hope that their research based expertise, opinions and suggestions will add value to your knowledge for ensuring cyber security and communicating in the safest possible way. We have also dealt with Network Centric Warfare, which is again related to the cyberspace usage by defence and security forces worldwide to strengthen their defence and security operations. Technology is rapidly changing the way military objectives are accomplished. Network Centric Warfare is therefore becoming mandatory to ensure that critical information reaches its destination fast, whether it is for those on the battlefield or those making decisions. Team DSA joins me in wishing you all a Happy Independence Day! Jai Hind!

Team welcomes

The New Deputy National Security Adviser

ormer IFS officer and leading defence and security expert Dr Arvind Gupta is the new Deputy National Security Adviser to the government of India along with his role as Secretary, National Security Council Secretariat (NSCS). Dr Gupta, PhD in International Relations from Jawaharlal Nehru University, assumed charge as Director General, Institute for Defence Studies and Analyses (IDSA) on 5th January, 2012. He was a visiting member at the Tata Institute for Fundamental Research (1974-76) and served at the Oil & Natural Gas Commission (1976) and at the State Bank of India (1976-79) before joining the Indian Foreign Service in 1979. He has worked in the Ministry of External Affairs in different capacities and served in diplomatic missions in Moscow, London and Ankara. Prior to joining the IDSA, he was Joint Secretary at the Indian National Security Council Secretariat from 1999 to 2007. During his tenure at the NSCS he dealt with a wide range of international and national security issues and participated in the various working groups and task forces set up by the NSC. He has also worked with the Kargil Review Committee.

His current interests include the international security issues, India’s foreign policy, energy security, climate change, technology and internal security issues. He has been a member of several task forces on issues such as space security, climate change, cyber security, nuclear disarmament etc. We all in team DSA extend our heartiest congratulations and a warm welcome to Dr Arvind Gupta. We wish him a very successful and rewarding tenure as the Deputy National Security Adviser in the service of the nation. DSA has had the proud privilege of having long association with Dr Arvind Gupta as our distinguished contributor. His thought-provoking and insightful articles have always added great value and prestige to the magazine. Team DSA applauds the sincerity of his enthusiasm and his strong intention to take dynamic steps towards building a self-reliant Defence and Security apparatus and strengthening the nation with his pragmatic initiatives. We are confident that with his long and varied experience and deep understanding of India’s strategic imperatives he will devise suitable doctrines and mechanisms to safeguard the critical geopolitical and geostrategic interests of India.

Pawan Agrawal

August 2014 Defence AND security alert

Contents

SOCIAL MEDIA AND CYBER SECURITY

SPECIAL ISSUE AUGUST 2014

NETWORK CENTRIC WARFARE

An ISO 9001:2008 Certified Magazine

Volume 5 Issue 11 August 2014

A R T I C L E S Are Armed Forces Prepared For Cyber Attacks? Dr Kamlesh Bajaj

F E A T U R E S 10

Cyberspace 14 Dr Amit K Maitra Indian Festivals Falling Prey To The Dragon! Pawan Agrawal

Indian Cyberlaw Pavan Duggal

Privacy And Security In Online Social Media Dr Ponnurangam K (PK)

Cyber Espionage Lessons To Be Learnt From Snowden Revelations Muktesh Chander IPS

Cyber Laws And Digital Evidence V Rajendran

Cyber Agenda For The New Government Lt Gen Aditya Singh PVSM, AVSM (Retd)

Strategic Cyberspace Science Perspective On Threat Intelligence Shawn Riley

Net-centric Defence Forces: A Macro View Dr Samuel Cherian

Indian Perspective On Geoeconomics And Geostrategy Arjun Singh

A Web Within ’The Web’ Rakshit Tandon

China’s Emergence As A Cyber Power Munish Sharma

Intelligence Revolution Amir Rapaport

Cyber Crime And Investigation Mukesh Choudhary

Ensuring Cyber Security By Regulations Vakul Sharma

Absence Of Inter-Services Inter-operability Team DSA

Media As Soft Power An Indian Perspective Kriti Singh

Follow DSA on:

@dsalert

August 2014 Defence AND security alert

FELICITATIONS 3 Dr Arvind Gupta Deputy National Security Adviser

EXCLUSIVE INTERVIEW His Excellency Daniel Carmon Ambassador Of Israel To India

sneak Peek 28 EXCLUSIVE INTERVIEW 29 Mr Raghavendra H Auradkar Commissioner Of Police, Bengaluru Defence And Security Industry Monitor New Initiative By DSA Get Connected

Follow DSA on:

@dsalert

40 70 71

For online edition log on to: www.dsalert.org August 2014 Defence AND security alert

international relations

Interview

Exclusive Interview with His Excellency

Daniel Carmon Ambassador of Israel to India

ndia and Israel are dynamic democracies and have enjoyed warm and cordial relations founded on shared values, common interests and challenges. In an exclusive interview with DSA His Excellency Daniel Carmon shares his views and his vision for Indo-Israeli bilateral relations. We wish to put on record our appreciation that His Excellency just a day after presenting his credentials to the President of India spared time for team DSA.

Defence and Security Alert: India established official relations with Israel in 1992, although informal ties had existed since much earlier. Please encapsulate for our readers the genesis and evolution of our cordial and mutually rewarding bilateral ties to their present status of strategic relationship. Daniel Carmon: For Israeli diplomats, India is one of the most interesting as well as important places to serve our country. Diplomacy is about creating options and since the relations were officially formed, we have been creating more and more options for the development and growth of these relations. Israelâ&#x20AC;&#x2122;s relations with India are founded on shared values, joint interests and common challenges. We understand that in order to meet these common challenges, we have to work together and join hands. These relations became full diplomatic ones during the time of PM Narasimha Rao 22 years ago. Since then, they have grown consistently and rapidly across the board and became multilayered and deep. Today, the bilateral relations are an example of a combination of classic diplomacy and bringing almost on a daily basis tangible results with real and substantial implications on the lives of many Israelis and Indians in fields such as defence, agriculture, R&D, water and education. DSA: Over the years, Israel has earned the sobriquet of a reliable partner which has been acknowledged by the present government and India is now the largest customer of Israeli military equipment accounting for almost 50 per cent of military sales. What have been the highlights and turning points of this eventful journey? Daniel Carmon: Throughout the years we have witnessed a steady growth in every field of cooperation, including

August 2014 Defence AND security alert

defence. We have similar challenges and they are only becoming bigger and more complex. It is essential that we work together to overcome these challenges. The two defence establishments are working together for a long period and are familiar with each other. We have great appreciation to the capabilities, experience and dedication of our Indian counterparts. This is an equal partnership that both sides have much to gain from. In every field, but especially in defence, we see our joint work as a two-way-street that both sides have a lot to learn from each other. This cooperation is transforming into a real partnership. We face very similar problems, we think of solutions together, we plan how we can implement those solutions and even produce them jointly. We are also forthcoming with sharing the technology that we have. Therefore, we can expect a continuation of increase in cooperation in defence in the years to come. DSA: Non-military cooperation and bilateral trade between India and Israel is not expanding fast enough as per the potential. What measures do you propose to accelerate cooperation in other areas of mutual interest? Daniel Carmon: The bilateral trade today includes many different indispensable fields such as agriculture, dairy, water technologies, IT and many more. We also deal with other fields that bear fruits to both sides such as tourism, academia and development. These are strong foundations to base our economic and commercial relations on. Our bilateral trade grew from US$ 180 million in 1992 to over US$ 5 billion 20 years later. This is an impressive increase but now we need to find a new tool that would enable us to take the bilateral trade to the next level and focus it on things both of us do best. We have been in negotiations on FTA for a while now and we have no doubt that this could bring a new chapter in the relations of the two countries. Some experts say it can double or even treble the volume of trade within a few years but more than that, it can intensify the cooperation between companies and individuals on both sides and bring about more flow of qualified workforce between the countries. Both countries are leading forces in IT in international markets. No one has any doubt that this will benefit immensely both Indians and Israelis and will allow both of us to compete better in the international markets. We

His Excellency Daniel Carmon, Ambassador of Israel to India

August 2014 Defence AND security alert

international relations

Interview

look at these relations as relations that are constantly going through a process of evolution and growth. We look at long-term processes across the board – from security to food security, from tourism to technology. A Free Trade Agreement can affect all.

We have proven to be a reliable partner of India and I have no doubt that high level dialogues will be enhanced in order to facilitate this partnership DSA: India and Israel share many geopolitical and geostrategic challenges. What are the contours of our bilateral cooperation to secure our borders and homeland security? Daniel Carmon: Last February, we signed bilateral agreements in Homeland Security and counterterrorism in order to create a framework for both countries to work together. It will provide us an important and useful tool to save lives of Israelis and Indians. Terror and state sponsored terrorism are a global danger to us all. It can affect each and every aspect of our lives and livelihood as it has struck Indians and Israelis more than once. This terror is born out of extreme ideology that is targeting others who do not share the same perception. There is not much difference between the terror Israelis are facing in Jerusalem or Tel Aviv to what Indians suffer in Mumbai or in Iraq or anywhere else. What we do know is that the problem is similar so we should think of the solution together and fight against terror together. That will be the best way to overcome this challenge not just for India or Israel but for any other peace seeking country. Like in any other fields, we hope to have an equal and full partnership with our very capable Indian counterparts.

agriculture. He himself had visited Israel in 2006 and is familiar with Israeli capabilities. Our Prime Ministers had talked several times in the last few months to see how we can deepen these relations. We have always known how to combine our unique capabilities in both sides in order to face joint challenges, a combination that is being reflected through tangible results for the benefit of the citizens of both countries. We have proven to be a reliable partner of India and I have no doubt that high level dialogues will be enhanced in order to facilitate this partnership.

India and Israel’s agreement of cooperation in Homeland Security and Counterterrorism is one of these indispensable tools to jointly fight against terrorism DSA: As head of MASHAV, you are in the best position to spell out the avenues that India and Israel can explore to scale new heights in bilateral cooperation and further diversify and strengthen our strategic relationship. Your comments please. Daniel Carmon: The agriculture cooperation between Israel and India is unprecedented. It is the biggest agriculture project in which the Government of Israel is involved anywhere in the world and is done through MASHAV – Israel’s International Development Cooperation Agency. The Indo-Israel Agriculture Cooperation touches the lives and livelihood of millions of Indians and Israelis. The current work plan in which

DSA: Indian Prime Minister, Narendra Modi has expressed his desire to deepen and develop ties with Israel in his communication with PM Netanyahu. What has been your PM’s response and what direction do you think our bilateral relations can take? Daniel Carmon: Our relations are a continuous effort as a long and continuous chain of successes. There are no magic tricks or short cuts in building this solid relationship. The leadership in both sides is the one that is setting the course of these relations and the direction that we are going. It is essential for our leaders to meet and visit each other even more in order to further cement bilateral cooperation. The leadership in both sides have always focused on substantial issues. One example of it you can find in the exchange of letters from 1951 between our PM David Ben Gurion and the Indian PM Jawaharlal Nehru in which they discussed subjects such as food security. Given the past, we have no doubt that with the new Indian government both countries will continue to work closely together to fully realise the potential of these relations in fields such as water, food security, conservation and energy. With PM Modi we have a long successful experience of joint work on complex projects, including in fields such as water and

August 2014 Defence AND security alert

His Excellency Daniel Carmon with Mr Pawan Agrawal, Publisher and CEO of DSA magazine

His Excellency Daniel Carmon in conversation with Mr Pawan Agrawal we are working on in 9 states together with the NHM, has were fired by Hamas and other terror organisations since proved itself to bring real increase in the productivity of Israel unilaterally left Gaza in 2005. After three weeks many Indian farmers. In some places you see an increase of Israeli restraint, when Hamas further escalated the of 5 times more produce in the same place using Israeli intensity of rocket attacks, Israel was left with no choice technology adapted to the Indian needs. In other places than to respond, as any country would do. Israel’s goal is to you see the rejuvenation of old mango trees that bring stop the rocket fire at its civilian population and neutralise sweeter, bigger fruits and higher quantity of produce the terror tunnels that threaten Israeli communities. after using the methods India and Israel’s developed by the Indian agreement of cooperation Our joint achievements are already and Israeli farmers. The key in Homeland Security and remarkable and we believe that with here is the joint work and Counterterrorism is one of collaboration. It’s not enough these indispensable tools Prime Minister Modi and his government to bring proven Israeli there is room for further enhancement of to jointly fight against technology and knowledge. terrorism. The important these relations in every field We have to adapt it to the issue to understand that requirements and needs of terror can take various the Indian states and farmers and this is being done by forms and shapes but it still derives and based on extreme both Indian and Israeli experts. Discussing the new work ideology that is targeting others that do not share the same plan to begin in 2015, a process that began a short while perception. The best way to confront terror by extreme back, is not merely a technical issue but it is an important radical organisation such as Hamas, ISIS, Boko Haram, step for creating the long-term vision of how and where Al Qaeda and LeT, is to join hands. we want this cooperation to lead us. Our success had proven we can even extend further this cooperation DSA: What is your message for the people of India and focus on water facilities and water recycling and DSA readers around the world? as well as dairy industry. Daniel Carmon: The relations between any two countries, DSA: Global Jihad and terrorism are spreading their especially Israel and India, are built as layers, one on top tentacles all over the world. What bilateral and multilateral of another in a long process of crafting and shaping those strategies and mechanisms have India and Israel relations over time. It is based on common values, challenges devised to counter and contain these scourges which are and interests. We are both ancient civilisations that go disturbing world peace and security? back thousands of years. Our two nations are democracies that promote freedom of speech, encourage innovation Daniel Carmon: Israel and India, like many other and entrepreneurship and from a very early age insert in democracies, are facing terror threats by terror their people the desire to grow, evolve, always be better organisations with extreme ideology. In recent years and and achieve more. Our joint achievements are already especially since June 12th, my country is facing continuous remarkable and we believe that with Prime Minister Modi rocket attacks by the Hamas terrorist organisation that and his government there is room for further enhancement unlawfully rules the Gaza strip. 18,000 of those rockets of these relations in every field.

August 2014 Defence AND security alert

cyber security

BUILDING CAPABILITIES

Are Armed Forces Prepared

For Cyber attacks? Armed Forces have to accept that cyberspace is a new domain, the way Americans have done. If that be so, it has to be protected much the same way land, air, sea and space are protected. We must be able to defend the Indian cyberspace, equip our forces with defensive and offensive cyberweapons, make them appreciate that cyber is offense dominant and train the forces in cyber warfare. They have to build capabilities in countering cyber espionage and deny the enemy any benefits if it succeeds in breaking defences. In this battle, the Forces need significant support of civilians and the private sector.

support lines through a spyware that was successfully installed and which went undetected for several months. Stuxnet – the deadliest attack vector that has been designed so far – which destroyed a nuclear reactor in Iran, is also believed to have been transmitted via a USB stick. Email is yet another medium, in fact, the first medium that was and continues to be, used to transmit worms, viruses, Trojans and spyware to target users and sites. In the past few years it has been increasingly used to launch attacks through social engineering techniques.

It should be underlined that the Forces depend on critical infrastructure such as power sector, transportation, banking and telecommunications. Any outage of these services on account of cyber attacks on critical infrastructures negatively impacts the operations of Forces It should also be underlined that the Forces depend on critical infrastructure such as power sector, transportation, banking and telecommunications. Any outage of these services on account of cyber attacks on critical infrastructures negatively impacts the operations of Forces. And critical infrastructure attacks are expanding. Obama’s signed article in Washington Post on July 19, draws attention to such scenarios after simulated exercises revealed extreme vulnerability to cyber attacks.

t was reported in July, 2012 that the Eastern Naval Command’s internal network was compromised in a major cyber attack, which resulted in very sensitive data about Indian Navy’s battle preparedness plans, submarine deployment and other secrets being leaked to the Chinese. Several other Armed Forces breaches also have been reported over the last couple of years. But the officials are always eager to clarify that no secret data were lost. That India is a target of cyber attacks – both for cyber espionage and disruption of critical infrastructure – should not come as a surprise. Every country believes that it is under attack in cyberspace. Even Pentagon and NASA have admitted that their systems have been compromised in successful cyber attacks and that they have lost highly sensitive data that can compromise American national security. Why are we in a state of denial? Use of and our dependence on, cyberspace is expanding. It is not just email to communicate, browsing of websites for information, news, commerce; Internet banking, financial market transactions; travel and ticketing; or

August 2014 Defence AND security alert

service delivery to citizens; but even infrastructures such as power distribution, air traffic control systems and nuclear power plant operations that depend on cyberspace. Even military establishments have to use private and public networks for their interactions with suppliers, payment systems and other organisations in the public and private sectors, although they may use Intranets for secure internal communications. While the latter are the direct responsibility of Armed Forces, they have to work closely with civilian authorities to see that the networks they use for business interactions with them are equally secure. Defence Forces do not connect their networks with the Internet and use USB sticks, to transfer data back and forth from their Intranet to the outside world. They have painfully gone through their own Navy leak, since the lessons of other countries do not hold much learning – the US Forces in Iraq suffered one of their worst cyber attacks through such a USB stick, leading to complete compromise of their battle plans, movement of troops, logistical

Unlike the physical world that is limited by geographical boundaries of space, cyberspace continues to expand, since its size is proportional to the activities that are carried through it. Broadband deployment is leading to increased Internet penetration; more and more innovative applications are getting launched and delivered via multiple new devices, over wireless networks. Cyberspace continues to be plagued with ever increasing vulnerabilities in various platforms; these are exploited by criminals who carry out identity theft and financial frauds, steal corporate information and intellectual property, conduct cyber espionage to steal military secrets and recruit criminals and fundamentalists to carry out terrorist activities. Anyone can exploit vulnerabilities in any system connected to the Internet and attack it from anywhere in the world without being identified. It is increasingly cheap to launch cyber attacks, but security systems are getting more and more expensive. This growing asymmetry is a game changer. It has another dimension,

too – individuals, terrorists, criminal gangs or smaller nations can take on much bigger powers in cyberspace and through it, in the physical world, as well. Proving attribution in cyberspace is a great challenge. In most cases, it is difficult to attribute cyber attacks to nation states, since collecting irrefutable evidence is impossible. Dr Kamlesh Bajaj Nations are developing cyber The writer is CEO, Data attack capabilities with a view Security Council of India to dominating cyberspace, even – a NASSCOM initiative. though it is known that unilateral He was the founder dominance in cyberspace is not director of CERT-In, Government of India. achievable by any country. But Views are personal. uncontrolled growth of cyber attack capabilities – in effect, cyber attack proliferation – is an increasingly troubling phenomenon. Cyber attacks can be committed by nations against others in what is known as information warfare or cyber warfare. Nation states can use non-state actors as cyber warriors to camouflage their actions and take advantage of non-attribution in cyberspace. Estonia and Georgia were the victims of such attacks. The Forces have to make a paradigm shift in their approach to cyberspace by recognising it as a new domain of warfare, in addition to land, sea, air and space. This domain is man-made and largely privately owned, but as critical to military operations as others. The next war is going to be network-centric; in fact, cyberspace allows unseen non-stop cyber war to go on all the time, with outcomes which maybe kinetic. Hence, the military has to learn to effectively operate within this domain, through an appropriate organisational structure. A single four-star command, the US Cyber Command was created in June, 2011.

The Forces have to make a paradigm shift in their approach to cyberspace by recognising it as a new domain of warfare, in addition to land, sea, air and space. This domain is man-made and largely privately owned, but as critical to military operations as others. The next war is going to be network-centric … They need to employ defences that can respond to cyber attacks at network speed – the commercial best practices used by the industry, develop capability to hunt within their networks to detect the code that is able to penetrate the defence layers. Implementing best security practices and independent third party security audits can make a significant difference to security preparedness. Military intelligence agencies, which always wear the cloak of secrecy, have to realise that in cyberspace they are completely exposed. Hence, it is better to submit to independent testing of their infrastructure, than be subjected to humiliation by attackers from across the borders.

August 2014 Defence AND security alert

cyber security

BUILDING CAPABILITIES

Information sharing on threats and vulnerabilities with civilian agencies, industry and other allies is necessary, because cyberspace is global and advance information on new attack vectors and signatures, can act as Early Watch and Warning System, for building appropriate defences. To begin with all the three wings of Armed Forces should collaborate among themselves and also with national agencies like CERT-In. While this is important, loose committees cannot run or coordinate cyber security; agencies must be empowered.

and implementations have been compromised. The technological capabilities of cyber espionage developed by the NSA would be the envy of all nations. Many other countries are already there, either in partnership with the US, or on their own. It is in this environment that the next wars will be fought, where the adversaries might be aware of another country’s secrets and battle plans. We have to develop technical capabilities to be able to fight the next wars that will be played out significantly in cyberspace as a theatre of war.

Armed Forces have to accept that cyberspace is a India has to develop thought leadership in the new domain, the way Americans have done. If that be international laws as it evolves to include cyberspace. so, it has to be protected much the What are the options for legal analysis same way land, air, sea and space are of a cyber attack? Is it possible to analyse protected. We must be able to defend a cyber attack based on the present the Indian cyberspace, equip our notions related to “use of force” and forces with defensive and offensive “armed attack”? Should these be judged cyberweapons, make them appreciate primarily by the mode of attacks as in that cyber is offense dominant and the physical world, or by both the direct train the forces in cyber warfare. They and indirect effects of the attacks. The have to build capabilities in countering applicability of the principles of the cyber espionage and deny the enemy Law of Armed Conflict (LOAC) and any benefits if it succeeds in breaking the Charter of the United Nations, defences. In this battle, the Forces including both laws governing the need significant support of civilians legality of going to war (jus ad bellum) and the private sector. This is because and laws governing behaviour during attack vectors in the form of malware, war (jus in bello), to cyber attacks, are the spam and spyware – used by hackers and criminals to subject of several papers and global debates. target civilian infrastructure for financial gains or for disrupting critical infrastructure – are the same that can Also, how should these principles apply to cyber be used to attack military systems. The kind of people weapons, particularly, how they relate to traditional required to handle and manage the events in cyberspace notions of territorial integrity? Espionage through must have different skills and orientation. Whether cyberspace will have to be suitably accommodated, disciplined military soldiers since it is largely an can be converted into cyber accepted phenomenon in Since distinction between cyber attacks warriors with the skillsets the physical world. Since and cyber warfare is thin, there is need necessary in cyberspace, distinction between cyber is indeed questionable. attacks and cyber warfare is to define under which condition is a Partnership with the private thin, there is need to define computer network attack an ’act of war’? sector and induction of under which condition Will LOAC be applicable in case of cyber geeks into the military is a computer network war? Are states responsible for computer maybe necessary in the attack an ’act of war’? Will network attacks and espionage that Cyber Command that India LOAC be applicable in case may create. Procurement of of cyber war? Are states originate in their territory, even if they technology in the Armed responsible for computer are not directing those acts? Forces has been notorious network attacks and for long-cycles, resulting in espionage that originate delayed acquisition of systems rendering decision-making in their territory, even if they are not directing those ineffective. Cyberspace, on the other hand requires acts? Does the concept of cyber arms control or a latest equipment – even the Americans with their much cyberspace treaty have any merits? faster procurement processes want to reduce cycle times substantially so as to deploy latest technologies and not It is time the Armed Forces put their house in 3-4 generations old technologies. order to develop a road map for all dimensions of cyberwar. Concrete steps have to be identified The recent Snowden revelations have shown that and implemented in right earnest, rather than the US National Security Agency (NSA) has been undertaking only cosmetic steps. Bold initiatives on conducting global surveillance of Internet usage and organisational restructuring and private partnership metadata of phone calls including those of Americans, are urgently in order for manpower and technology in the name of counter-terrorism. Backdoors have development, revamping of procurement processes been installed in many core products that form the and for creation of a cyber command in which backbone of the Internet; sniffers installed on almost civilian geeks are inducted to work shoulder to all Internet highways to snoop on all conversations and shoulder with soldiers on technology, policies and activity on Internet sites; even encryption standards international laws for cyber warfare.

August 2014 Defence AND security alert

Team welcomes The New Army Chief Our heartiest congratulations to General Dalbir Singh Suhag on taking over as Chief of Army Staff and best wishes for an exciting and rewarding tenure in the service of the nation. August 2014 Defence AND security alert

cyber security

GLOBAL COOPERATION cyberspace as a metaphor for the non-physical terrain created by computer systems. Today’s online systems are part of the cyberspace within which we communicate with one another via e-mail, do research and access online accounts for banking, social networking like Twitter or Facebook or LinkedIn and shopping. Like physical space, cyberspace contains objects (files, mail messages, graphics etc) and different modes of transportation and delivery. However, unlike real space, cyberspace requires hardly any physical movement other than pressing keys on a keyboard or moving a mouse.

Cyberspace

New Frontiers For International Regulatory Framework, Standards And Norms

This article reviews international and Indian strategy and policy initiatives aimed at providing a legal infrastructure for what transpires over the cyberspace. It provides readers with the understanding required to handle delicate legal and definitional issues and concludes by examining the role of the International Humanitarian Law and other UN Conventions in further developing international regulatory framework, standards and norms.

n the late 1980s, the world witnessed the emergence of the Internet, which soon became the primary engine for economic development, prosperity and scientific discovery. In our current environment, we have become so used to provisioning applications and infrastructure services through the Internet that it is hard to imagine life before e-mail, online banking, data storage and quantum computing power. When the first books about the Internet were released, outlining what it could do for our society and business enterprises, we could only speculate on the many opportunities to be created through this online interactive media. This writer promoted its trade and economic benefits by outlining how the Internet could be leveraged by global enterprises, such as big oil refineries, to compress time, overcome geographical limitations and change supply chain management. In the late 1990s, scientists and engineers envisioned that satellite based networks could wire more people with much faster Internet connections, thereby fulfilling the mandate for a national broadband plan. They also talked about deeper integration of computer

systems in other contexts, including the “smart grid,” a computerised network that facilitates electricity and information flows between homes and electrical suppliers; computerised health records; distance learning; access to bank accounts from almost anywhere in the world; communications with family and friends; controlling transportation and other critical infrastructure systems; and changes to next generation air traffic management. These were the emerging solutions being thought through the use of the Internet. Having witnessed the political elections in the US and India, we know that interactive media increases political participation by connecting us through social networks hitherto unknown. When the Internet began to transition to a commercial opportunity during the late 1990s, Vinton Gray “Vint” Cerf was a regularly featured speaker in different forums to help people understand the meaning of the term The Internet. He described it as a networked space created by computer systems. Fast forwarding this by twenty some years, we now use

In mid-1990s, as the writer was working on his first book, he was completely unaware of the potential threats presented in cyberspace, which today regularly arise at individual, organisational and state (or societal) levels. Government reports, industry research and academic papers published in recent years provide estimates of the total losses associated with cyber crime. These estimates exceed trillions of dollars. The US Federal Bureau of Investigation (FBI) ranks cyber crime as priority number one. This issue becomes ever more pronounced, as we begin to see that the threat is silent and stealthy and unless we address it now, it is well positioned to introduce more fragility of trust in our global economy. This raises the question: what kind of legal framework do we need to address cyber crime, including those that are state sponsored? That is the point of departure for this article. I will now examine Conceptual Framework for Threat Classification.

Cyber Crime

From a narrow perspective, a cyber crime may be identity theft, compromised confidentiality and integrity of information, distribution of worms and Trojans, disruption of online services, systems intrusions, unauthorised modification of data and other online information, information theft, or installation and distribution of unlicensed software. In more recent times, however, advanced cyber-criminals have developed capabilities that approach those of national intelligence

agencies. With the latest malware or “botnets”, cyber-criminals are now able to commit cyber crime by attacking websites owned by various government agencies.

Cyber War

Dr Amit K Maitra

The writer is the Chairman and CEO of the Foundation for Emerging Solutions, a non-profit organisation, founded by distinguished thinkers, academics and renowned professionals from civil and military institutions, with the aim of enhancing knowledge, awareness and perspective in cyber security / deterrence strategies, including legal framework, national strategies, policies, processes and technology required to regulate cyber-security-related phenomena.

Cyber Defence Forum 2012 asked its attendees what they believed to be the biggest threat to national cyber-security and all but 1 per cent had a firm opinion on the matter. The number one danger was perceived to be the potential for foreign state attacks. According to the respondents, the Advanced Persistent Threat (APT) is believed to be behind various high-profile cases of disruption in recent years from everywhere. See Figure 1.

In cyber war, the adversary is well equipped to take down the economy of a nation or state, by merely pressing buttons on a keyboard or moving a mouse. A cyber-terrorist does not have to be a part of any particular country’s clandestine operations to steal and gather vital information Figure 1: National Cyber Security and Threat Perception about a specific country. With the technology and tools available in the market Independent hackers / organised crime (financial) place, a spy can accomplish everything without being physically present in the target Hacktivism country. Our contemporary technology-driven world has changed war from guns Foreign state attacks and bombs to bits and bytes, which signifies a paradigm shift. Today, one can win a Home state underfunding / Poor policy war using cyberspace without firing any bullet. Non-state militant attacks (eg, terrorism)

Lack of adequate protective tools and software

Cyber Crime Law

The evolution of cyberspace is so fast that laws around the world have not been able to keep pace with the cross sector, multi-jurisdictional,

Source: “How Confident Are We in Today’s Cyber Defence Measures” Survey Report. Cyber Defence Forum, August 2012. August 2014 Defence AND security alert

August 2014 Defence AND security alert

cyber security

GLOBAL COOPERATION

multi-geographic nature of the infrastructure and services delivered through cyberspace. The laws that do exist overlap and create conflict, even when our interests are aligned. A case in point is Europe’s definition of data privacy and protection, which is dissimilar to what the United States uses. Europeans view an Internet Protocol (IP) address as private information. The United States laws do not treat that as private information. These differing definitions limit the ability of the US and Europe to share and store the IP address information across borders – even if it leads to identifying a perpetrator or attack strategy.

What worries today’s policy makers and decision-makers more than cyber crime is cyber war. The main actors in cyber war are the cyber-terrorists and nation state sponsored hackers who not merely target websites to deface them and steal Facebook accounts, but also compromise and disrupt the economic security of our country New laws are needed for the 21st digital century to facilitate cooperation. These laws must address data ownership, data handling, data protection and privacy, evidence gathering, incident handling, monitoring and traceability and the rights and obligations related to data breach, data transfers and access to data by law enforcement or intelligence services. To that end, the Electronic Communications and Privacy Act and the Stored Communications Act needed updating for Internet communications or e-services. In July 2014, the US Senate passed the Cyber Information Sharing Act (CISA), paving the way for the government and private sector to share information about attacks they face and how best to defend against them. In India, the National Cyber Security Policy (NCSP)-2013 also seeks to enhance national and global cooperation among security agencies, Computer Emergency Readiness Teams (CERTs), Defence agencies and forces, Law Enforcement agencies and the judicial systems. The NCSP supports robust bilateral and multilateral relationships with other countries to foster information sharing and cooperation in the area of cyber-security.

Cyber War Era – War “Without Law”

Stefano Mele, an attorney practicing law in Milan, Italy, writes about cyber-based terrorism, warfare and crime. In an interview, he characterised cyberspace as something like a “Wild-West” arena, which benefits the bandits and criminals by offering the stealth and scale that computer crime affords. In the same vein, Mele said, governments are benefiting from the digital fog of war, as lack of legal coherence is providing military powers carte blanche to attack national systems under the radar. Defence IQ asked Mele what these latest developments meant in a court of law and how policy makers needed to approach this legal minefield. He argued that strictly from a legal point of view, cyber crime appears disciplined in most countries.

August 2014 Defence AND security alert

However, “cyber-warfare” activities are not regulated by specific laws: instead, very few general principles of international law are being applied to these activities. He cited actions, discoveries and controversies relating to cyber-security and cyberspace that have implications for international law, including war, espionage, terrorism and crime in cyberspace. More specifically, he talked about some countries’ attempts to make or use malware to physically destroy target systems. On June 1, 2012, the New York Times reported that the United States and Israel developed the Stuxnet computer worm with the ostensive purpose of attacking Iran’s uranium enrichment facilities. Once discovered, experts viewed Stuxnet as a “game changing” cyber weapon, given its complexity, purpose and performance. Stuxnet targeted industrial control systems at Iran’s enrichment facilities and reportedly damaged over 1,000 centrifuges and disrupted Iran’s enrichment efforts. The New York Times article revealed that the Stuxnet project, code-named “Olympic Games,” began while George W Bush was President and the Obama Administration has accelerated the project’s further development. These developments and revelations point to the expanding importance of cyberspace and cyber-security in international relations. Stuxnet demonstrates deepening interest in the utility of cyber technologies to achieve national security objectives. States are ready to harness the Internet for security needs rather than treating cyberspace merely as a unique political domain. Mele argued that it is important to explore how well existing rules of international law apply to security-driven behaviour. Under international law, Stuxnet requires analysis and characterisation in legal terms. Commentators describe Stuxnet in terms of “cyber war.” The US and Israel have maintained their silence before or after revelations about the origins of Stuxnet. They have no comment as to whether Stuxnet’s deployment constitutes an illegal use of force or armed attack or a legal use of force in self-defence. The question before international lawyers is how to extend international law on the use of force to cyber weapons and cyber-attacks when states use a cyber weapon designed to damage property. Richard A Clarke, a US government security expert, defines “cyber warfare” as “actions by a nation state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” This definition, along with definitions provided by other experts, points to two factors that differentiate a cyber war act from other cyber operations: 1. Nation state commitment 2. Intent of the offensive The implication of the second factor is that a cyber-worm may be launched intentionally to cause damage or spy on an enemy’s networks. Estimates indicate that thousands of attacks are conducted daily against government systems around the world by foreign states. The question is: how many of them will succeed?

The Symantec W32.Stuxnet Dossier Version 1.4 demonstrated the impact that similar tools could make on critical infrastructures. Security experts at Symantec have detected a new series of attacks conducted worldwide by bad actors dubbed as the “Dragonfly” gang, also known by the name “Energetic Bear”. The Dragonfly gang has numerous malicious tools to conduct its campaign, including two main malware tools: Backdoor.Oldrea and the Trojan.Karagany. In its report, Symantec observes, “Dragonfly’s most ambitious campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organisations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.”

The attackers are local and global. They represent crime syndicates and nation states, which attack directly or through non-state actors for economic and political espionage. Attacks on critical infrastructures, if and when they happen, will have devastating impacts on civilians, as often is the case in traditional wars. Cyber-security, therefore, has national interests and national security implications. GoI has developed an overall framework for National Cyber Security, along with a Cyber Security Policy. The framework is cross-cutting in nature and applies across several ministries and sectors and as such, comes under the purview of the National Security Council Secretariat (NSCS). The Cyber Security Policy, on the other hand, is the responsibility of the Department of Electronics and Information Technology (DeitY). Following due process of public consultation of the initial Coordination Draft of the National Cyber Security Policy prepared by DeitY, the final policy document was approved and released on May 08, 2013 by GoI. It outlined a road map to create a framework for comprehensive, collaborative and collective response to cyber security at all levels within the country.

Stuxnet was primarily designed for sabotage, but the malware used by Dragonfly gangs were designed to allow espionage and persistent access to critical infrastructure area. The gangs hit energy grid operators, major electricity generation firms, petroleum pipeline operators and energy industrial equipment New laws are needed for the 21st digital providers. While the century to facilitate cooperation. These motivations for these attacks laws must address data ownership, data remain unclear, Symantec handling, data protection and privacy, suspects that state sponsored evidence gathering, incident handling, hackers were behind the Dragonfly gang. monitoring and traceability and the rights

After reviewing the 2013 policy document, several policy experts found the details wanting on how government plans to achieve its objectives. They recommend that the new government under the leadership of Prime Minister and obligations related to data breach, Symantec notes that Narendra Modi consider data transfers and access to data by law additional payload has been particular policy agenda enforcement or intelligence services used to gather details about in earnest. These experts ICS and Supervisory Control underline the need for India And Data Acquisition (SCADA) systems connected to adopt suitable positioning to take leadership at both to infected devices. This, it says, is reason enough to the national and international levels. The policy experts draw attention to critical infrastructure as the target for echo the concern that the writer has for strengthening cyber criminals and state-sponsored hackers. It is time for the international regulatory framework, standards and ’sensible’ powers to work towards a globally acceptable norms, while creating a secure cyberspace ecosystem. cyber-regime to formulate rules, build transparency and reduce vulnerabilities, while considering Framework For International Cooperation new approaches to protect critical infrastructure The international community is engaged in legal and strategic policy, standards, information sharing against cyber security threats. and oversight of cyber weapons programme through Toward Cyber-security Policy For India NATO Cooperative Cyber Defence (CCD) Centre Indian society has undergone transformation through of Excellence (COE), United Nations, World Bank, deployment and implementation of IT. The growth in the Organisation for Economic Co-operation and e-commerce, e-payments, card circulation, domestic Development (OECD) and several other forums. At IT market spending and Internet user base are leading present, India’s participation in such forums is not indicators that the Indian economy is going the e-way. commensurate with its cyber-economy. Today, India has 134 major Internet Service Providers (ISPs), 10 million registered domain names (1 million While prescribing new directions in US-India ’.in’ domains) and over 260 data centres. IT has become Defence Relations, Former US Defense Secretary the lifeline of critical infrastructures such as energy, Leon Panetta observed that creation of international telecommunication, banking and stock exchanges. This standards and norms is essential to prevent collapse level of access to IT has empowered individuals; however, of cyberspace. He added, “ … collaborative efforts it has also created new challenges for the Government of could accelerate the resolution of vexatious issues”. India (GoI), as evidenced by significant increases in the This segues into the collaborative legal and strategic frequency of cyber attacks / fraud, massive probing and policy and global standards activities where India targeted attacks on Indian IT assets. should and must play a pivotal role.

August 2014 Defence AND security alert

cyber security

Cyberspace has unique characteristics, giving rise to several vexatious issues, such as anonymity and difficulty of attribution. These characteristics not only add to vulnerabilities but also make cyber security a major concern across the globe. Framing a coherent response is difficult unless there is an international effort to work towards norms for cyberspace. India, with its growing bilateral and multilateral relationships with security agencies, CERTs, defence agencies and forces, law enforcement agencies and judicial systems, is well positioned to enhance collective knowledge and awareness of current trends in the ever evolving and challenging landscape of the rule of law apropos states, cyberspace, jurisdiction and control and its associated relationship to:

• • • • • • • •

International Law of Cyber Operations Jus ad bellum – the international law governing the resort to force by states as an instrument of their national policy Jus in bello – the international law regulating the conduct of armed conflict, laws of war, also labelled international humanitarian law (IHL) Policy for mobilising cyber power to achieve national interests and objectives Procedures for integrating strategy respecting international cyber law and policy Sovereignty State responsibility The law of neutrality

IHL And The Legal Definitions

The NATO CCD COE in Tallinn, Estonia invited an independent ’International Group of Experts’ to prepare an unofficial document entitled “Tallinn Manual”. Many cyber experts appreciate the significant and valid interpretive cues given in the Tallinn Manual. It tries to clarify the position of states in cyberspace, by defining jurisdiction, control and legal responsibilities. Many in the cyber community, however, want more complete treatment of the definition of a cyber-weapon. For instance, Stefano Mele argues that an essential first step has to be a definition of how and when to classify a piece of malware as a cyber weapon. The manual’s starting point, says Mele, should be to more easily classify cyber attack as ‘hacktivism,’ ‘cyber terrorism’ or a real act of “cyber war”. The absence of a globally recognised definition for cyber-weapons is a serious definitional and legal gap. The lack of such definition makes it impossible to:

• Distinguish a cyber weapon and its proper use • Evaluate the legal and political responsibility

of the aggressor and the real level of threat made in a cyber warfare context

China is exploiting the absence of a globally acceptable cyber regime and legal structure to the hilt. It conducts a range of activities from cyber espionage to cyber harassment, based on its unspoken policy to neutralise the advantages of countries it perceives as hostile to it for military and technological superiority. Recent trends indicate that the absence of agreed norms of conduct in cyberspace and the limited risk of retribution

neighbourhood watch

GLOBAL COOPERATION

August 2014 Defence AND security alert

deception by design?

Indian Festivals

has encouraged China to engage in further proliferation of cyber espionage activities. This situation underscores former US Defense Secretary Panetta’s cautionary note that the creation of international standards and norms is essential to prevent the coming collapse of the cyberspace from such onslaughts.

Falling Prey To The Dragon!

Recommendations

The ostensive purpose of Tallinn Manual, along with several other reports, is to prepare each country to safeguard its own digital infrastructure and attack other countries’ systems, should the need arise. The question is: how and by what rules would these operations be carried out?

The legal and strategic policy, standards, information sharing and oversight bodies of cyber weapons programme are seeking strategic information regarding threats to information and communication technology infrastructure and scenarios of response. In the new frontiers for international regulatory framework, standards and norms, India should take the centre stage and play a pivotal role in addressing what we want to affect and how we go about achieving the desired result China talks of “winning informationised war by the mid-21st century”. While India has developed good economic and trade relations with China and is trying to foster better economic relations with both Pakistan and Bangladesh, contentious border incidents with all three countries remain unchanged. Border skirmishes always have the potential to change overnight into full scale war. When we hear about acquisition of cyber capabilities by hostile foreign countries, such as China and Pakistan, that might use computer networks to inflict harm on India and its interests, we must face up to the reality that cyber attacks can be conducted with a high degree of anonymity, making defence strategies such as deterrence and retaliation less credible. In view of its relations with neighbouring China, Pakistan and Bangladesh, India is uniquely positioned to add value in international standards and norms by defining the ‘Means’ and ‘Methods’ of cyber warfare in terms of cyber tactics, techniques and procedures, by which hostilities are conducted. The legal and strategic policy, standards, information sharing and oversight bodies of cyber weapons programme are seeking strategic information regarding threats to information and communication technology infrastructure and scenarios of response. In the new frontiers for international regulatory framework, standards and norms, India should take the centre stage and play a pivotal role in addressing what we want to affect and how we go about achieving the desired result.

Pawan Agrawal

The writer is Publisher and Chief Executive Officer of Defence and Security Alert (DSA) magazine.

ndia is a land of festivals. The belief in spirituality and cultural power has been responsible for enumerating the present socio-economic dimension to our multi-hued festivals. Hinduism forms a majority of India’s population, resulting in celebrating the largest number of festivals and rituals accredited by any religion in the world. Festivals mean rituals. And rituals involve symbolism and symbols have now metamorphosed into a lucrative market. We are aware that China has revolutionised the import of these traditional products in India, severely hampering the economic status of communities and small scale and cottage industries surviving solely on the manufacturing of these products. It is unfortunate that our Ministry of Commerce has not taken any steps to curb these imports or implement strict legal restrictions on the same. One such tradition is the ‘‘Rakhi’’, a frangible thread of Raksha Bandhan festival, considered the strongest bond between a brother and sister has not escaped the merciless and dispassionate stamping of ‘‘Made in China’’. Bulk import of Rakhis from China is the latest silent attack on our economy and people. Here are some appalling figures showing a steady disgrace to the Indian economy. Year of import 2011 2012 2013 2014

Quantity imported 120 kg 76,257 kg 1,29,636 kg 44,267 kg (Till July 2014 only)

As evident from the figures, this import of Rakhis from China, starting with a small trial of a few kilos had escalated to several tons in the very next year and had compounded more than a thousand times during 2013. 2014 imports are expected to be up by another 75 per cent to almost 2,25,000 kg. It is not beyond comprehension how the Rakhi industry of India is collapsing. These figures are alarming and the Commerce Minister of India, ought to take a strict action on this erratic nemesis. The new Indian government with vested

powers of a clear mandate should immediately ban all imports that are impinging our cottage, small scale or medium and heavy industries. Facts prove that there are several industries which are on the verge of collapse with craftsmen and employees in depressing levels of financial distress and predicament. Coming to the point on why exactly are we using the platform of defence and security to raise our voice on imports of Chinese goods! We strongly feel that the impact of such imports is very disturbing not only for the economy but also indirectly to our defence and security. It is alarming when we evaluate how China is using the foreign exchange earned from India for strengthening its forces to be used against India. China is happily managing to stab India with a double edged sword of cramping our economy and bolstering its defence against us. I find it difficult to believe why this simple fact which is clearly evident to the common Indian, is invisible to the highest echelons of foreign and commerce policy and decision-makers and experts. It is not only about the industries related to our festivals but about a much bigger conspiracy of China to disturb Indian sentiments and thwart our GDP while our government watches from a state of resilient oblivion. The following questions need to be addressed promptly:

•

What is this ‘‘open economy’’ that is ruining our cottage and small scale industries? • Why don’t we have well defined Import Policies that do not cripple the our cottage and small scale industries? • Why can’t India ban or censor imports that disturb our craftsmen, artisans and cottage industries? As a firm believer in the new government under the influential leadership of Mr Narendra Modi, I am sure that his dynamic team will understand the wider perspective and take immediate mandatory action to frame suitable import policies that help our small and cottage industries and discourage China from dumping cheap Rakhis, Ganeshas, Diyas and Pichkaris and hoodwinking unsespecting Indian people and working against our national interest.

August 2014 Defence AND security alert

cyber security

OVER-REGULATION?

Indian Cyberlaw The language and scope of legal terms used under Section 66A are very wide and are capable of distinctive varied interpretations. Seen from another angle, Section 66A can be effectively used as a tool for gagging legitimate free online speech. The problem under Section 66A is that it comes up with extremely wide parameters which have not been given any specific definitions under the law. It goes far beyond the reasonable restrictions on free speech, as mandated under Article 19(2) of the Constitution of India.

he Indian judiciary is one of the most vibrant judiciaries in the entire world. The Indian Supreme Court has been called upon to determine the legal challenge to the constitutional validity of one of the most controversial and draconian provisions of Indian Cyberlaw. The recent cases that have been happening in India have triggered a public debate about the efficacy and scope of Section 66A of the amended Information Technology Act, 2000. This has led to filing of Public Interest Litigation (PIL) in the Supreme Court of India. In this Public Interest Litigation, filed by a law student, the Supreme Court of India has issued notice to the Central Government as also State Governments of Maharashtra, Tamil Nadu, West Bengal and Delhi, to file their replies within 6 weeks. Thus, this has started yet another chapter in the growth and evolution of jurisprudence around Indian Cyberlaw. In India, there has been a lot of controversy over the last few months over Section 66A of the Indian Cyberlaw being the amended Indian Information Technology Act, 2000 on different occasions. In Prof Ambikesh Mahapatra case, Prof Mahapatra was arrested on account of forwarding of caricature / cartoons on Facebook. Further, Ravi Srinivasan Twitter case showed how on a complaint, a person’s tweets could be

August 2014 Defence AND security alert

brought within the ambit of Section 66A of the amended Indian Information Technology Act, 2000. In KV Rao case, two men KV Rao and Mayank from Mumbai, were arrested for allegedly posting offensive comments against some leaders on their Facebook group. The recent case pertaining to Shaheen Dhada, where two girls were arrested for Facebook post and its liking respectively, has become the talking point for all users. In the last few days, we have been seeing various discussions about defective IT legislation in India and how there is a need for changing the same. This article aims to explain in common man’s language what is Section 66A of the amended Indian Information Technology Act, 2000 all about?

Section 66A makes it an offence when you send, by means of a computer resource or communication device, any of the following information: 1) any information that is grossly offensive; 2) any information that has menacing character;

3) any information which you know to be false but which is sent for purpose of causing annoyance; 4) any information which you know to be false but which is sent for purpose of causing inconvenience; 5) any information which you know to be false but which is sent for purpose of causing danger; 6) any information which you know to be false but which is sent for purpose of causing obstruction; 7) any information which you know to be false but which is sent for purpose of causing insult; 8) any information which you know to be false but which is sent for purpose of causing injury; 9) any information which you know to be false but which is sent for purpose of causing criminal intimidation; 10) any information which you know to be false but which is sent for purpose of causing enmity; 11) any information which you know to be false but which is sent for purpose of causing hatred; or 12) any information which you know to be false but which is sent for purpose of causing ill will. All the above as per (3) to (12) must be done persistently by using a computer resource or communication device. 13) any e-mail or electronic mail message for the purpose of causing annoyance; 14) any e-mail or electronic mail message for the purpose of causing inconvenience; 15) any electronic mail or electronic mail message to deceive the addressee or recipient about the origin of such messages; 16) any e-mail or electronic mail message to mislead the addressee or recipient about the origin of such messages. So if you are a social media user or even if you are a user of a computer system or mobile, be careful! You could be brought within the ambit of this Section 66A of the amended Indian Information Technology Act, 2000. To help understand the scope of Section 66A of the amended Indian Information Technology Act, 2000, let’s try to examine some common illustrations of acts, which could come under Section 66A of the amended Indian Information Technology Act, 2000.

Wide And Overly Restrictive

When you send either by means of a Computer, Computer System, Computer Network or using Mobile Phone, Smart Phone, iPhone, iPad, Tablet, Smart Devices, Personal Digital Assistants, BlackBerry or any other communication devices, the following kind of information, you could be covered under Section 66A of the amended Indian Information Technology Act, 2000: 1) If you swear or abuse somebody, the said swear words could be said to be grossly offensive. The same could also be said to be having menacing character and your act could come within the ambit of Section 66A(a) of the amended Indian Information Technology Act, 2000. 2) Anything defamatory which affects the character, reputation, standing or goodwill of a person could also be deemed to be grossly offensive. 3) Making false allegations against the character of a person or character assassination could also qualify as grossly offensive and having menacing character.

4) Using insulting words or symbols which are obscene, could also qualify as grossly offensive and having menacing character. 5) Calling someone names could also be brought within the ambit of being grossly offensive or having menacing character. 6) Posting the picture of a person in uncomplimentary situations and environments could also PAVAN DUGGAL be said to be grossly offensive The writer is an advocate or having menacing character. practising in the Supreme For example, if you morphed Court of India and a the photograph of a girl / boy’s leading expert and face on the face or body of erotic authority on Cyberlaw and Mobile Law. He is also / nude model, the same could president of Cyberlaws.net not only be obscene but could and Cyberlaws Asia. also be grossly offensive and having menacing character. 7) Electronic morphing which shows a person depicted in a bad light could also be seen as an example of information being grossly offensive or having menacing character. 8) Using vernacular cuss words or bad words in English alphabets could also qualify as grossly offensive or having menacing character. 9) Threatening somebody with consequences for his life, apart from being separate offences, could be also construed as information which is grossly offensive or having menacing character. 10) Threatening to expose the ill-deeds of somebody could also qualify as information which has menacing character.

Thus, large portions of legitimate free online speech could also be brought within the ambit of Section 66A of the amended Indian Information Technology Act, 2000. Given the advent of technology and the way people are misusing the same, there could be millions of situations which could qualify as offences under Section 66A of the amended Indian Information Technology Act, 2000 11) Information containing malicious, mischievous character assassination. 12) Information containing morphed pictures aimed at hurting religious sentiments. 13) Information showing gods and goddesses of particular religions in an uncomplimentary light. 14) Putting the picture of a person against a slogan / phrase / saying which does not depict his true character or personality. 15) Deceiving the addressee or recipient about the origin of such messages. For example, sending emails from a fake email account to another person, could qualify as an offence under Section 66A of the amended Indian Information Technology Act, 2000.

August 2014 Defence AND security alert

cyber security

OVER-REGULATION?

16) Further misleading the addressee or recipient about the origin of such messages, eg sending e-mails and SMSs in the name of Reserve Bank of India for big lotteries, could also be brought under Section 66A of the amended Indian Information Technology Act, 2000. 17) E-mail containing fake recruitment offers to unsuspected members of the public, could also qualify as an offence under Section 66A of the amended Indian Information Technology Act, 2000. The aforesaid are just some illustrations to demonstrate how broad Section 66A of the Indian Information Technology Act, 2000 is and how and in what particular comprehensive manner can it impact you and your life. The said illustrations are neither comprehensive nor complete but have been given as selective examples of the ambit of Section 66A of the amended Indian Information Technology Act, 2000, for academic, research and review purposes only.

publishing information, the focus is on the offence of sending information. This assumes more significance, since whenever you are on the Internet or when you are sending e-mail or posting or publishing a blog or creating an SMS, as you are sending these electronic records from your computer system or communication device. Hence, be very careful before you send information on electronic platforms and computer networks.

Undercuts Democracy

There are tremendous problems in the way Section 66A of the amended Indian Information Technology Act, 2000 The language and scope of legal terms used under Section has been drafted. This provision, even though it has been 66A are very wide and are capable of distinctive varied inspired by the noble objectives of protecting reputations interpretations. Seen from another angle, Section 66A can and preventing misuse of networks, has not been able be effectively used as a tool for gagging legitimate free to achieve its goals. The language of Section 66A of the online speech. The problem under Section 66A is that it amended Indian Information Technology Act, 2000 goes comes up with extremely wide parameters which have not far beyond the reasonable restrictions on free speech, as been given any specific definitions under the law. These mandated under Article 19(2) of the Constitution of India. parameters are capable of being interpreted in any manner For India, being the worldâ&#x20AC;&#x2122;s largest, vibrant democracy, possible, by the law-enforcement agencies. As such, while reasonable restrictions on free speech need to be very Section 66A talks about sending any information that is strictly construed. Section 66A of the amended Indian grossly offensive or having menacing character, the law Information Technology Act, 2000 has the potential of does not give any guidance as to what is grossly offensive prejudicially impacting free speech in the digital and or information having menacing character. Thus, it is left mobile ecosystems. Section 66A of the amended Indian to the subjective discretion Information Technology of the law-enforcement Act, 2000 needs to be agencies in this regard. All amended to make the Indian The learnings from Section 66A of the wide meaning terms used Cyberlaw in sync with the amended Indian Information Technology under Section 66A have not principles enshrined in Act, 2000 are that till such time Section been defined, which itself the Constitution of India provides huge amount of and also with the existing 66A is either changed, modified, varied flexibility in Section 66A to realities of social media or amended, it will be imperative that be used in any circumstances and digital platforms today. you exercise due diligence when you perceivable. Thus, large send information on the Internet, portions of legitimate free With the Public Interest social media and mobile networks online speech could also be Litigation challenging the brought within the ambit of constitutional validity of Section 66A of the amended Section 66A of the amended Indian Information Technology Act, 2000. Given the Information Technology Act, 2000 pending before the advent of technology and the way people are misusing the Supreme Court of India, the Supreme Court is likely to same, there could be millions of situations which could examine meticulously the legal intricacies and challenges qualify as offences under Section 66A of the amended inherent in Section 66A of the amended Information Indian Information Technology Act, 2000. Technology Act, 2000. The Supreme Court would be guided by the principles enshrined in the Constitution of Learnings India as also by rule of law as it proceeds to deal with the The learnings from Section 66A of the amended Indian challenge to the constitutional validity of Section 66A of Information Technology Act, 2000 are that till such the amended Information Technology Act, 2000. The hopes time Section 66A is either changed, modified, varied and aspirations of netizens and users of digital platforms or amended, it will be imperative that you exercise due of India are all pinned upon the Supreme Court of India. diligence when you send information on the Internet, The Supreme Court of India has been the protector of social media and mobile networks. Kindly note that fundamental rights enshrined under the Constitution the focus of the law under Section 66A of the amended of India. It will be interesting to see the developments Indian Information Technology Act, 2000, is not on in this regard as time passes by.

Gag Machine

August 2014 Defence AND security alert

cyber security

harvesting intelligence

Privacy And Security In Online Social Media

Twitter, Google+, YouTube and Flickr and presents real-time analytics and visualisations. MultiOSN can be particularly helpful to users and organisations that are directly or indirectly connected to law and order. Organisations can utilise MultiOSN to uncover the general sentiment of social media users about an event and trace public gatherings for example, which are usually discussed and planned publicly on social networking platforms.

nline Social Media (OSM) has evolved and gained popularity exponentially, over the last few years. It provides a medium, which has a large reach and visibility to people around the world and spans across barriers of region, religion, race and language. Social media is no longer limited to common people logging on to these websites to check for event updates and share information, but has emerged as a powerful medium for popularising and strategising national security. Organisations, which have been traditionally considered as closed communities such as Central Intelligence Agency (CIA) have also adapted to the social media generation. CIA joined Twitter on 6th June 2014 and within no time got thousands of followers connecting with them on Twitter. Public safety organisations such as police departments have also found their way to OSM for developing communities, investigation and collecting intelligence. For instance, the Boston Police Department started updating people about Boston bombing on Twitter @Bostonpolice more than 10 minutes before the national media started reporting about it. OSM has also helped citizens to connect and provide timely information to police. Thousands of citizens in developed countries post content and follow police departments such as Boston police, Spanish police, Seattle police, UK police and Chicago police. India is no longer untouched by this phenomenon. In last year or so, various influential government offices such as Prime Minister’s Office (PMO) @PMOIndia, Rashtrapati Bhawan (President’s Office) @RashtrapatiBhvn and Railway ministry @RailMinIndia joined OSM to increase outreach and collaborate with citizens. Fifteen Cabinet ministers also have verified Twitter profiles to connect with citizens at large.

Source Of Intelligence

OSM can be a great source for intelligence gathering to understand public pulse. People log on to social media websites to check for updates about events and also to share information about the event with others. In such situations, social media content provide a vast resource of unmonitored and unstructured, but rich information about events. For example, recent kidnapping in Assam generated about 17,000 tweets and 1,500 Facebook posts. Since the data is generated in real time and by users, many of whom are directly or indirectly involved in the actual event, mining this content can yield quite useful knowledge about the ground situation. However, this advantage comes with its own challenges – a large volume of content is posted on Twitter but not all of the information

August 2014 Defence AND security alert

is trustworthy or useful in providing information about the event. OSM played an instrumental role in instigating violence, spreading misinformation and developing public agitation during crisis events such as Mumbai terror attacks (2011), Muzzafarnagar riots and Assam disturbance (2012), Pune riots (2014). In all these events (Assam and Muzzafarnagar riots), panic was spread through fake images, messages, defamatory content and videos on OSM leading to internal security threats. OSM introduced challenges for police officers such as fake / impostor accounts which target national security and law enforcement agencies and civil societies. Another challenge is easy accessibility of OSM to malicious people, which could make sharing and trusting information on OSM a complex task. Presence of noise, spam, advertisements, personal opinions etc makes the quality of content questionable. Hence, there is dire need to quantify, measure, detect and filter trustworthy content from OSM. Extracting correct and accurate information is one of the biggest challenges in utilising information from OSM. This suggests the need to understand the pitfalls, challenges and importance of OSM for national and internal security perspective.

Online Social Media

We at Precog, envision to help develop resources for collecting actionable information from OSM, predicting crime during high impact events having implications on national security; empowering intelligence and public safety organisations to use OSM for their needs and working; helping agencies in capacity building to have the right people doing the right thing; develop technologies which can help agencies to develop collaborative efforts with citizen communities for safer societies. Some of the current technologies, which help government, policy analysts and others to get a pulse of people and organisation views on online social media include:

•

Twit-Digest, a tool to assess credibility of content on Twitter. We propose algorithm based on information retrieval and machine learning techniques to assess the credibility of tweets during high-impact events such as Mumbai Blasts and Boston Marathon Blasts. The portal extracts data (tweets and user information) from Twitter and performs various analytical tasks on it, like spam / phishing detection, credibility assessment, sentiment detection, social network analysis and query expansion. • MultiOSN, a framework that collects data from five different online social networks viz Facebook,

OSM played an instrumental role in instigating violence, spreading misinformation and developing public agitation during crisis events such as Mumbai terror attacks (2011), Muzzafarnagar riots and Assam disturbance (2012), Pune riots (2014). In all these events (Assam and Muzzafarnagar riots), panic was spread through fake images, messages, defamatory content and videos on OSM leading to internal security threats •

Finding Nemo, an attempt to deploy a system, which helps to search a user on multiple social networks. The system exploits a known identity on one social network to search for identities on other social networks. We show that the system gives better accuracy than the individual algorithms. This tool can help national security agencies to identify notorious and suspicious individuals’ presence on various social media networks. This information can further help trace the activity of the person on social media.

In our endeavour to empower agencies develop and build capacity to use OSM for their needs and day-to-day tasks, we have been involved in organising workshops and training programmemes for OSM influence on national and internal security, specifically focusing on Policing and Law and Order issues. In a recent workshop, we discussed about OSM challenges, pitfalls and concerns for OSM, which was attended by senior IPS officers. Participants in the workshop discussed OSM usage by international / national police and law enforcement agencies; discussed the international policy landscape of various policing departments across the globe; sought to understand the technical needs, settings and appropriate disclaimers for citizens before starting with social media presence; assessed the needs and demands of Indian police forces as they continue to adopt OSM for policing. Lastly, practical solutions and efforts are required to manage agencies and public safety organisations’

presence on OSM. Large scale Public Private Partnership (PPP) appropriately embedded to improve the security in the country can help achieve this. OSM influence and use has implication on all three parts of the society ecosystem – people (authorities and citizens), process (national safety activities and communication) and technology (OSM infrastructures).

People

Authorities would need to identify people with necessary skills and leadership, which could help sustain and grow online communities for national and internal security. Awareness needs to be created among the citizens regarding misuse / threats that might emerge, if OSM is not used appropriately.

Process

Dr Ponnurangam K (PK)

The writer is the Founding Head of Cybersecurity Education and Research Centre (CERC). He is also the Hemant Bharat Ram Faculty Research Fellow at IIITD and one of the ACM India Eminent Speakers. He received his PhD from the School of Computer Science at Carnegie Mellon University (CMU). His PhD thesis work on anti-phishing research has contributed in creating an award winning start-up Wombat Security Technologies.

Need for policies, which could assist authorities on the ground to take appropriate actions. OSM framework exclusively for national security needs to be developed, which would require legal experts, officers and technologists to contribute together. This could help improve evidential value of information posted on OSM pages and might help take better decisions for help asked and information provided by citizens on these pages.

Authorities need to be empowered with technologies, which could help them use OSM effectively. Some of these technologies included public opinion mining, rumour detection and better editorial controls, which could warn citizens about security and privacy issues. Authorities would need better technologies and control on OSM to effectively manage national security in the OSM era. Research needs to be conducted to develop effective tools, techniques and resources at large to counter OSM challenges. I believe academia can significantly contribute to achieve these objectives. Establishing a Centre of Excellence on Complex Networks focused on Online Social Media for National Security will help in this regard.

August 2014 Defence AND security alert

cyber security

GOLDEN AGE OF SPYING?

Cyber Espionage Lessons To Be Learnt From Snowden Revelations Cyber espionage is now targeting governments, corporates and individuals in an unprecedented manner. The perpetrator could be an individual cyber criminal, a group of hackers, non-state actors or states themselves. Cyber espionage is an attractive choice because of ease of operation, low cost, low risk, difficulty in attribution and high success rate.

spionage has been an essential part of statecraft for ages. Chanakya, in his book Arthashastra, had laid great emphasis on spying on citizens, foreigners and enemies. During World War One and Two, espionage played an important role in deciding the outcome of the wars. The collection of intelligence related to defence, politics, economic matters, social and other important aspects of governance of a country by another has been an accepted fact. From traditional spying (human intelligence) to collection of intelligence from electronic signals (signal intelligence), the journey has been very interesting. Today, out of the various other forms of intelligence collection methods such as human intelligence, imagery intelligence, open-source intelligence, telemetry intelligence, measurement and signature intelligence etc cyber intelligence has become very important in last few years because of the use of computers, networks, information and communication technology in every sphere of human activity globally. This is inevitable as cyberspace has emerged as fifth strategic domain after land, sea, air and space. With Internet packets flowing through radio waves, cables and other media, this is the golden age of spying. Several intelligence agencies including National Security Agency of USA, Mossad of Israel, Government Communications Headquarter of UK, Government Communications Security Bureau of New Zealand, Australian Signals Directorate, Federal Security Service of Russian Federation, Communicating Security Establishment of Canada, have developed impressive cyber intelligence collection capabilities. Industrial espionage has also been receiving attention these days due to theft of valuable intellectual properties

August 2014 Defence AND security alert

and other vital information using cyber means. Several multinational companies have fallen prey to industrial espionage through exploitation of their computer systems. In November 2010, Xiang Dong Yu, a ten year veteran of the US automaker Ford Motor Company, admitted in Federal Court that he stole 4,000 secret design documents, worth more than US$ 50 million from company computers and shared them with a rival company. A major Manesar based multinational IT company has reportedly shifted its US$ 10 million R&D facility to Australia due to an incident of data theft in electronic form, which caused it an estimated loss of ` 7.54 billion. Cyber espionage is now targeting governments, corporates and individuals in an unprecedented manner. The perpetrator could be an individual cyber criminal, a group of hackers, non-state actors or states themselves. Cyber espionage is an attractive choice because of ease of operation, low cost, low risk, difficulty in attribution and high success rate. In June 2013, Edward Snowden disclosed thousands of classified documents revealing global surveillance programme by USA in association with some other countries collectively called “Five Eyes”. For many cyber security researchers, Snowden revelations have not come as a surprise. Several cyber spying projects such as ECHELON, TOTAL INFORMATION AWARENESS Programme, MAGIC LANTERN, CARNIVORE, CYBER KNIGHT etc have been in news for a decade. It is the depth and spread of the surveillance programme, revealed by Snowden, which has surprised the world. Even before Snowden revelations, Julian Assange, the head of WikiLeaks had said “Facebook in particular is the most appalling spying machine that has ever been invented”. Another startling aspect of the revelation is the willing or coercive cooperation offered by several Internet companies.

Snowden revelations offer us lessons which are of two types. The first obvious lesson is the threat to cyber assets of organisations from the insiders. Insider threat from disgruntled employees or ex-employees pose great risk to the organisation as they are conversant with the vulnerabilities and weaknesses of IT system of the organisation. Former employees, contractors, third party agents, partners and casual employees also pose similar threats. Insiders can bypass physical and technical security measures designed to prevent unauthorised access. Insider threat mitigation involves monitoring employee activities, training, motivation, reward and punishment regime, deploying technical measures to guard against data pilferage, analysing access logs and other data and creating a culture of cyber security. The other lesson, from the Snowden revelation, is the fact that cyber espionage is being employed by states in an unprecedented manner through which it is possible to spy on every single individual on this planet who is using Internet. “Tracking Ghost Net: Investigating a Cyber Espionage Network” report from Information Warfare Monitor documents a cyber espionage network in 103 countries whose victims included ministries, embassies, international organisations etc. Another report by the same agency titled “Shadows in the Cloud” reveals cyber espionage operation targeting computer networks in India and several other countries. Several social media networks were reportedly used for this purpose. “Operation Aurora” attack on Google and other companies highlighted the danger from advanced persistent threats using zero-day-exploits. Although in cyber espionage, several methods are employed, use of “Spear phishing” attacks is very popular. In this kind of attack, the details about the target individual are obtained from social media, Internet and other means. A well crafted email, with a malicious attachment, is then sent to the target. The mail is either sent from a compromised account of a trusted entity or resembling it. The possibility of opening such mails, by unsuspecting and untrained person, is very high. On opening the attachment the target computer gets infected and attacker is able to take out all information from the target machine using command and control servers located anywhere in the world. In 2012, “Flame”, one of the most sophisticated malware of 50 MB size, targeting several countries in Middle East, for the purpose of cyber espionage, was discovered. In most of the cyber espionage cases, attribution is difficult due to the inherent nature of Internet, however, analysis of the malware pointed out involvement of certain states or state-sponsored-actors. Cyber espionage by various entities is becoming a serious threat to the national security. We need to guard against this asymmetrical warfare by hardening our systems. The critical information infrastructures of the country need to be guarded ferociously through well defined policies and guidelines. In January 2014,

National Critical Information Infrastructure Protection Centre of Government of India has been notified under Section 70-A of the Information Technology Act, 2000 along with its associated rules. These guidelines need to be implemented mandatorily in all critical and sensitive organisations. The corporate world also needs to adopt cyber security framework developed by Data Security Council of India or ISO 27000 series of information security standards as mandated under the Information Technology (Reasonable Security Practices and Procedure and Sensitive Personal Data and Information) Rules, 2011. Several concrete measures need to be taken to deal with the cyber espionage. Some of which could be:

•

Muktesh Chander, IPS

The writer is Special Commissioner of Police heading Delhi Traffic Police. Prior to this he was Joint Commissioner of Police, Prime Minister's Security. He is former Centre Director of Centre for Cyber Deterrence and Information Assurance in NTRO, Govt of India. He has been DIG of Police, Goa, Additional Commissioner of Police Crime and Traffic, Delhi and Inspector General of Police, Daman and Diu. He graduated in Electronics and Telecommunication Engineering from Delhi University in first class with distinction. He also holds a law degree from Delhi University and Masters Degree in criminology. He has submitted his PhD thesis in Information Security Management to IIT Delhi. He has been awarded Police Medal for Meritorious Service and President’s Police Medal for Distinguished Service.

Sensitisation of the top management of the sensitive organisations and the government functionaries about the threat from cyber espionage. • Identification and classification of vital information assets of organisations and country. • Adopting a holistic information security management approach. Appointment of Chief • Information Security Officer in every sensitive organisation / ministry. • Providing adequate resources for information security function in proportion to the value and sensitivity of the information being protected. • Use of indigenously developed operating systems, encryption algorithms and ICT products. • Implementation of Guidelines for Protection of Critical Information Infrastructure of the country. • 24x7 monitoring of Indian cyberspace for cyber attacks and taking necessary action towards prevention, prediction, early warning, detection, mitigation, response, deterrence and retaliation.

While we are planning to leverage ICT for the growth of the nation and marching towards smart cities, we must simultaneously take adequate cyber security measures so that this march is not halted or retarded due to cyber espionage. In cyber war and cyber terrorism, adversary is bound to use cyber espionage as a strategic tool and hence we need to be prepared to deal with this challenge. This can be achieved through active defence. The right of a sovereign state extends into cyberspace also and protecting Indian cyberspace is equivalent to protecting the sovereignty and integrity of India. The Treaty of Westphalia should not be presumed to be dead in cyberspace.

August 2014 Defence AND security alert

sneak peek

homeland security

Interview

Silicon Valley Of India

The First and the Only ISO 9001:2008 Certified Defence and Security Magazine in India

Announces September 2014 Issue on

Global Security

Policing Challenges And Solutions

r Raghavendra H Auradkar is a 1987 batch IPS officer of the Karnataka cadre. He is one of the most brilliant and highly qualified police officers in the country. After MTech in Computer Science, he did his postgraduation in Cyber Law and Legal Information Systems. He has been actively involved in government of Indiaâ&#x20AC;&#x2122;s Megacity Policing Project and prior to taking over as Commissioner of Police, Bengaluru, he was Principal Secretary, Home, government of Karnataka.

Defence and Security Alert: You have completed one year as Commissioner of Police, Bengaluru. Under your command, how successful has the force been in carrying out its mandated duties and responsibilities? Any stellar achievements during this period? And what is your vision for Bengaluru Police in the service of the Silicon Valley of India?

Role Of Think Tanks And Alliances UN, NATO, SCO, ASEAN, BRICS ... For subscription write to: subscription@dsalert.org online@dsalert.org Or call: +91-11-23243999, 23287999, 9958382999 28 August 2014 Defence AND security alert

RH Auradkar: I have the privilege of heading a very competent and disciplined police force. I am happy and proud to share some of the success stories of Bengaluru Police:

â&#x20AC;˘

The force has been immensely successful in carrying out its mandated duties and responsibilities apart from important crimes some of which were sensational. No major problems of public order or disturbances were there. All the important festivals and elections to the assembly and to the parliament passed off peacefully without even a minor incident. Some of the important achievements are like commissioning of the state-of-the-art Traffic Management Centre and the Traffic Training Institute. The Traffic Management Centre has the biggest video wall in the country with movement of traffic being monitored at 176 junctions.

August 2014 Defence AND security alert

homeland security •

•

Interview

The terrorist attack in the form of a Bomb explosion near the BJP office in Malleswaram could be solved within a week of the incident. Except one accused, all the accused persons have been arrested in this case and chargesheeted. This was a major achievement for Bengaluru City Police. Former CM of Gujarat Shri Narendra Modi (now Prime Minister of India) was scheduled to visit Bengaluru immediately after public meeting in Patna. The terror attack in Patna public rally had created a sense of fear, panic and anxiety among all sections of society. The Central Government and the State Government had given alarming intelligence inputs about the likely threat to his rally and it had become a big challenge for Bengaluru City Police to ensure security, proper crowd management and also traffic management. Meticulous planning, dialogue with the stakeholders and reaching out to the lower level functionaries made the bandobust and traffic management a huge success. It was widely appreciated in media and by the State and Central Government dignitaries also. During June 2013 to March 2014 series of measures to bring down the crime rate with emphasis on basic policing were taken in Bengaluru City. Number of MOB card holders was reviewed and the process of computerisation was started to build a database of known criminals which was neglected so far. Also strong legal action against the anti-social elements resulted in considerable reduction in the activities of rowdies and land mafia. More than 5,500 cases under preventive sections of CrPC have been booked in Bengaluru City Police unit in last one year which is a record in itself.

• The

•

An innovative method of keeping a surveillance and movement of known criminals in Police station and also to ensure that the accused persons ordered to give attendance in Police Station by the Court was initiated. Biometric attendance system was introduced in 19 Police Stations in Bengaluru City. Similarly the old system of maintaining rogues gallery in physical form has been replaced by a new LED screening which displays the photographs of bad elements giving opportunity to policemen of the police station to get familiarised with face and other features of bad elements for easy recognition.

• After a long time the beats and point books have been revised and re-organised in a scientific manner keeping in view the geographic and crime mapping as important parameters.

•

After I took over as Commissioner the entire system was reviewed and in last 9 months more than 700 cases and absconding accused persons were traced and produced in the Court. This has given a sense of fear to the anti-social elements. For the first time, the Bengaluru City Police Head Constables and Constables were called to the Commissioner’s office and based on their seniority they were given the posting to their place of choice, after counselling. This measure ensured transparency and fair play in the administration and it also eliminated the middlemen and enhance the morale of the force.

pendency of under investigation cases was huge to the extent of 25,000 cases in Bengaluru City. Reconciliation of the FIRs from the respective courts was undertaken and through a special drive nearly 20,000 under investigation cases were finalised.

•

Number of seized and unclaimed vehicles were lying in the police station premises giving bad impression about the police department. Action was taken to

• Due

A proper action plan for Mega City Policing has been prepared and the allocation for the year 2013-14 has been spent in an effective manner which has resulted in enhancing infrastructural facilities for the city police. to the efforts made by me Government sanctioned Rs 5.00 crore to add few more vehicles to the existing fleet of patrolling vehicles in Bengaluru City. A detailed analysis of the cost benefit ratio for next 10 years was made and 103 more four wheelers were added to the existing fleet. This would definitely improve the police feasibility in Bengaluru City.

•

A detailed Project report under “Nirbhaya Scheme” has been prepared under my leadership by Bengaluru City Police. The project report seeks to improve the security of women by implementing the project in 3 phases. The total amount sought is about Rs 99.00 crore. Bengaluru is the only metropolitan city after Delhi which has prepared such detailed project report.

• A

new initiative was taken under Community Policing Project by starting “Spandana” kendras in divisions of Bengaluru City. Women’s Helpline, Children’s Helpline and other Helplines of

August 2014 Defence AND security alert

the targeted groups would be in one premises facilitating the citizens who approach police for their problems apart from Commissioner’s office. These helplines and counselling centres have been decentralised by extending it to each division so that the citizens requiring the help from different corners of Bengaluru City need not travel long distances to reach the service centres. This is a unique initiative started in last 10 months.

dispose off these vehicles as per the court orders and more than 30,000 such vehicles have been auctioned as per the court orders.

•

To keep up the morale of the police a new scheme of wishing the police personnel on their Birthday by sending a greeting card was started. A software was developed and database of the Birthday dates of all staffs has been built and the Birthday cards are sent 3 days in advance to every policeman. This has earned a lot of appreciation among the policemen and also general public. Number of appreciation messages have been sent by members of public on police website and Facebook page.

Bengaluru has become an international city and requires a police force which is professional and efficient but at the same time requiring people friendly measures. Since it is a cosmopolitan city therefore the cutting edge level staff requires soft skills, knowledge of English and Hindi languages and sensitisation about problems of foreigners, people of different culture, language and background apart from issues regarding women’s safety and security. Capacity building of the police force coupled with police infrastructure including the technological upgradation is the need of the hour. DSA: The Commissionerate of Police with Commissioner as the head of Bengaluru Police was established in 1963. How do you view the evolution of this system and how has it helped in policing one of the fastest growing cities in the world? RHA: In the year 1963 the Police Commissionerate was started with an officer of the rank of DIG as Police Commissioner. The number of Police Stations were between 30 to 40 but now the city has grown beyond expectations. It caters to the needs of nearly 1 crore population and encompasses an area of 958 sq km probably larger than all the Metropolitan Cities in the country. However one of the biggest challenges for the Bengaluru City Police is acute shortage of manpower. As the total strength of Civil Police is about 14,000 out of which about 3,000 vacancies add to the existing problem. DSA: Bengaluru has attracted information technology entrepreneurs and experts from all over the world giving a distinctive cosmopolitan character to the city. What according to you are the unique policing challenges for your force and what special measures and mechanisms have you devised to offer world-class policing services to the citizens and visitors to Bengaluru? RHA: Bengaluru has attained a cosmopolitan character and complexity of policing has multiplied manifolds. The pressure on civil infrastructure has added to the complexity of policing in problems of traffic congestion, land mafia and public order problems generated due to

demand overtaking the supply of basic civic amenities. The information and technology group expects policing and policemen of the United States of America and Europe standards. Heavy inflow of people from other parts of the country and abroad, demands soft skills, English speaking and well behaved policemen. Though there were efforts in the past to improvise and address these issues but somewhere the Bengaluru Police has missed the bus. Capacity building, technology driven policing and seeking the help of the citizen to take forward the concept of Community Policing may solve some problems on an ad hoc basis. However the structural changes and reforms to meet the expectations of all the sections of the society is a permanent solution. Increase in the number of policemen commensurate with the growth of the city, training of policemen and adoption of technology by investing substantially are important. DSA: Women’s safety, security and dignity have become national problems. Bengaluru has a large number of working women, many doing night shifts. How do you ensure safety and security of women in Bengaluru metropolitan area? RHA: Bengaluru metropolitan city is the first city to address the problems of working women during night shift. As the number of women working in BPO call centres is very high, elaborate guidelines have been issued by the police and labour department to women employees regarding arrangements for public transport conveyance and other issues. However complacence cannot be accepted as communication technology revolution and attitudinal change in the society has compounded the problem. Massive educational communication particularly in the women’s colleges, schools and new security measures like CCTV cameras, mobile apps, special patrolling vehicles for women’s safety, geographical mapping of the area prone to crimes against women are included in the detailed project report. Tracking of the cabs and autorickshaws through GPS and other technological methods is also part of the project report. DSA: With the rapid development of the city and the massive ongoing influx of IT experts and other job seekers, the automobile population of the city is also growing exponentially creating unprecedented traffic management problems. What measures are you taking to ensure travel within the city a pleasure and a happy experience for all the stakeholders? RHA: Bengaluru has got 55 lakh vehicles moving on the roads everyday. This is the second highest number of vehicles in any city in the country. The road infrastructure and other issues like flyovers, expressways, school tracks need to be planned in the vision document of the urban planning department. However Police is the agency which is not consulted while planning infrastructure by the civic administrations. This is true fact probably of all the cities in the country. The traffic management in Bengaluru City has been handled with lot of vision in the last few years by starting a new innovative project known as Bengaluru traffic improvement project B-trac by pumping in Rs 350 crore over a period of 8 years. The enforcement has been ably administered with BlackBerry challan

August 2014 Defence AND security alert

homeland security

cyber security

Interview

STATE EMPOWERMENT

In certain cases parents are also informed if the students and youngsters indulge in undesirable activities. This is a socio-cultural problem requiring multidimensional approach and Bengaluru City Police has prepared a road map of the same. DSA: What thoughts and ideas on innovative policing will you like to share with the people of India and DSA readers? system, issue of notices electronically and encouraging contactless enforcement through email, Facebook etc. The infrastructure development in the form of parking laws, expressways, footpaths, flyovers, skywalks etc is the need of the hour, apart from robust public transport system. Hopefully completion of the Metro Rail Project would ease the traffic congestion in Bengaluru City to larger extent. DSA: Anti-national elements, criminals and terrorists from adjoining States sneak into Bengaluru metropolitan area, commit crimes and terrorist acts and escape. What is your force doing to monitor, check and contain this threat to the lives and properties of the residents of Bengaluru? RHA: Bengaluru metropolitan urban area has very good communication system and connectivity through rail, road and air which facilitates easy movement of the anti-social elements and criminals. The Bengaluru City special branch collect and collate information and intelligence to monitor such activities. The special branch wing requires motivation and strengthening of the modern gadgetry for collecting intelligence. However, human intelligence is always more productive and therefore, capacity building of the staff to enhance their professional capabilities has already been started. Exchange of intelligence, information with the neighbouring states and the central agencies through formal and informal channels is a continuous process. The interrogation report of the arrested criminals and the terrorists is also very good source of information. Technological capability needs to be enhanced and a perspective plan has already been prepared. The detection of such type of crime is the best bet for prevention and Bengaluru Police has been successful in detection of all important crimes including terrorist acts. DSA: Because of the cosmopolitan nature of the city, criminal activities, drug addiction and alcoholism among teenagers and young adults is on an upward trajectory. What preventive and control mechanism has been evolved by your force to arrest this disturbing trend? RHA: Drug addiction, alcoholism and criminal activities among teenagers and young adults is a cause of concern. Bengaluru City Police has got a very small wing to book and control drugs and narcotic substances. The manpower available for this purpose is highly inadequate. Awareness creation and education of the youngsters about the ill-effects of these things is the key factor. In this direction officers have been visiting the schools, colleges and the hostels to educate them with the help of the authorities.

August 2014 Defence AND security alert

RHA: Policing is a complex profession requiring ample common sense. The basic policing evolved over a period of time is the best bet in Indian Police. Beat, patrolling, day-to-day service of summons, proper registration of cases and other small violations of law and curbing every violation of law however minor it may be is important. In olden days, the policemen used to book people for riding cycle without headlight, unruly behaviour on the road under the influence of alcohol, eve-teasing etc. Now-a-days these basic policing acts are given a go by for variety of reasons. Innovations are always welcome but basic and routine policing can never be replaced. In my opinion, there can be innovations in the means of implementing the core areas of policing. However, the zeal of innovation should not make us forget the core areas of policing. DSA: Being a postgraduate in Cyber Law and Legal Information System and Computer Science, how do you visualise to tackle the cyber crimes? RHA: In my opinion governments should take the following affirmative steps:

•

• •

• • •

Co-ordination to tackle cyber crime: There is already significant work across Government to tackle cyber crime and regular state level and Indian level training programmemes are being organised to share, learn and devise best strategies to deal with prevention and detection of cyber crimes. Provisions of the effective law enforcement response: Government is making laws like Information Technology Amendment Act (ITAA) to strengthen the hands of the police and to suitably modify old laws to deal with digital world. New units to respond to cyber crime, efforts to enhance their operational and intelligence functions through the development of accurate reporting mechanisms for the public is going on. Raise public confidence: Work with IT companies, banks, payment gateways and leverage social media to teach Internet using public. Encourage good practices like encryption, password protection and data safety techniques. Work with industry: It will work with the private sector to prevent e-crime through the e-forensics and strategy. Work internationally: It will maximise collective efforts overseas – from capacity building through to strengthening multilateral institutions. Educating our police force and sensitising them about this new area of crime where perpetrators and victims could be in the same group or geographically far away and spreading across conventional jurisdictional issues.

Cyber Laws

V Rajendran

And Digital Evidence The fear of the nation fighting a cyber war from within is imminent and protecting the national physical borders will pale into insignificance after the electronic frontiers are captured and national e-security affected. The state should be empowered to fight. The IT Amendment Act 2008 made information security, technology-neutral by replacing digital signature with electronic signature besides listing out some more cyber crimes like Child Pornography, Cyber Terrorism etc. Another major step in the amendment is recognition of Computer Emergency Response Team-India (CERT-In), as the official national agency with specific monitoring powers.

his article discusses the definition of cyber crimes briefly on how the IT Act deals with cyber offences and focuses in a nutshell, the special features addressed in the Amendment Act 2008 to make it more comprehensive as an improvement over the original Act. The role of digital evidence in India and the significance cyber forensics plays in an offence is also addressed. Cyber crime is not defined in IT Act or in any other legislations in India. To put it in simple terms any offence or crime in which a computer is used is a cyber offence or a cyber crime. Interestingly, any offence from a petty one like stealing or pick-pocket upto the heinous crime of terrorism and massacre can be brought within the broader purview of cyber crime if the basic tool for data storage or other material used (or misused) in the crime is a computer or an electronic gadget. The IT Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cyber crime.

Public Confidence

Recognition of electronic records is a major accomplishment of IT Act 2000 and a significant step in

The writer is an MA, BL, MCom with CAIIB. A certified cyber forensic examiner from IDRBT and a CeISB from Indian Institute of Banking and Finance, CISP from STQC, Government of India, a Diploma holder in IT Law and a lead auditor in ISO 9001 and ISMS (ISO 27001). He has worked for over three decades in Indian Overseas Bank, in different capacities including as Chief Manager Systems in its IT Dept. Now practising as an advocate mainly handling cyber crime and banking security related cases and as consultant on banking law, practice and technology including electronic delivery channels in banks. Currently he is the President of Cyber Society of India.

the Indian Legislature and e-commerce and of course, e-governance. In fact, this recognition is perhaps one of the reasons that led to the phenomenal growth of e-commerce, increased trust in Internet Banking and proliferation of Internet users in India, all of them gaining confidence that there is digital evidence and legal recognition for all the records and transactions in cyberspace. The Information Technology Act was passed in June 2000 and was made effective from 17 October 2000 and was subsequently amended vide IT Amendment Act 2008 notified on 27 October 2009. The Act defined some basic concepts of cyber crime like data theft, cyber security, digital signature etc. Some cyber crimes were analysed in a nutshell with punishments stipulated for them and the powers of investigation officers too were detailed in brief.

Primary Role Of CERT-India

The IT Amendment Act 2008 made information security, technology-neutral by replacing digital signature with electronic signature besides listing out some more cyber crimes like Child Pornography, Cyber Terrorism etc. Another major step in the amendment is recognition of Computer Emergency Response Team-India (CERT-In),

August 2014 Defence AND security alert

cyber security

STATE EMPOWERMENT

coming under the Dept of Information Technology, Ministry of Communication and Information Technology as the official national agency with specific monitoring powers. Data theft is an e-offence dealt with in the earlier Act and in the amended version also. Earlier, in Section 43 it prescribed penalty and now after the amendment, it is ’penalty and compensation’ A new section has been inserted in IT Amendment Act 2008, Section 43-A on the responsibility of body corporates for compensation for failure to protect data and the concept of ’reasonable security practices’ has been included, describing what is gaining in significance these days “sensitive personal data or information”. This is an important provision to protect information from unauthorised access, damage, use, modification etc fixing the responsibility on the part of corporate firms.

Adjudication For Damages

The next major contribution in the area of civil offences and damages for data theft is the “Powers to Adjudicate”. The IT Secretaries of state governments are generally the designated Adjudicating officers under the Act. Victims of data theft, seeking (financial) compensation as a civil remedy may approach the IT Adjudicating Officer of the state who is vested with the powers of a Civil Court as per the Civil Procedure Code with all proceedings under him deemed to be judicial proceedings within the meaning of Sections 193 and 228 of Indian Penal Code. In practice, however, till date only very few cases have been decided and orders passed by the IT Adjudicators. Maybe lack of awareness of victims about such an avenue open for them, lack of time for the adjudication related activities, reluctance to enter into a pure judicial process and dealing with legal practitioners etc are all the reasons for the less number of cases disposed so far.

Hacking Conundrum

Earlier hacking was defined in Sec 66 in the original Act of 2000 as an offence. Now after the amendment vide ITAA 2008, data theft of Sec-43 is being referred to in Sec-66 by making this section more purposeful and the word ‘hacking’, however, is not used. This has dispensed with the anomalous situation of hacking being termed as an offence in the Act and ’ethical hacking’ being taught as subject in many computer schools. Otherwise, this led to a situation of concerned citizens asking how can an offence (referred to as ’hacking’) be a subject of learning with the word ’ethical’ prefixed to it. Stretching this a little farther, it may amount to legalising courses

August 2014 Defence AND security alert

on ’ethical burglary’, or ’ethical assault’ etc if the course contents are going to be self-defence mechanism to protect one from physical assault!

block a website is also now available. The list of designated officers who can approach CERT-In for blocking websites was later notified by the Central Government on 27 February 2013.

Now the amended Sec-66 deals with different computer offences of data theft with the usage of words ’fraudulently’ and ’dishonestly’ as used in the IPC itself. Scope of this Sec-66 has been exhaustively enhanced by coverage of ’cheating by personation’, ’identity theft’ etc. Cyber terrorism is an additional and significant inclusion with punishment stipulated as imprisonment for life.

Since recognition of an electronic record had to be done with the other relevant Acts, the Act also amended certain provisions of the following Acts:

Controversial Section

Section 66A deserves special mention here. Though this section deals with sending offensive messages through communication device, quite often we hear news items of Police arresting persons for posting messages in social networking sites like Facebook which are offensive. Sometimes, an opinion expressed, even a truthful statement, may be offensive to the affected person and he / she may prefer a complaint with the police seeking action under this section. This section is often criticised to be infringing upon the freedom of right to expression and on this basis, the validity of this section itself has been questioned and writ petitions have been filed in High Courts.

Recognition of electronic records is a major accomplishment of IT Act 2000 and a significant step in the Indian Legislature and e-commerce and of course, e-governance. In fact, this recognition is perhaps one of the reasons that led to the phenomenal growth of e-commerce, increased trust in Internet Banking and proliferation of Internet users in India, all of them gaining confidence that there is digital evidence and legal recognition for all the records and transactions in cyber space Obscenity

Section 67 was enhanced in the ITAA 2008 to include ‘child pornography’ and activities like publishing or transmitting obscene material in electronic form and defines the punishment for these offences. Here too, the definitions and provisions of IPC have been relied upon. Central Government now has certain powers vested with its Indian Computer Emergency Response Team-India (CERT-In) coming under the Dept of IT. CERT-In has now been designated as the national agency for incident response and in that capacity, vide Sec-69 can give directions for interception or monitoring or decryption of any information in Internet. Under specific circumstances as per procedures laid down, power to

• • • •

Indian Penal Code Indian Evidence Act Bankers Book Evidence Act Reserve Bank of India Act (to facilitate inter-bank electronic remittances)

Digital Evidence

Since e-records are now legally recognised, proper procedures have been laid down in the Act on what constitutes digital evidence, how a print-out of an e-record has to be produced in a court of law, what the certificates to be produced along with it are. The Act does not anywhere say that computerised print-out need not be signed and is always valid. This being so, it is quite unfortunate that many corporates including Public Sector Undertakings and banks, use the phrase “This is a computer generated printout and hence does not require signature” signifying as though, computer generated printout need not be signed at all. This is not the purport of the Act and can never be. The IT Act and the other Acts amended by it, only state that computerised records are accepted stipulating clear procedures for producing the same, like an accompanying certificate that it is the printout from the systems maintained with proper information security, with proper access control mechanism, which are not tamperable etc. Powers for confiscation of electronic devices like computer hard-disk, mobile hand-set etc under the Act have been clearly laid down and courts in India have now come to a reasonably accepted understanding of taking these evidences if produced with proper forensics tools ensuring proper upkeep, not tamperable, retaining the original date-time stamp and thus conforming to all guidelines on evidences to make them easily available, technologically acceptable and legally irrefutable.

Commentary

Just like the Section 66A which has been questioned for its validity, there are other sections of the Act which are criticised as being draconian and some as very weak. Concepts like due diligence of intermediaries and their roles and responsibilities are gaining in significance these days. With more and more cases getting reported as cyber crimes and more normal criminal cases too getting solved with the help of cyber crime police with software tools like IP tracing, email tracing, mobile tower tracking, call data record analysis etc the cyber crime investigators are getting more active. It is heartening to note that the new government at the Centre has sought public opinion on some of the provisions of the IT Act like Section 66A, the use of networking sites, their roles and responsibilities, powers of Central Government to regulate the networking sites,

freedom of expression in the Net etc. It is hoped that public opinions will be consolidated and ultimately a clearer picture would emerge on the contribution of some of the controversial sections of the IT legislations in India and the need to have a re-look at them. Perhaps in the near future, a comprehensive and dedicated legislation on Data Security and Information Privacy will be in place in India.

Another major step in the amendment is recognition of Computer Emergency Response Team-India (CERT-In), coming under the Dept of Information Technology, Ministry of Communication and Information Technology as the official national agency with specific monitoring powers Another area that needs more regulatory oversight is e-Records Maintenance. Most of the organisations including major PSUs and PSBs do not have a comprehensive, unambiguous e-Records Maintenance Policy in place, though an Information Security Policy or an IS Audit Policy etc are there. In the absence of proper e-records maintenance policy especially for Network Service Providers, Mail Service Providers, Banks and other organisations, sometimes they have to take a stand that old records cannot be produced, or such data cannot be retrieved or are available in media but cannot be read easily since no hardware drives are available or other such technological reasons justifying non-production of such evidences. And this renders it difficult for the litigants to prove their case insisting on production of certain e-records. In sum, there has to be a regulatory initiative for an e-Records Maintenance Policy for corporates that take into account the significant provisions of cyber laws in India. Though IT Act and its subsequent amendment is a major step in the Indian legislative history, it is still a long way to go, since e-commerce is increasing manifold and storage of e-information has now become a part of man’s life. Cyber Law compliance is yet to catch up with all its seriousness in all banks and corporate sector. Other regulatory bodies like RBI for regulating banks, TRAI for the telecom sector and SEBI for corporate sector should evolve more stringent and unambiguous procedures for data storage. Besides, all the concerned sectors like the investigating agencies, the Police, the prosecution and the judiciary should be made to realise the impact of cyber crimes by enhancing the level of awareness. Otherwise, the fear of the nation fighting a cyber war from within is imminent and protecting the national physical borders will pale into insignificance after the electronic frontiers are captured and national e-security affected. And the state should be empowered to fight. In fact, this is not something new but is what Kautilya stated in his administrative treatise Arthashastra when he said the power of a king lies in his mighty arms. Read it as, cyber army, in today’s context, since it is the duty of the State to protect citizens from any attack, physical or virtual or in cyberspace.

August 2014 Defence AND security alert

cyber security

STRATEGIC IMPERATIVES and would be complex, ambiguous with difficulty in attribution. Mistakes committed by Pakistan earlier are unlikely to be repeated, eg, an identifiable control room and calls to Pakistan, use of its citizens, an electronic trail and so on. Most cases earlier were violent acts by individuals or bomb blasts. These continue to be a possibility, but will acquire new avatars. It is here that the cyber domain offers immense scope. Future terror attacks could be on power grids, financial and transportation networks. Also metro systems or air traffic control resulting in accidents or mid air collisions. They would exploit internal conflicts and communal issues. The possibilities are endless. All of this can and will be backed up by propaganda and disinformation on social media and electronic networks to create mass hysteria. Building awareness, defensive and offensive capability in this regard is thus essential.

Cyber Agenda For

The New Government

It is necessary to understand the changing nature of warfare and force multipliers of the electronic sphere. The 21st century has seen its transformation from fourth-generation to fifth and the cyber domain. Its ‘hidden nature’ or ambiguity can achieve results without kinetic effects. With competition over resources and markets, nations will use cywar’s potential to secure national interests. Cywar forms a part of Information Warfare (IW) which extends to every form of media and inter alia includes aspects of propaganda and perception management. Cyber though technically restricted to the Internet, is now increasingly linked by convergence to every communication device.

n a written reply to the Parliament, the Minister for Communications and Information Technology on 14 July 2014 stated; “During the years 2011, 2012, 2013 and 2014 (till May), a total number of 21,699, 27,605, 28,481 and 9,174 Indian websites were hacked by various hacker groups spread across the world. In addition, during these years, a total number of 13,301, 22,060, 71,780 and 62,189 security incidents, respectively, were reported to the CERT-In”. According to the Minister, the attacks include spam, malicious code, website intrusions, phishing and scanning. “These attacks have been observed to be originating from the cyber space of a number of countries including the US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE.” The question which immediately springs to mind is what are we doing about it? The answer even for the most optimistic is, very little. More so as all this is merely the proverbial tip of the iceberg. Anyone in the cyber world would know that for espionage to be successful, it must never be detected. Being

August 2014 DEFENCE AND SECURITY ALERT

lulled into a false sense of confidence in a system which functions smoothly is possibly the biggest vulnerability. Such naiveté is an anathema in today’s environment. While hacking, industrial espionage, cyber crime are a part of everyday life, the difference is when nation states and so called ’non-state actors’ use it as a covert means to obtain information and cause destruction. This is war.

Woefully Unprepared

Enough has been written about this imminent threat, however, to India’s peril, it is still considered a distant probability and has still not received sufficient attention. The many wake-up calls have gone unattended and India is woefully unprepared. Our print and electronic media which has been very active in recent months on political and social issues has chosen to ignore this vital aspect which can threaten the existence and stability of the nation. Peace and stability is essential for growth and economic development. Amongst others, the one big danger to this would be from Pakistan based terror strikes. Such acts in the future are unlikely to follow a predictable pattern

Force Multipliers

It is also necessary to understand the changing nature of warfare and force multipliers of the electronic sphere. The 21st century has seen its transformation from fourth-generation to fifth and the cyber domain. Its ‘hidden nature’ or ambiguity can achieve results without kinetic effects. With competition over resources and markets, nations will use cywar’s potential to secure national interests. Cywar forms a part of Information Warfare (IW) which extends to every form of media and inter alia includes aspects of propaganda and perception management. Cyber though technically restricted to the Internet, is now increasingly linked by convergence to every communication device. With greater cross platform connectivity, this divide is narrowing and every citizen or aspect of life is vulnerable. It is also a vital constituent of No Contact War (NCW). The scope for reach and exploitation by inimical elements ranging from mischievous hackers, to criminals, terrorists, non-state actors as also nation states is thus, unlimited. The damage could be immense and most countries are pressing ahead and taking steps to build capacities for defending themselves as also taking offensive action in cyberspace. The most recent example is that of the ISIS which used social networks not only to recruit, but justify its claim as a ‘Caliphate’, spread the message of Islamic fundamentalism and Global Jihad. From NCW the next stage of warfare is electronic softening of the battlefield. Networks which form the framework for the modern combat therefore become vulnerabilities. Information operations will be used to gain intelligence, manage perceptions, identify targets and disrupt or destroy all communication links. This will also play a role in deception and creating the fog of war. Being prepared, is thus, necessary both for peace and war.

Elephantine Pace

The Institute for Defence Studies and Analyses (IDSA) published a seminal report in March 2012 titled India’s Cyber Security Challenge. The report undertook a holistic survey and having identified the all-encompassing nature of the threat, made cogent recommendations. Amongst others, it emphasised that this challenge could only be met by public-private partnership. The National Security Council (NSC) Secretariat is the nodal agency for the Government and the former National Security Adviser, Mr Shiv Shankar Menon while delivering

the Raja Ramanna Memorial Lecture at the National Institute of Advanced Studies in Bangalore in January 2013, mentioned that the NSC had approved the national architecture in principle. There are no reports on progress thereafter. The initial comprehensive study of cyber security and IW was undertaken by the NSC in 2002. The National Cyber Security Policy (NCSP) is the first public document issued in July 2013. Follow up action is awaited. Assessment by experts is that India has a strategic window only till 2020 to develop cyber warfare capabilities vis-à-vis its adversaries, in particular China. Speed of implementation is thus a national strategic imperative. Especially as dependency on the Internet is increasing exponentially and a host of public and government programmes are dependent on it. More so as India’s neighbours have developed vast capabilities in this field. The focus of this article is therefore to recommend an agenda for the new Government in this regard.

LT GEN ADITYA SINGH PVSM, AVSM (RETD)

The writer is former Member National Security Advisory Board; he retired in 2007 as GOC-in-C, Southern Command the largest Command of the Indian Army. Prior to this he had been Commander-in-Chief Andaman and Nicobar Command in the aftermath of the Earthquake and Tsunami of 26 December 2004. In his capacity as Operational Head, he was responsible for the emergency relief and successful rehabilitation of the ravaged Islands. Currently he is Advisor National Security Programme, Delhi Policy Group.

India’s Elephantine Pace has no place in today’s world. The writer had put forward recommendations for Cyber War in an Article in the October 2010 issue of Defence and Security Alert (DSA). Very little has changed since then. The Ankush thus needs to be applied in the most vigorous manner.

The Minister’s statement quoted above is acknowledging its awareness. The question is how can this be transformed into action? The answer lies in understanding that in today’s India, IW and cyber operations are key to national security and economic development. These go hand in hand and include the path breaking steps visualised in the fields of e-governance. The awareness of this clear and present danger has to be disseminated and pushed. A tech savvy PM can do much in this regard. Cyber security and IW issues which need to be addressed are given in the succeeding paragraphs.

August 2014 DEFENCE AND SECURITY ALERT

cyber security

STRATEGIC IMPERATIVES

Apex Organisation: The National Information Board (NIB) vide Gazette No 57 of 29 August 2002 “has been entrusted with national level policy formulation on IW and Information Security as well as with the creation of suitable institutions and structures for its implementation. The NIB will task and monitor the institutions created by it.” Many recommendations have been made for a dedicated executive body. The IDSA Report of March 2012 had proposed a Cyber and IW Board. Whatever be the name, an empowered body under the NSA needs to be created at the earliest. It would coordinate all matters related to implementation of the NCSP and building-up of comprehensive capability in cyber warfare with public and private participation. Defining Objectives and Doctrine: The NCSP was a start. This policy is however, mainly defensive or preventive in nature. Drawing from the NCSP, a doctrine for IW, with clearly defined objectives in accordance with customary international law and practice needs to be enunciated. This must include definitions as relevant to India. The primary objective would be to garner knowledge to find how systems are breached and thus provide for defensive measures to be developed and put in place. The further argument is that such a doctrine must be available as an armour of self-defence for deterrence. While actual nature of this capability will be ambiguous, subtle signals and clear definition of objectives will lend credibility. Moral arguments stand thin in face of realities. Proactive Cyber Defence is thus justified and called for. Generate and Ensure Awareness: A national drive to create awareness of the cyber threat needs to be launched. More so as now it includes the close to 900 million phones that Indians possess. Everyone is vulnerable. This could be akin to the anti-terror campaign which had a reasonable success. It has to involve the public and private sector, educational institutions, social and electronic media and be backed by savvy campaigns of incentives and the losses one could suffer by neglect. For the public sector and provider of services, there could be the threat of punitive action. Protection of Critical Infrastructure: National Critical Information Infrastructure Protection Centre (NCIIPC), under NTRO has being declared as the nodal agency for the protection of Critical Information Infrastructure of India and issue of Gazette notification is underway. This needs greater speed in implementation. Here too, strict monitoring is necessary. Legal Provisions: The IT Act of 2008 covers all actions in this domain and there is a need to work within these provisions. The Law of Armed Conflict (LOAC) provides the primary legal framework within which one can analyse constraints for offensive cyber operations. Immunity for actions taken against another nation, institutions, hostile group or individual is possible if within the realm of LOAC or for self-defence under Article 51 of the UN Charter. The cyber domain with scope of non-attributable actions as also ease of deniability, provides immense scope for exploitation. So far there are no international cyber laws or treaties and the Tallinn Manual on International Law Applicable to

August 2014 Defence AND security alert

Cyber Warfare, 2013 seeks to define a cyber war code. Though not an official document, it reflects the opinion of 20 researchers and practitioners of international law and was commissioned by NATO. It is the beginning of a deliberate process which would eventually produce an electronic version of the Geneva Conventions. According to a New York Times report the USA has such provisions to protect its operatives. These rules are highly classified and similar to those governing drone strikes. It was reported that these have come about as a result of greatly increased cyber attacks on American companies and critical infrastructure. China has been mentioned as the main threat. The implications of such statements are ominous for India and need to be taken note of. Strict measures and being on guard to ensure protection in this regard should be a 24x7 concern. Raising of Cyber Command: India must raise a Cyber Command. This will comprise not only the three Services but personnel form the DRDO, scientific and technological community. This could function within the space command as many aspects overlap and would economise on resources. It will oversee all activities undertaken during peacetime as also plan for offensive cyber operations as required to include preparation of the battlefield. Cyber Command must work in close concert with the NTRO and other agencies under central control. The US evolved its structure based on experience as also that it functions as an open democracy. India already has the Strategic Forces Command which could be augmented by both the Space and Cyberspace Wings. These may be of smaller size to start with and will develop in accordance with threats and needs. Each service has its own requirements the structure therefore has to be need based and flexible. The various elements of this could be:

• • • • •

Army, Navy and Air Force CERTS. They could also be charged with protection of critical infrastructure of each service. The structure thus envisages a Defence CERT. Intelligence and information operations to include perception mangament. A Defence Intelligence Agency exists under HQ Integrated Defence Staff. Defence Communication Network. Cyber operations which are required for preparation of the battlefield. This again would be a tri-Service organisation with the additional experts from the DRDO or any other such institution. R&D and training.

Territorial Army (TA) Battalions for Cywar: While cyber war is ongoing, there are periods of heightened threat. There is therefore need to create and maintain a ’surge capacity’ for crisis or warlike situations. Young IT professionals constitute a vast resource base and a large number would be willing to loyally serve the nation when required. This resource must be capitalised by raising of Cywar TA Battalions similar to those for Railways and ONGC which could be embodied when required. In addition to purely defence requirements these could also provide for protection of critical infrastructure. Also for deniable operations or during war. Perception Management and Social NWs: In the current age of democratisation or instant availability of information and growth of social NWs, there is tremendous potential for

perception management and manipulation of information. 2011 saw extensive use of these during the ’Arab Spring’ and London Riots. Post the Bodoland agitations in August 2012, the mass exodus of residents from the NE was driven by this. The ISIL example has been quoted. It must therefore be seen as a potential tool for psychological and NCW and form part of any offensive or defensive action. Human Resource (HR) and R&D: The NCSP envisages availability of 5,00,000 cyber warriors by the year 2018. This requires implementation. Growth forecasts of Internet usage specially with e-governance, will create employment potential for ‘Cyber Doctors’ and sleuths. Just as 26/11 created a whole new dimension of requirement of physical security, protection of Internet usage and transactions will create millions of jobs in the near future. It will be a seller’s market for which India with its vast HR base must be ready. Security of data for the BPO industry has brought up the necessity for such programmes. There are various models, eg, the Information Security Education and Awareness programme of the Department of IT; the Chinese models wherein they set up four Universities in 1999 and have today a cyber warrior force of over 3,00,000; talent spotting with competitions is an easy option, programmes and competitions such as Cyber Patriot in USA need to be followed up in schools and educational institutions. Innovation and setting up of R&D facilities both in government and private sector needs to be pushed. This is particularly so in the fields of ‘Testing and Certification’. Language Training: HR trained in language of our potential adversaries and countries of the region is a must. This too would be source for employment. Partnerships: India cannot go it alone. Various past attempts have not been of much success. It has to be seen as a global issue and capacities developed. Cyber terror and breakdown of institutions constitutes a global threat and will beget cooperation. Formulation of advocacy groups to ensure our national security interests is also a need. India must also cooperate on matters of Internet Governance.

ProgrammeS

The latest Snowden story is a catalogue of exploit tools from Joint Threat Research Intelligence Group (JTRIG), a unit of the British GCHQ, for both surveillance and propaganda. It’s a list of code names and short descriptions, such as these:

• • • • • • • •

• • • • • • •

GLASSBACK: Technique of getting a target’s IP address by pretending to be a spammer and ringing them. Target does not need to answer. MINIATURE HERO: Active skype capability. Provision of real time call records (Skype Out and Skype to Skype) and bidirectional instant messaging. Also contact lists. MOUTH: Tool for collection for downloading a user’s files from Archive.org. PHOTON TORPEDO: A technique to actively grab the IP address of MSN messenger user. SILVER SPECTOR: Allows batch Nmap scanning over Tor. SPRING BISHOP: Find private photographs of targets on Facebook. ANGRY PIRATE: A tool that will permanently disable a target’s account on their computer. BUMPERCAR+: An automated system developed by JTRIG to support BUMPERCAR operations. These are used to disrupt and deny Internet-based terror videos or other materials. The technique employs the services provided by upload providers to report offensive materials. BOMB BAY: The capacity to increase website hits / rankings. BURLESQUE: The capacity to send spoofed SMS messages. CLEAN SWEEP: Masquerade Facebook Wall Posts for individuals or entire countries. CONCRETE DONKEY: The capacity to scatter an audio message to a large number of telephones, or repeatedly bomb a target number with the same message. GATEWAY: Ability to artificially increase traffic to a website. GESTATOR: Amplification of a given message, normally video, on popular multimedia websites (YouTube). SCRAPHEAP CHALLENGE: Perfect spoofing of emails from BlackBerry targets. SUNBLOCK: Ability to deny functionality to send / receive email or view material online. SWAMP DONKEY: A tool that will silently locate all predefined types of file and encrypt them on a target’s machine. UNDERPASS: Change outcome of online polls (previously known as NUBILO). WARPATH: Mass delivery of SMS messages to support an Information Operations campaign. HAVLOCK: Real-time website cloning techniques allowing on-the-fly alterations. HUSK: Secure one-on-one web based dead-drop messaging platform.

Identification of Technologies and Vulnerabilities: Study of vulnerabilities both of own systems as also those of our potential adversaries must be undertaken to prevent intrusion and exploit weaknesses. There is a need to identify technologies in this regard. These should also include isolation of Networks within the country, close monitoring of gateways and backbone, identification of ‘zero day’ vulnerabilities, protection of power grids, secure communications for defence and critical services, penetration et al. An example of what UK’s Joint Threat Research Intelligence Group, a unit of the British GCHQ is doing has been published in Bruce Schneier Crypo-Gram (schneier@schneier.com, http://www.schneier.com) of 15 July 2014 is mind-boggling and shows how far ahead others are (See box on the right).

•

The Urgency

cyber domain. Cyber war will also be central to any hostile or conflict situation. Clearly defined objectives and national doctrine in this regard along with supporting structures and matching capabilities are thus inescapable. Can the New Government wake-up to this or does it require a Cyber 26/11?

Understanding the threat of Cyber war and developing capacity for offensive actions in this domain is a sine qua non. Nations, non-state actors, terrorist groups and individuals pose a challenge to economic growth which is increasingly going to be dependent on the

• • • • •

There’s lots more.

August 2014 Defence AND security alert

Tata Cobham JV

ata Advanced Systems (TASL) has entered into a contract manufacturing tie-up with Cobham of UK to make air-to-air refuelling equipment for aircraft in India. Cobham is a leading supplier of technological solutions to defence and security markets including defence electronics, satellite communications and aviation services. TASL provides integrated solutions for aerospace, defence and homeland security markets and makes equipment for radar systems and night-vision devices as well as unmanned aerial systems. TASL already has partnerships with Lockheed Martin and Sikorsky.

Boeing optimistic

oeing is anticipating that the company’s long pending contract for a total of more than three dozen Apache and Chinook choppers may be signed by September in conjunction with Indian Prime Minister Narendra Modi’s visit to the US. Boeing sees the US$ 2.5 billion contract for US military helicopters as harbinger of new government’s approach to arms deals and foreign investment in defence. Shep Hill of Boeing likened the chopper contract to a “canary in a coal mine” and said “we already see movement we are encouraged by.”

Future soldiers immune to bio-weapons?

Defence sector opens to private companies

odi government has given the formal nod for the Indian private players to tie-up with foreign companies to supply 56 transport aircraft to the Indian Air Force. Defence Acquisition Council (DAC) chaired by Defence Minister Arun Jaitley has cleared various projects worth Rs 21000 crore. Defence experts are of the opinion that Indian private companies have to be encouraged to enter into defence production in a big way to accelerate creation of a military-industrial base and this major transport aircraft project is a step in the right direction. Indian companies like Tata, Reliance, L&T and Mahindra have long been eager to enter the aviation and other defence production programmes.

Mahindra MoU with GE Aviation

ahindra Aerospace has signed an MoU with GE Aviation to pursue potential opportunities in the Aerostructures requirements in the burgeoning Indian market. The agreement was signed by Stefanie Darlington for GE Aviation and Arvind Mehra for Mahindra Aerospace.

merican scientists have succeeded in genetically modifying red blood cells (RBCs) to carry a range of valuable payloads – from drugs to vaccines to imaging agents – for delivery to specific sites throughout the human body. US military and its Defence Advanced Research Projects Agency (DARPA) which is supporting the research hope to use this breakthrough in developing treatments or vaccines effective against biological weapons.

MDL delivers Kolkata class guided missile destroyer

azagon Dock Ltd has delivered the first of the Kolkata class guided missile destroyers to the Indian Navy. Kolkata class will be the largest destroyers to be operated by the Indian Navy and the first stealth destroyers built in India. This hi-tech platform is equipped with state-of-the-art weapons and sensors, an advanced combat management system, an auxiliary control system with sophisticated power distribution architecture and most modern crew accommodation.

August 2014 Defence AND security alert

Brain implant to help wounded soldiers

efence Advanced Research Projects Agency and the US military researchers are developing a new kind of brain implant that may help restore memories in wounded soldiers. The research team envisions to develop neuroprosthetics for memory recovery in soldiers with brain injury and dysfunction. A wireless, implantable device will bridge gaps in the injured brain and make it easier to remember basic events, places and context. This kind of recall can be lost in traumatic brain injury which affects hundreds of thousands of soldiers around the world.

August 2014 Defence AND security alert

cyber security

ATTACK ANALYSIS

Strategic Cyberspace Science Perspective On Threat Intelligence

Where has this threat been seen? ■ Incidents

• • • • • • •

any organisations today are facing a new reality where they need to develop or mature into intelligence enabled security organisations in order to get ahead of the growing threats in cyberspace. Threat Intelligence has moved from a nice to have to a must have but many organisations remain confused about what it is and how to effectively use it to increase the organisation’s security posture. A couple of the themes the international Science of Security (SoS) community has been focused over the past several years is Attack Analysis and Common Language. In Attack Analysis, the deepest understanding of security is obtained when it is informed from an attacker’s perspective. With Common Language, we seek to express security in a precise and consistent way. This is a vital foundational requirement so that we can express and develop an understanding of our security. Both of these cyber science themes provide valuable insight to modern threat intelligence. Perspective is important. The analysis of an attack in cyberspace is often quite different depending on how mature the organisation is as an intelligence enabled security organisation. Organisations on the lower end of the maturity model focus their analysis of the attack on data and information obtained primarily from security products and devices inside the enterprise. Organisations on the higher end of the maturity model analyse data and information from both internal and external sources to more fully understand the attack and who was attacking them. Often times a key differentiator is perspective. The Victim’s perspective and the Attacker’s perspective. The Victim’s perspective is primarily focused on analysing all the security data from inside the enterprise that is connected to the attack. The Attacker’s perspective is focused on analysing the amalgamation of data on what capabilities the attacker used and the supporting infrastructure used during each phase of the attack. Both perspectives are important

August 2014 Defence AND security alert

for today’s intelligence enabled security organisations and the analysis of both perspectives can provide knowledge of what happened and foreknowledge to help counter the next attack. The later, foreknowledge or intelligence if you will, is the product resulting from the processing and analysis of information concerning the attacker or threat actor conducting the attacks. “What enables the wise sovereign and the good general to strike and conquer and achieve things beyond the reach of ordinary men, is foreknowledge.” – Sun Tzu, Art of War. Intelligence from the victim’s perspective is generally called Security Intelligence since its focus is on what happened to the victim. Threat Intelligence is focused on the attacker’s perspective and providing foreknowledge on what the attacker is doing so organisations can better assess their risk to the threat by answering basic questions such as:

What activity are we seeing? ■ Observables

•

Measurable Event • A registry key is created • A file is deleted • An http GET request Stateful Properties • MD5 hash of a file • The value of a registry key • Existence of a mutex

What threats should I look for and why? ■ Indicators (Provide contextual information to observables)

• • • •

Indicated TTP Related Campaign Related Indicator Suggested Course of Action

Related Indicator Leveraged TTP Related Observable Related Threat Actor Related Incident Course of Action Taken Course of Action Requested

What does it do? ■ Tactics, Techniques and Procedures (TTP)

•

Attack Pattern • Social Engineering Attacks • Supply Chain Attacks • Communications Attacks • Software Attacks • Hardware Attacks • Physical Security Attacks

• Malware • Related TTP • Observed TTP • Leveraged TTP • Indicated TTP What weakness does this threat exploit? ■ Exploit Target

• • •

Known Vulnerability? Unknown / 0-Day Vulnerability? Security Configuration Issue?

Why does it do this? ■ Campaign

• • • • • • •

Advanced Persistent Threat / Intellectual Property Theft? Cyber crime / Financial Theft? Hacktivist Operation? Associated Campaign Historical Campaign Related Campaign Attribution to Threat Actor(s)

Who is responsible for this threat? ■ Threat Actors

• Attribution to Campaign • Current • Historical • Observed TTP • Associated Actor • Related Threat Actor

What can I do about it? ■ Course of Action (COA)

• • • • •

COA Taken COA Requested Potential COA Suggested COA Related COA

Intelligence enabled security organisations look at attacks from the attacker’s perspective, or put simply, they analyse each step the threat actor took in his offensive actions including setting up and executing the attack in cyberspace in order to identify defensive mitigations and countermeasures that can be deployed along the organisation’s defence-in-depth security infrastructure to form a kill chain to defeat the attack. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu, Art of War.

Shawn Riley

The writer is Executive Vice President, Strategic Cyberspace Science at The Centre for Strategic Cyberspace + Security Science (CSCSS). He has over two decades of hands on experience across security engineering, security operations and security intelligence for both domestic and international government customers.

Keep in mind when analysing the attack that it was carried out by a person, a threat actor, looking at the attack data from this perspective is essential as people are creatures of habit. Especially when they do the same tasks again and again such as carrying out attack after attack as part of a persistent campaign. Consider the route you take to work every day. Most people will follow the same route day after day. Threat Actors will repeat behaviours and actions such as reusing the same malware with only minor changes or reuse the same fake contact details to register a new domain name or leave the same tool marks or unique strings in the code they are using. People make patterns with their behaviours and actions and these patterns can be used to profile the threat actor for a virtual attribution. This is similar to physical investigations where they might collect DNA and fingerprints from multiple physical attacks over a period of time and through analysis provide attribution to a single attacker, even if they don’t know the identity of the attacker.

The Attacker’s Spoor

By identifying specific observable indicators for each phase of the cyber attack lifecycle defenders can create a kill chain of mitigations and countermeasures to increase their cyber resiliency against the threat actor. This approach shifts the power in favour of the defender where they now have multiple chances to counter the threat actor’s attack as it progresses through different phases of the cyber attack lifecycle. A threat actor doesn’t know which kill chain phase of the cyber attack lifecycle the attack was stopped. In order to defeat this intelligence-enabled approach the threat actor has to invest additional time and resources to completely change the established modus operandi in order to achieve the objectives. Intelligence enabled security organisations also realise that they can’t do it alone. Cyber is often called a team sport and sharing threat intelligence is a key to that success. One area of confusion surrounding the sharing of threat

August 2014 Defence AND security alert

cyber security

ATTACK ANALYSIS

intelligence for many organisations is what information is shared. Many organisations are concerned about sharing data from inside their enterprise. To provide some clarity to this issue we should again look at perspective. Threat intelligence is about the attacker’s perspective. For the most part, the members of your threat intelligence sharing community are not looking for you to share internal security data which provides the victim’s perspective. The community is more interested in the attacker’s perspective to understand who did it, what did they do, how they did it and what courses of action the receiving organisation can do to detect the attack or prevent the attack from being successful against them. The community wants you to provide them with foreknowledge, in the form of threat intelligence, so future attacks by this threat actor are not successful against their organisations. In return, the community will share threat intelligence on attack’s they’ve seen with you to provide you the foreknowledge you need.

Vocabulary For Counter-attack

range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable and as human-readable as possible. Over the last two years organisations from around the world have participated in the evolution of STIX as part of its open, collaborative community. Organisations interested in adopting STIX should also consider adopting the Trusted Automated eXchange of Indicator Information (TAXII) specification which enables organisations to share structured cyber threat information in a secure and automated manner. The use of a common language such as STIX and exchanging cyber threat information over TAXII also enables benefits such as automation and interoperability. STIX is written in Extensible Markup Language (XML) which means it’s both human and machine readable. This means it can be exchanged human to human, human to machine, machine to human and machine to machine in an automated fashion. There is a large part of the STIX community focused on security automation R&D to help transition threat intelligence from moving at human speed to full network speed.

When it comes to sharing information, one of the most important attributes in the science of security community Inter-operability is the use of a common language and a set of basic As we move forward we are going to see more and more concepts about which the security community develop security vendors integrate STIX into their products either a shared understanding. Cyberspace is an artificially as consumers, producers or both to support automation constructed environment where cyber security is science and interoperability. From an interoperability standpoint, in the presence of adversaries or threat actors. We have using STIX and TAXII provides organisations semantic interoperability in that there to keep in mind that the is a shared understanding threats are dynamic in of communicated data, nature and the threat actor’s When it comes to sharing information, technical interoperability modus operandi is continually one of the most important attributes in in that sharing is based on changing as attacks evolve the science of security community is the well-defined and widely over time, especially in use of a common language and a set of adopted interface standards response to the defensive basic concepts about which the security and policy interoperability actions. Using a common pertaining to common language that includes community develop a shared understanding business processes related foundational principles and to the transmission, receipt fundamental definitions of concepts will facilitate the testing of hypotheses and and acceptance of data among cyber participants. Interoperability in turn enables common operational validation of concepts within the information. pictures and shared situational awareness. With Anyone who has travelled to a foreign country where interoperability, cyber communities may be defined by they couldn’t speak the local language can relate to the policies and allow for seamless and dynamic collaboration. importance of using a common language so that both The science of security was developed as a more fruitful parties have a shared understanding of what is being exchanged in the dialogue. This basic concept applies to way to ground research and to nurture and sustain the domain of cyber security. We want to use common progress. We looked at the core themes of Attack Analysis languages so we have a shared understanding of what and Common Language as they apply to threat intelligence. we are seeing or doing or what someone else is seeing We looked at the attack from both the victim and attacker or doing. This is particularly important when it comes perspective and considered how organisations can share to sharing threat intelligence. Modern intelligence foreknowledge on the threat actor’s cyber operations enabled security organisations have immense volumes in the form of threat intelligence. We briefly looked at of complex cyber security information and there is a how the use of STIX can provide a common structured need for a common, structured representation of this language to cyber threat intelligence information and the additional benefits of automation and interoperability. As information in order to make it manageable. organisations look to mature into intelligence-enabled The STIX Initiative security organisations by leveraging threat intelligence, Structured Threat Information eXpression (STIX) is a consider what perspective the intelligence is providing structured language for threat intelligence information. and if the intelligence is using a common or standardised STIX is a collaborative, community-driven effort to define language and format. Make sure the threat intelligence and develop a structured language to represent cyber you choose is providing you the foreknowledge to counter threat information. The STIX language conveys the full the threat actors who are attacking you.

August 2014 Defence AND security alert

network centric warfare

INADEQUATE PREPAREDNESS

Net-centric Defence Forces A Macro View

The Defence Services are bulk users of cyber infrastructure both in peace and wartime. But the fact remains that the Indian Defence Forces are also becoming more and more network dependent though the path to a networked military has not been without its obstacles. In the case of the army, the Tactical Communication System (TCS) and the Battlefield Communications System (BMS) are still some way from operationalisation despite having been initiated as far back as 2000.

ndian cyberspace could be said to be a reflection of the usual portrayals of the country itself; somewhat chaotic, with an abundance of mischief makers and law breakers and verging on the edge of anarchy. Despite this, citizens are carrying on with the business of life, enjoying what cyberspace offers to the fullest; buying, selling, sharing, SHOUTING, learning, loving, leaving ... the list goes on. Whatever be the perceptions, the fact is that securing cyberspace is fast becoming as important as ensuring the physical security of the citizen.

Web Of Departments

The responsibility of securing cyberspace was initially entrusted with technical agencies with resolution of criminal activities being entrusted to the law enforcement agencies. As the threats in cyberspace have grown in intensity and complexity with a concomitant progression in perpetrators from hackers, to criminals to state sponsored actors, the responsibilities have also shifted to agencies that are able to adequately respond to such threats. The nodal agency entrusted with securing cyberspace has been the Computer Emergency Response Team-India (CERT-In) which was under the Department of Electronics and Information Technology, Ministry of Information Technology. Its responsibilities included 1) Creating a safe and secure cyber environment through appropriate policies and legal frameworks; 2) Providing generic and specific assistance to government and critical sectors and 3) Creating Cyber security standards / guidelines, auditing organisations, providing points of contact, carrying out cyber security drills, creating Crisis Management Plans and Cyber Alert systems and interacting with Sectoral and Foreign CERTS. After the Mumbai attacks of 2008 and with increasing instances of cyber-espionage and attacks on critical infrastructure, the National Critical Information Infrastructure Protection Centre (NCIIPC) was created with the mandate of protecting critical information infrastructure. The Mumbai attackers used cyber and telecom related technologies both before and during the attacks; the terrorists used Voice over Internet Protocol (VoIP) to communicate with their handlers,

August 2014 Defence AND security alert

Garmin GPS units were also found in their possession, as also satellite phones. It transpired in the investigation into the attack that Google Earth was used for reconnaissance and training purposes. These revelations provided considerable impetus for an amendment to the IT Act which provided for the creation of the NCIIPC. This agency, which was notified on 19 January 2014 is under the administrative authority of the National Technical Research Organisation (NTRO) which is a technical intelligence organisation under the National Security Adviser in the Prime Minister’s Office. The mandate of the NCIIPC is to “Protect critical infrastructure against cyber terrorism, cyber warfare and other threats”.

Wide Gaps

Where does that leave the armed forces? The Defence Services are bulk users of cyber infrastructure both in peace and wartime. With the cyber arena now recognised as a new domain of war, setting up a force competent to achieve the dual objectives of defending the country from cyber attacks in war and securing the military’s network operations in peace is one that requires considerable thought and forward planning. The stringent efforts to provide dedicated and secure networks to the military notwithstanding, the amount of data generated necessitates use of public networks as well. The Pentagon, for instance, estimates that as much as 90 per cent of its communications and data traffic passes through public networks. The bandwidth crunch has even necessitated the purchase of bandwidth on Chinese satellites. The case of the US defence forces might be said to be unique since they are expeditionary and dispersed all over the globe. But the fact remains that the Indian defence forces are also becoming more and more network dependent though the path to a networked military has not been without its obstacles. In the case of the army, the Tactical Communication System (TCS) and the Battlefield Communications System (BMS) are still some way from operationalisation despite having been initiated as far back as 2000. As a senior executive of a foreign networking hardware provider pointed out recently, many of the junior officers he met with during the initial stages of tendering are now either Generals or have retired. While the Air Force Net was commissioned in 2010, the Integrated Air Command and Control System (IACCS) which is to ride on the network and

provide total battlefield awareness is yet to become fully operational, according to last reports. Only when the network backbones are in place can all the other systems required for network centric warfare operate at their full capacity. C4ISR (Command Control Communication Computers Intelligence Surveillance and Reconnaissance) systems require a multitude of complex software and hardware to work together seamlessly. Organisational and doctrinal shifts will also have to be made taking into cognisance the changes in a network enabled environment. Peer militaries such as the Peoples Liberation Army have progressed considerably in readjusting themselves to fight non-linear and non-symmetric war that would take place in many dimensions and not necessarily within a set battlefield or theatre. Decision cycles such as the Observe, Orient, Decide and Act (OODA) loop developed by USAF Col John Boyd become even more compressed in a networked environment. The primary goal in a networked environment is to degrade the opponent’s networks while ensuring the integrity of own networks. Hardened networks can only be achieved through research and development and the Defence Research and Development Organisation has a number of labs such as the Centre for Artificial Intelligence & Robotics (CAIR) working on command and control software and software based decision-making tools. These would necessarily have to be developed in-house to reduce the vulnerabilities in the form of backdoors in software procured elsewhere. While degrading the networks can be done physically through bombings etc similar effects can also be achieved through the networks themselves, giving rise to the genre of cyber war. Operations through computer networks can take the form of computer network attack or exploitation while defending own networks comes under the rubric of computer network defence. Militaries began by standing up information warfare units and many have now progressed to establishing Cyber Commands, with assigned budgets and personnel.

Military Networks Compromised?

At present, there is a profusion of agencies, ranging from the Corps of Signals, to the A-CERT (Army Computer Emergency Response Team), to the IT Departments of the various HQs and the IDS. The Defence Information Assurance and Research Agency (DIARA) has been designated as the “nodal agency mandated to deal with all cyber security related issues of Tri-Services and Ministry of Defence” according to a statement made by the defence minister in Parliament in 2010. There has been no official role for the military in cyber security, other than that of protecting its own networks that have been reportedly penetrated on and off. This, despite the Minister of Defence referring to cyber threats as a major threat to the nation in virtually every speech made to the apex military gathering, the Combined Commanders Conference over the past three years. As in other militaries, a Cyber Command needs to be stood up at the earliest, at the least, to enable the allocation of personnel and a budget. Ironically, enough, while the armed forces have an advantage in that legacy issues will be kept to a minimum

since many of the networking intiatives are only now bearing fruition, the fact remains that the army, navy and air force all have their own separate networks at a time where common networks are being created in the interests of efficiency and jointness. In addition to the offensive and defensive aspects, cyberspace also plays a support function. This would entail training at the lower end and re-training at the higher end to incorporate such aspects into overall defence planning and preparedness. While signals have always been seen as a support function and personnel treated as such, the unfolding environment calls for altered career graphs to draw and retain suitable manpower in a highly competitive environment.

Dr Samuel Cherian

The writer is Associate Fellow in the Strategic Technologies Centre at the Institute for Defence Studies and Analyses, an autonomous think tank affiliated to the Indian Ministry of Defence. He has written on various cyber security issues, including critical infrastructure protection, cyber resilience, cybercrime and Internet governance. He was co-ordinator of the IDSA Task Force on Cyber Security which published a report on “India’s Cyber Security Challenges” in March 2012. The views expressed are personal.

Being a new domain, there are also issues that have to be addressed at a conceptual level where the debates on cyber warfare range from the definition of cyber warfare to questions as to whether any of the offensive actions seen so far in cyberspace come under the ambit of cyber war. There are also questions about whether existing laws and conventions on war, particularly the Law of Armed Conflict (LOAC) and International Humanitarian Law can be adapted to the new environment of cyber warfare. The basic principles that have governed definitions and responses to traditional war, such as proportionality, distinction and territory cannot be easily adapted to cyber war. Military planners are faced with a conundrum since the assets they would have to defend in cyberspace consist of networks and data servers that are geographically dispersed and in the case of cloud computing, there is a chance that both own and enemy assets could on the same server! Other situations include that of being attacked by enemy-controlled botnets from within the country.

The fact remains that the army, navy and air force all have their own separate networks at a time where common networks are being created in the interests of efficiency and jointness There are therefore many issues to be tackled both on the operational and conceptual sides in this new domain. The sooner they are tackled in a comprehensive manner, the more secure the country would be in the cyber domain.

August 2014 Defence AND security alert

cyber security

legislation and command

Indian Perspective On Geoeconomics And Geostrategy A comprehensive report that extends beyond just finance and business performance, should further include the level of enforcement of the cyber policy, strategy and controls thereby providing a more accurate and relevant assessment of the state of the sector and the enterprise.

he interlocking of the cyber domain with geostrategies and geoeconomics will continue to influence the landscape across the state machinery and the enterprise. Reflecting on India’s National Cyber Security Policy (NCSP) which was released by the Indian Government in July 2013, key elements of this policy also include bolstering our nation’s economy and to strengthen the current regulatory framework. To that effect, one needs to go beyond in terms of whether the existing policies (such as FDI, Tax and Offsets) that govern the defence sector and mainly driven by the Department of Industrial Policy & Promotion, Foreign Investment Promotion Board are adequate enough to address current and future requirements or to simply put it differently, whether the NCSP should be brought into effect as a key requirement when evaluating the performance offset partners in India, thereby ensuring that all sectors of the economy stand to benefit. The NCSP should be part of the existing regulatory regime provided it is aptly supported by a comprehensive framework of systems and structures, time tested against various scenarios and proven to be responsive to our immediate and long-term national security commitments. Finally, I will draw parallels with China and the rest of the world from the point of view of how India could possibly narrow the deficit our armed forces are challenged with given the recent spate of incidents leading to loss of lives and strategic assets that has cost us dearly and eventually reduce the time gap to achieve and maintain superiority in the cyberspace.

Growth Target

Having surpassed Japan in recent times, India now is the second largest economy in Asia and going by sources in the public domain, a target growth rate of 5-6 per cent is achievable provided the government of the day is able to execute its functions in the best possible fashion. Therefore, assuming that the intended benefits have not been fully realised as a result of the recent roll-out or implementation of the NCSP given this short duration of time across sectors, there is a huge potential to exceed the

August 2014 Defence AND security alert

targeted growth rate. Furthermore, the recent unilateral investigation affecting India’s stance on the global stage as a strong enforcer of the IPR regime will prove to be a setback in the event India is designated as a ‘priority foreign country’ in relation to the US Trade Pact. Although, India has its own stand in this matter, any trade sanctions imposed on India are likely to effect both the countries. Take the aerospace and defence sector for example, which is subject to offset obligations as mandated in the Defence Procurement Procedure (DPP) 2013. Offset performance is subject to review and audit by designated authorities such as the Defence Offsets Management Wing (DOMW) as well as the Comptroller and Auditor General of India on a periodic basis. A lookup on the official reports published in the public domain, indicate that a wide range of the offset provisions have been reported to be non-compliant as far as offset contracts are related. Given our economic and security interests, it is inconceivable that cyber specific audits and assessments should be mandated and carried out in accordance with the governing set of controls.

Need For Cyber Controls

A comprehensive report that extends beyond just finance and business performance, should further include the level of enforcement of the cyber policy, strategy and controls thereby providing a more accurate and relevant assessment of the state of the sector and the enterprise. Taking into account all of the above, this approach could further aid in developing a case for upgrading the existing norms relating to offset credits and multipliers on the basis of cyber specific capabilities as well. Clearly, establishments involved in building future platforms for our armed forces should demonstrate a high-level of awareness and compliance to a wide range of cyber controls. This would in-turn also lead to a positive first step in the information sharing process between government and the industry as far as cyber intel, state and level of preparedness (something which could aid in the selection

process in case of fast track procurement procedures) and finally penalties for lapse in controls or negligence leading to serious non-compliances such as those that are proven to be damaging to a highly classified defence programme.

Cyber Legislation And Strategy

Details relating to standards procedures, operational parameters such as the nature of controls, reporting of metrics and provisioning of related norms to be adhered to can be ironed out in joint consultation between industry and government as has been done on previous occasions relating to the roll-out of policies at the national level, be it IPv6, National Telecom Policy and so forth. Understandably, by all means this is not an easy feat to overcome as enforcing this would go through various cycles of reviews and allocation of budgetary resources. However, given the nature and enormity of this task, it is even more important that an undertaking of this kind is committed to. While, most countries including India have passed legislation affecting data protection and use of Information Technology, there is now growing interest towards passing cyber legislation particularly in the US. At this stage, it is evident that cyber extends well beyond the boundaries of just IT and systems and therefore in order to maintain our leverage a step in this direction will prove to be immensely beneficial, particularly in making informed decisions relating to military and cyber doctrines.

The Indian software sector is well equipped to provide resources given its current standing. Consider a scenario, where the average cycle time required to develop cyber weapons is reduced by nearly one third or one fourth by the sheer fact that a comprehensive database of all “highly skilled and qualified personnel” is maintained and resources can be leveraged as and when the need arises A conflict with “China in China” opens up an entirely new frontier as opposed to engaging in disputed territories. The size, terrains and the population density being major attributes. Comparative figures relating to India and China’s defence platforms are well known. Therefore, given conventional warfare terms this would hold good. From a cyber-perspective, India’s current position of approx. 500-600 cyber security experts and a demand of over 500,000 cyber professionals needs (as mentioned in the public domain) brings in another perspective and therefore should be looked at even more closely. A comprehensive cyber development programme. will engage expert coders to research and develop exploit code. However, in the absence of highly skilled functional and domain specialists in a complex programme one can imagine how effective the strategy would be and the probability of achieving success criteria. The Indian software sector is well equipped to provide resources given its current standing. Consider a scenario, where the average cycle time required to

develop cyber weapons is reduced by nearly one third or one fourth by the sheer fact that a comprehensive database of all “highly skilled and qualified personnel” is maintained and resources can be leveraged as and when the need arises. This accompanied with the fact, wherein the will of the political establishment, government sources, the intelligence community and the military leadership all put together will create a formidable force in the cyber domain. In that sense, whether a cyber-strategy (offensive and defensive) precedes or follows a military campaign, India should exercise this leverage as and when the opportunity or crisis emerges.

Rapid Response Force

Arjun Singh

The writer is an independent Cyber Adviser with close to 15 years of combined experience in management consulting, business development, programme management, IT Due Diligence, cyber (critical infrastructure protection), anti-fraud (process validation, Sarbanes-Oxley audits), computer forensics, penetration testing, third party risk management, global and regional IT transformation projects (includes design and response to Request for Proposal, vender evaluation and selection, solution architecture and deployment, services and security management standards). He has previously worked with Ernst & Young, KMPG, Accenture and Xansa.

In relation with the recent technological advancements made by foreign countries, India should consider in the foreseeable future building a “Cyber Rapid Response Force” which can be mobilised and deployed in very short periods of time, under military leadership. Undoubtedly, this would serve multi-purpose and encourage individuals to step forward when the time comes, besides the fact that this would definitely generate interest amongst those who were not inducted into the armed forces for various reasons and limitations but are highly qualified as far as cyber skills and competences where it matters the most. Clearly, the physical and endurance tests as required to join the armed forces is likely to not be the same and therefore tapping into the country’s vast pool of talent and resources will give us the much needed advantage. Needless to say, but I would whole-heartedly volunteer my services.

In relation to the recent technological advancements made by foreign countries India should consider in the foreseeable future building a “Cyber Rapid Response Force” which can be mobilised and deployed in very short periods of time, under military leadership. Undoubtedly, this would serve multi-purpose and encourage individuals to step forward when the time comes Recommendations leading to the format of setting up a cyber-workforce exclusively for the purpose of supporting military campaigns are beyond the scope of this article, but

August 2014 Defence AND security alert

cyber security

legislation and command

cyber security

Misuse of technology?

Rakshit Tandon

it would be interesting to see how circumstances change as we move forward and it will only be prudent on our part to anticipate such requirements well ahead in time. The US military has taken the path of enrolling their men in uniform under the umbrella of their cyber command. An example given of how a US Navy machinist has been included in the cyber workforce to support US missions illustrates key points in view of the fact that the US military has made the decision to not induct personnel from civil sector as part of this programme even though the industry is involved extensively in developing cyber solutions. Secondly, this approach provides opportunities for those who want to pursue and advance their careers in the cyber domain.

Cyber Command

affecting our armed forces and the nation should only strengthen our resolve to find opportunities to better serve and protect our country. We should continue to explore “all options” when it comes to national interests be it if relates to building our own cyber command or forming a nation-wide cyber-rapid response force comprising of both civil and military personnel. On the civil aviation front, the industry recently completed 100 years of commercial flying service. However, despite rapid advancements in technologies, economics and information sharing continues to be a challenge. We’ve now seen how this comes into play, taking into account in the two major air disasters in the past five months, since the aftermath of 9/11, involving flights MH370 and MH17. With regards to MH370 and going by public sources

August 2014 Defence AND security alert

and analysts, the airline had decided to opt for the most economical INMARSAT data package, which did not include specific option such as location data, as a result search operations till date have had no outcome. As far as MH17 is concerned, it is reported that 75 flights continued to fly over the Ukrainian air space (for 48 hrs leading to the shooting down of the plane on 18th July). Could this disaster have been averted? While there are some fairly obvious explanations for this, a compelling point is the fact that despite the flight MH17 flying at approx 32,000 feet which is supposedly deemed to be at a safe altitude, may not have been the best option. Take for instance, if the plane flying within this corridor needed to descend due to cabin pressure, engine failure etc it could have then still come directly in the line of fire of rebels, militia groups etc. Following this incident, issues concerning transparency in investigations, evidence collection and involved parties are now a growing concern worldwide.

Learning from past historical events, countries such as Singapore, Germany and Israel have followed the format of ensuring that all eligible citizens are engaged in serving the country both during peace (even though on a temporary basis) and conflict. We should continue to explore “all options” when it comes to national interests be it if it relates to building our own cyber command or forming a nation-wide cyber-rapid response force comprising of both civil and military personnel Given both these circumstances, it appears that economics relating to investments in safety and security, fuel burn, time cost and more importantly intelligence from sources on ground and other sources such as satellite imagery, country level coordination etc all put together should form a significant part of a country’s (also factoring in the most recent development of establishing a BRICS development bank) cyber strategy comprising of geopolitical and economic factors.

A Web Within

‘The Web’

The writer is an Adviser / Investigation Expert to Cyber Crime Unit of Uttar Pradesh Police at Agra and Cyber Crime Cell of Gurgaon, Haryana Police; a Visiting Faculty-Lecturer at Dr BR Ambedkar Police Academy – Moradabad (UP); Haryana Police Academy – Madhuvan, Karnal; Police Radio Training School, Indore; CDTS (Central Detective Training School) Chandigarh and Ghaziabad. He provides expert guidance in solving different Cyber Crime Cases to UP and Haryana Police.

Window shopping is now done on browser windows and marriages are made on websites rather than in heaven. Whilst the difficulties of life have eased the threats of the cyber world have risen tremendously. Cyber crime like traditional crimes is not confined to boundaries. Also the fact that the anonymity quotient is high in misuse of technology. The NCRB report reveals a loss of millions to our country when the penetration of Internet is still below 20 per cent.

he World Wide Web has been a remarkable revolution that we have seen. I consider myself lucky to have witnessed this phenomenal transition from the not-so convenient life to a very convenient life. ‘Window’ shopping is now done on browser windows and marriages are made on websites

rather than in heaven. Whilst the difficulties of life have eased the threats of the cyber world have risen tremendously. Cyber crime like traditional crimes is not confined to boundaries. Also the fact that the anonymity quotient is high in misuse of technology. The NCRB report reveals a loss of millions to our country when the penetration of Internet is still below 20 per cent.

Threat To Youth

Whilst as adults we still understand the difference between the virtual and real world, our youth and children are getting wound in the “spider’s web”. Technology by itself is not bad; it is our lack of understanding of the etiquettes of using it that has led to a dark era. I have extensively travelled the country and spoken to more than 10 lakh children in 64 cities and 17 states; in my journey into cyberspace titled “Safe Surfing”. On an average I receive 30-40 complaints after every session which are desperate in nature. Social networking sites are emerging

August 2014 Defence AND security alert

cyber security

Misuse of technology? Major Types Of Cyber Crimes

as biggest threats to personal security with personal information becoming available online. These sites are like playgrounds with no boundaries and everyone from 5 to 50 is running astray here. I am also involved with cyber crime cells and I am a faculty member to multiple law enforcement agencies across the country. Ever since law enforcement became a part of my journey I have seen how an elderly woman has lost money from her bank account through sheer social engineering because of data posted on Facebook, to how a 12th grade student has used his fantabulous potential in the wrong direction and robbed four bank accounts. Awareness about security and privacy is so low among even engineers, that one does not have to be a sophisticated hacker to gain access to their e-mail id or net banking details as all the information one needs to guess passwords or steal critical data from corporates is right there on their Facebook page. The funny thing about living in the virtual world is that many interactions that are unacceptable in real life become casually acceptable online. Youngsters connect to unknown strangers and fall in love over the Internet. I have been a witness to multiple cases where girls / boys have been kidnapped or they’ve been scammed or bullied on the pretext of “Virtual Love”. In worst case scenarios, these so called infatuations have also led to suicide. The icing on the cake is the sudden rise in the use of Smartphones and the drop in the price of the gadgets and the services of the network providers. By default we are “connected” all the time. This trend has seen a huge drop in productivity in education as well as the work environment.

■

Cyber Defamation

■

Vishing / Phishing

■

Data Theft

• • • • •

Cyber Stalking Email Hacking

Mobile Crimes Hacking / Defacement of Websites

E- Frauds • Online Banking Frauds • Online Shopping Frauds • ATM / CREDIT/ DEBIT Card Frauds • 419 Scams • Job Scams

Some Important Pointers

•

Please keep strong passwords for all your accounts. Refrain from the obvious like birth date / year /mobile number. This data is easily available. A good password is a combination of alphabets, numbers and special characters.

• When

you submit the photocopy of your documents, please draw two lines across it, write the date and reason for submitting the document. Identity theft is on the rise.

•

Whilst banking online, use the virtual keyboard. In case a keylogger (Trojan) has been installed on your system it will not allow the Trojan to record your banking details.

Do not answer or call back unidentified numbers; especially numbers with 4, 7, 11 and 13 digits received as a missed call • Parents, please do not allow your child to be active on Facebook if he / she is not 13 years and above. The restriction on age has been put in place for a reason. Do not encourage your child to fake their birth year. • Always use a genuine Operating System, regularly updated through the Internet. Always use a genuine Antivirus / Internet Security software,

regularly updated through the Internet. Also use Anti-Spyware to protect your system from Trojans / Spyware / Malware. • Never keep the same password for all your accounts. Especially, your Facebook and email password should not be the same. • On a Smartphone, keep your WIFI off and do not connect to free WIFI-Hotspots in public places. • Do not answer or call back unidentified numbers; especially numbers with 4, 7, 11 and 13 digits received as a missed call. • Whenever you give your handset for repair or maintenance, always remove the memory card, Sim card and battery first. Also, transfer all your personal information from the phone memory to the memory card before handing it over. • Online and offline games when played beyond a certain period can impact the mind. Parents please ensure that your child is exposed to a variety of games and set a time limit on each game. • Parents need to install filters to restrict the child from viewing inappropriate content.

Parents, please do not allow your child to be active on Facebook if he / she is not 13 years and above. The restriction on age has been put in place for a reason. Do not encourage your child to fake their birth year

August 2014 Defence AND security alert

• Educational institutes need to crack down on this trend of school and college ‘confession pages’ on Facebook, which is just a forum for youth to indulge in nasty, anonymous cyber bullying. The Internet is a wonderful tool; it needs to be used wisely. When used rightly it can help you build castles and in the wrong hands it can turn your castle to dust …

August 2014 Defence AND security alert

cyber security

INFORMATISATION

China’s Emergence As A

Cyber Power

The attacker can operate well beyond the geographical borders while maintaining a substantial degree of anonymity. The cyberspace, due to its economic imperatives and strategic points or hubs, has become an area of contest where nation states are protecting their economic interests and ensure accessibility and availability of the cyberspace.

he cyberspace has become an intricate part of the constituents of national power such as military, economy, diplomacy and technology. This phenomenon has made cyberspace an area of contest where nation states are willing to gain superiority in order to establish them as cyber power. In February, Xi Jinping, the President of China called for collective efforts to build China as a cyber power. The statement holds salience as China is steadily picking pace in the development of its science and technology base and its intention to dominate the cyberspace is evident from the support of political leadership. The concept of cyber power needs analysis with reference to China’s aspirations to be a cyber power, which is quite relevant amidst the investments in infrastructure and capabilities under the auspices of its armed forces.

Cyber Power

The growing dependency of various functions of the state in cyberspace has led to the emergence of the concept of cyber power. The electromagnetic spectrum holds great strategic importance in the development of communication systems. Along with the constituents of national power, the ability of a nation state to dominate and exploit electromagnetic spectrum also contributes towards its cyber power. The dependence of military operations on the Information and Communication Technologies has added a strategic dimension to the concept of cyber power. The military operations are increasingly becoming network-centric with the integration of platforms and efficient exploitation of the electromagnetic spectrum. The dominance has percolated into the information sphere where a Military nation state or a non-state actor has the ability to manipulate, National deny, steal and even Diplomacy Economy Power destroy information, which is critical to the decision-making. Technology

The cyberspace has certain characteristics which differentiates it from other domains of warfare. Although

August 2014 Defence AND security alert

it is emerging as the fifth domain of warfare, cyberspace is man-made, unlike sea, air, land and space, as a result the vulnerabilities are widely known, spread and easily exploited. For instance, there are many methods to exploit the vulnerabilities lying within the operating systems and standard applications such as Microsoft Office, web browsers etc. Furthermore, entire cyberspace is contested as there are no lines of demarcation, unlike airspace or seas or physical borders. The cyberspace offers low barriers of entry, an individual with fair commuting resources is well equipped, unlike the case of other domains of warfare, where investments are massive and only governments could afford the infrastructure. The characteristic which makes cyberspace a lucrative option is stealth and anonymity. The attacker can operate well beyond the geographical borders while maintaining a substantial degree of anonymity. The cyberspace, due to its economic imperatives and strategic points or hubs, has become an area of contest where nation states are protecting their economic interests and ensure accessibility and availability of the cyberspace. Cyber power could be defined as “the ability to use cyberspace to create advantages and influence events in the other operational environments and across the instruments of power.” The National Military Strategy (2004) of the US Department of Defense strongly emphasised on “the ability of the armed forces to operate across the air, land, sea, space and cyberspace domains of the battlespace”. Though a nation state might possess the resources and capabilities, but the intention to leverage the capability in order to support its political goals, establishes it as cyber power. A capable cyber power should be able to use cyberspace for exploitation of targets bearing economic and political imperatives; disruption of services through DDoS attacks or malware; or in extreme case destruction of the physical or cyber infrastructure in the case of an eventuality. The role of computers and high-technology grew in the Chinese armed forces, primarily after the Gulf War of 1990-91. The military perceived the use of computers to be game changers in the future battlespace with access to real-time intelligence. The PLA’s Lieutenant General Qi Jianguo stated that “In the information era, seizing and maintaining superiority in cyberspace is more important than seizing command of sea and command of the air were in World War II.”

Cyberspace Dominance

The willingness of China to use its capabilities as a power against political, governmental, industrial, military targets clearly establishes its aspirations for cyberspace dominance. The offensive capabilities of China are concentrated in its military. In a report by computer security firm, Mandiant, the Military Cyber warfare unit 61398 was identified to be the 2nd Bureau of 3rd Department of PLA’s General Staff Department. The unit is building expertise in covert communications, network security, operating systems design and development, English language and digital signal processing. As per the report, the Unit 61398 is based in Shanghai and it has led numerous cyber based attacks to gain important information for China’s military programmes and civilian enterprises by targeting the networks of the US government and private organisations. The objectives of cyber espionage have been primarily economic and strategic and major targets have been the Department of Defence, defence contractors and research institutions and national laboratories. The valuable information could be in the form of trade secrets, intellectual property data and confidential business strategies to advance the interest of China’s long-term objectives in development of its business and research infrastructure. On 27 February 2014, the President of China, Xi Jinping took over as the head of Central Internet Security and Informatisation Leading Group. The political leadership of China has demonstrated its aspirations to pursue ‘informatisation’ as high priority and laid great emphasis on ‘informatisation’ of public services and economy. The leadership has identified Internet security as a major strategic issue concerning a country’s security and development as well as people’s life and work. The president stated that collective efforts should be made to build the country into a cyber power.

Cyber Attack

The analysis of cyber attacks waged by China under the framework of a threat actor and vector analysis highlights the motives of China’s engagement in the cyberspace. In a cyber espionage operation, the classified information, trade secrets, copyrights and patented information, data, design details, blueprints of military hardware, research and experimental data, industrial processes and financial Communist Party of China (Central Military Commission,

PLA General Staff Department

PLA General Political Department

PLA General Logistics Department

GSD 1st Department

GSD 2nd Department

GSD 3rd Department

Operations

Intelligence

SIGNT/CNO

1st Bureau

2nd Bureau Unit 61398

Unit 61398 of the PLA (Source: Mandiant)

PLA General Armaments Department

7Military Regions PLA Airforce (PLAA) PLA Navy (PLAN)

12 Total Bureaus 3 Research Institutes

information are the primary targets. Over the years, China has targeted a wide array of government agencies, private organisations, defence contractors and research institutions. The targets have been prominent players like Lockheed Martin, Northrop Grumman, EADS, RSA Security, Mitsubishi Heavy Industries, L-3 Communications, Sandia National Laboratories, NASA, Munish Sharma Google and so on. The attacks have The writer is a been carried out using Advanced postgraduate from the Persistent Threats and spear Department of Geopolitics phishing techniques to gain access to and International the computer networks. For instance, Relations, Manipal University. He is an in the case of Titan Rain Attacks engineering graduate (reported in 2004), the hackers gained with four years of work access to many defence computer experience in software networks using carefully coordinated industry with Accenture. attacks on the computer networks He conducts research and defence systems. The attacks on cyber security, space security, critical have been reported to last for three infrastructure protection years. In 2008, US and Europe based and role of technology in energy companies faced cyber attacks geopolitics. which led to the loss of information regarding oil and gas field bids. The targets were British Petroleum, Royal Dutch Shell, Exxon Mobil, ConocoPhillips. A massive cyber espionage operation was unveiled by Russian computer security firm, Kaspersky, known as NetTraveller, which is alleged to have its origin in China. NetTraveller exploited hundreds of victims in 40 countries including Mongolia, India and Russia. It targeted government agencies, embassies, universities, research centres, oil and gas companies and military contractors to extract data on space research, nanotechnology, energy production, nuclear power, laser technology, medicine and communications. The political and economic interests are evident from the organisations under the Chinese cyber attacks.

Offensive Capabilities

There is a growing emphasis to leverage cyberspace for political and economic interests among the nation states. The role of military in the development of defensive and offensive capabilities, the acts of espionage based in cyberspace and the exploitation of vulnerabilities in the systems have tilted the offence-defence balance substantially towards the offence. Despite the cyber security needs and international efforts for information security and Internet governance, the nation states are developing offensive capabilities. These capabilities at strategic, tactical and operational level could be used for exploitation of economic and military establishments in the peace time or disruption of services or destruction of infrastructure in the war time. The efforts are guided and driven by the political leadership and perhaps in the case of China, leadership has laid emphasis to converge the efforts and prioritise the use of cyberspace in economic and social development of the country. The investments made by China in development of its cyber capabilities clearly highlights the aspirations of China to dominate the information era and gain substantial cyber power, in both absolute and relative terms.

August 2014 Defence AND security alert

cyber security

ISRAELI PARADIGM

Intelligence Revolution

to analyse the intentions of leaders in the region and too little in the collection of tactical intelligence required for combat operations on the ground. Moreover, on numerous occasions, even the tactical intelligence that was available to the higher echelons of IDF Northern Command and IDF GHQ, was not delivered to the combat elements.

According to senior officers in the Israeli Defence Forces Intelligence Directorate, the technological change, of all things, has been the most significant change. In the past, the primary intelligence effort was SigInt (Signals Intelligence, based on the spotting of electronic signals and monitoring of radio communication networks and telephone lines). Today, no one uses telephones or radio transceivers anymore. The enemy has evolved into an entity that is usually amorphous, whether it is an international terrorist organisation or a local organisation such as Hezbollah in Lebanon.

he “Arab Spring” – a series of regime overthrows in various Arab countries, notably Egypt – caught the Israeli intelligence community by surprise: Despite massive investments in intelligence layouts based on state-of-the-art technology, none of the Israeli intelligence agencies had predicted the collapse of the regime of Egyptian President Hosni Mubarak. This intelligence fiasco, along with far-reaching technological changes that have taken place in recent years, led to dramatic changes in all Israeli intelligence agencies – all of them have been undergoing profound structural revisions in recent months. The changes currently affecting Israeli intelligence also stem from the pace at which historically-significant events are taking place as well as from the technological changes. (“In the era of the social networks on the Internet, processes that once took years are currently erupting within a matter of days,” says in this context a senior officer of the IDF Intelligence Directorate). It should be noted that while all other IDF units face severe budget cuts, the IDF Intelligence Directorate is the only element enjoying additional budgets and establishment expansions. In fact, the IDF Intelligence Directorate is at the top of the scale of priorities of Defence Minister Moshe Ya’alon and IDF Chief of Staff Lt Gen Benny Gantz – even ahead of the Israel Air Force.

SigInt Insufficient

According to senior officers in the IDF Intelligence Directorate, the technological change, of all things, has been the most significant change. In the past, the primary intelligence effort was SigInt (Signals Intelligence, based on the spotting of electronic signals and monitoring of radio communication networks and telephone lines).

August 2014 Defence AND security alert

Today, no one uses telephones or radio transceivers anymore. The enemy has evolved into an entity that is usually amorphous, whether it is an international terrorist organisation or a local organisation such as Hezbollah in Lebanon, with no definite chain of command and each independent intelligence objective keeps a number of different cellular telephones and also communicates via written messages through E-Mail, the social networks and WhatsApp, or uses the Internet-based Skype network that offers basic encryption capabilities. The entire concept and all of the resources should be revised in order to keep on collecting SigInt in this day and age and that is only one example of the change. A senior intelligence officer had this to say in this context: “Generally, intelligence today should provide real-time information regarding jihad organisations and arms transfers, but also regarding enemy targets inside caves and in urban areas – so that the information may be relayed and acted upon promptly by precision-guided munitions launched from the air, from the ground and even from the sea. The intelligence systems developed in order to monitor and track any object within territories that can amount to dozens of square kilometers are sometimes inconceivable. All of this has led to a situation where today’s intelligence is totally different even compared to the methods of the previous decade.”

Accordingly, the process of converting the IDF Intelligence Directorate into an organisation oriented more toward special operations and combat and less toward infrastructural analysis had begun toward the end of the previous decade. Sometime toward the end of the last decade, the IDF Intelligence Directorate decided to establish an Operational Employment Division, headed by a Brig Gen. The Operational Employment Division was established in order to serve as a sort of operational HQ for all Intelligence Directorate organs. Although the establishment of this Division had been a matter of controversy within the IDF Intelligence Directorate, the Head of the Directorate in the last four years (2010-2014), Maj Gen Aviv Kochavi, ruled that the establishment of the Operational Employment Division proved to be a right move. A senior IDF intelligence officer said that the recent revolution is the outcome of a comprehensive programme consolidated by the IDF Intelligence Directorate over the last few years. Maj Gen Aviv Kochavi, has been leading this programme.

Threat And Opportunity

Sources at the IDF Intelligence Directorate maintain that the changes are “Simply inevitable in the cyber era, where the amount of intelligence that accumulates in the computers within one hour is the equivalent of all of the intelligence gathered during the year 1999, before this era … The revolution is both a threat and a major opportunity and it would be an eternal tragedy if we failed to take advantage of such an opportunity.”

Cyber capabilities, both defensive and offensive, have become so much in demand that the IDF began to train “cyber specialists” while they are still in high school

Major Revamp

At the same time as the structural changes, the IDF Intelligence Directorate and the Weapon System and Technological Infrastructure Research & Development Administration at IMOD (MAFAT) are also investing in the development of new technologies that would match the present era.

But the changes currently underway in the IDF Intelligence Directorate had begun as far back as after the Second Lebanon War of 2006. Back then, analyses indicated that the main problem was that military intelligence had invested too much effort in an attempt

According to Dr Haim Assa, a senior consultant to MAFAT and a lecturer at Tel Aviv University, one of these advanced technologies is intended to glean intelligence from the infinite amount of information available on the Internet. For this purpose, various methods were developed for analysing phrases and sentences in various languages so as to find linkages between different words that would raise intelligence interest.

In the context of the recent profound changes, not less than 830 officers have changed job descriptions since the beginning of 2014.

Another challenge the Israeli defence system is facing has to do with the task of fusing the massive amount of information coming in from the various intelligence gathering organs, so as to gain significant insights in broad intelligence contexts or in order to determine whether the tactical targets spotted by different intelligence gathering resources are, in fact, the same target or different targets, each one of which should be engaged separately.

Cyber Capabilities

“The ‘Big Data’ challenge necessitates advanced technologies and in this field, too, massive investments are being made by Israeli high-tech companies together with the defence system itself,” says a source in Israeli intelligence.

Amir Rapaport

The writer is the founder and Editor-in-chief of IsraelDefense Magazine – an international magazine on Israeli military and defence affairs. He is a former military correspondent, commentator, author and research associate at the Begin-Sadat Center for Strategic Studies (BESA) of Bar-Ilan University.

In the IDF as a whole – not just in the IDF Intelligence Directorate – they regard cyberspace as a new dimension of warfare to all intents and purposes – just like the aerial medium became a significant dimension about a hundred years ago. The Head of the IDF Intelligence Directorate said at a public forum in January 2014 that “The ability to utilise the cyber dimension in ways about which I am unable to elaborate, will lead to almost unlimited opportunities. Owing to cyberspace, we can now use only 4 people to produce intelligence that once required 40 people to produce. At the same time, we face a threat that grows at an exponential rate. We are still far from understanding all of the effects, but even this year alone, hundreds of attacks were staged against organisations in Israel and dozens against security organisations, most of them without success, but the years 2014-2015 are still ahead of us.” The statements made by the Head of the IDF Intelligence Directorate suggest that cyber currently serves as an offensive arm. Using computer warfare, one can inflict serious and substantial damage on the enemy. In the IDF, the Intelligence Directorate, mainly through the prestigious Unit 8200 (in which specialised cyber warfare elements were established) is in charge of offensive cyber operations. The IDF C4I Directorate, which includes a Cyber Defence Division, is in charge of defensive operations. The IDF have also established a GHQ element that coordinates all of the cyber activities of the various service branches. Cyber capabilities, both defensive and offensive, have become so much in demand that the IDF began to train “cyber specialists” while they are still in high school. Today, if the IDF Intelligence Directorate desires the services of a computer genius who’s about to enlist and who’s also suitable to be trained as a pilot, they will have undisputed precedence regarding the assignment of that candidate – ahead of the IAF. Until recently, the IAF had enjoyed this undisputed precedence for many years.

August 2014 Defence AND security alert

cyber security

ENFORCEMENT LACUNAE

Cyber Crime And Investigation

The Police System

oday’s society is highly networked. Internet is ubiquitous and world without it is just inconceivable. As it is rightly said that there are two sides of a coin, this blessing in form of ease in access to world of information also has a flip side to it. Devils are lurking in the dark. It’s also in turn expanding the universe for cyber criminals. Each click of a button takes you closer to them. Cyber crime and its investigation is such a vast field, which is not possible to cover in an article. There are many forms of crime that take place on the digital platform. I will try to cover the trend of cyber crime via some of my case studies. I will not reveal the names of victims and the place of incident.

Tool And Target

Cyber crimes are unlawful acts where the computer is either used as a tool or target or both. Cyber criminals are becoming more techy and equipped with the latest tools and techniques to hack computer systems, websites, smartphones etc. Lack of know-how about the security measures in a common man makes him more vulnerable. Untrained law enforcement officials motivate the criminals to commit crime with an ease and confidence of not being caught. Cyber crime is just not restricted to threatening email or phishing but has dug its claws in each e-interaction, producing demons like call spoofing, advance fee fraud, mobile phone hacking, credit / debit card frauds, child pornography, DDOS attack, system hacking, fake profile cases and many more. Police stations are flooded with financial frauds and social networking profile related cases.

August 2014 Defence AND security alert

FIR, investigating officer will either register the case as FIR or a complaint, depending on the case. In both the conditions police may take proper action and the required investigation can be carried out. If the case was registered as FIR then it’s fine, whereas if it was registered as a complaint then it will not come in the NCRB statistics.

Recent surveys have shown a phenomenal rise in cyber crime within short span. According to National Crime Record Bureau (NCRB) cyber crime rate is constantly increasing over the last few years. Shown below is a graph of cases registered and a gradual increase in the rate of cyber crime: Actually the stats are not true, the figures should be much higher. Let me explain to you the reason why I am saying so. Here, the stat given by NCRB is the total number of “FIR” (First Information Report) registered in the police stations of respective states across the country. There is typical police scenario of reporting a case, which almost every victim faces. Either the victim’s “FIR” will be registered or the “Complaint” will be registered at the police station if approached. There is a slight difference between FIR and a complaint. If any victim or his / her relative approaches the police station to lodge

While reporting a Cyber Crime, lot of police stations refuse to lodge FIR. Those who refuse, will directly say that they are not capable of handling such cases. I have even heard a Deputy Commissioner of Police (DCP) rank officer refusing the victim for registering cases as they lack experts in their team. Actually it is not their mistake; they were not trained in their respective academies to investigate cyber crime cases. The reason why they were not trained is because the rate of Cyber Crime few years ago was very low. Bureau of Police Research & Development (BPR&D) is conducting training programmemes to train Law Enforcement Officials on Cyber Crime Investigation across India at regular intervals. But the police academies are still not having proper training module on Cyber Crime Investigation. It is not only the training module, which matters in Cyber Crime Investigation. There is one more important and somewhat silly thing where the state police is lagging behind. It is the know-how of “English” literature. While approaching the service providers, a proper letter has to be drafted explaining the nature of the case and the support they are looking for. Due to improperly drafted letters, a lot of cases get rejected.

International Porn Racket

As per the NCRB report, of the total 2,098 arrests made under the IT Act in 2013, 1,190 were between the ages of 18 and 30 whereas 45 were below the age of 18. It’s a common practice, which is being carried out from years that either a girl proposes to a boy or a boy will propose to a girl. Nowadays, if a boy proposes to a girl and in case the girl denies the proposal of being in relationship, she may see her fake Facebook profile being sent to multiple people resulting in defamation and harassment. Case Study: A district judge on behalf of his wife who was a principal of a private school filed a case of impersonation. He found a fictitious social networking page in his wife’s name and morphed pornographic pictures were uploaded on the page. In our investigation we found a 16-year-old kid of Class 10 behind this crime. He did it to take revenge against his teacher as she scolded him in public. Case Study: A girl, who had accepted a friend’s request on Facebook, came to me saying that she was being blackmailed. The man who she had been chatting with had convinced her to do a striptease for him every day. Sitting in Pakistan (once the investigation was done and IP address found), the man was making money by selling the clip to the porn sites.

Fast Buck Syndrome

Apart from social networking profiles, Nigerian fraudsters have become headache for the police officers. Nigerian fraudsters are playing a vital role in the financial frauds across the country. Police stations are flooded with their advance fee frauds. Police stations of every state are suffering from such cases. The word

suffering is used because most of the cases go unsolved. Nigerians are very smart and are masters of social engineering. They eapproach people via call, online etc and they will say that we are new to this city we don’t have any ID proof. I will give you 20,000 INR for every one lakh transaction. Please let us use your bank account for making transactions. Unfortunately, people Mukesh Choudhary in our country are always looking The writer is CEO of for ways to make quick money. HicubeInfosec (P) Ltd and What people don’t realise is that a regular resource person they are opening themselves to of Bureau of Police all kind of fraudulence. In the Research & Development, Ministry of Home Affairs, end for any criminal activity that Government of India for involves their bank, they are the Cyber Crime Investigation ones to be caught and not the trainings. perpetrator. Fraudsters send bulk emails by offering lottery award and in return asking recipient’s personal details. For example if they will send e-mail targeting 10,000 people then they expect reply from 10-15 people at least which they generally get. Case Study: An ex-Serviceman was duped several times. After retirement, he started applying for jobs online and in return received an e-mail from lottery company saying that he had won 80,000 pounds and that if he wanted to avail of the offer, he will have to deposit 25,000 INR in their bank account. The man did as told. Later he again received a mail from the company saying that the company’s representative has reached Mumbai airport with the complete cash. But you need to deposit custom duty of 50,000 INR to get it free from airport. He did the same. Again the company approached him saying the airport authority is asking “Anti Terrorist Clearance Certificate” due to the recent blast that occurred in India. To get this certificate we need to apply in UK court, so you need to pay its fee of seven lakh. The man still believing it to be true, deposited the amount. Such excuses continued till he deposited 63 lakh. People must understand that nothing comes for free. Unfortunately the case was not solved as it was forwarded to me after two years. Case Study: An importer of brazing rings places an order for the same with a company in China. All is well and the deal is signed, money transferred in advance as per the deal and goods received on time. A deal was struck with the said Chinese company for all future imports. Last year, an order of Rs 32 lakh was placed. A few days later, the importer received a mail alert that since the company’s e-mail ID had been hacked into, it was advisable that for all future correspondence mail should be sent to the new IDs given. The importer transferred the money in the changed account mentioned not suspecting any foul play. But when the goods didn’t arrive on time, the businessman got worried. After repeated attempts to approach on the e-mail and getting no answer, he decided to call on the company number. After talking to them he realised that it was his mail ID that had been hacked into and he was a victim of online fraud. When we traced the IP addresses, we found Nigerians behind it.

The Nigerian Connection

I wonder why Indian government is still not taking strict action on Nigerian fraudsters. Some strict policies should

August 2014 Defence AND security alert

cyber security

ENFORCEMENT LACUNAE

be made on their visa approval. Funds transferred from Indian bank accounts to Nigeria should be monitored. Suspicious accounts should be verified. In a practice of police patrolling, Nigerians should be checked along with their electronic gadgets. Dedicated cells can be formed which actively work on such cases and even a national helpline number should be released through which every police station can take assistance in the investigation. Recent report by Reserve Bank Of India says that India has suffered a total loss of Rs 219.73 crore since 2011 through banking frauds. In the year 2013, 6,034 cases of net banking / credit / debit card scam were registered. Figures of 2014 will be in the multiples of the last year. From the last 6-7 months, I have seen a drastic increase in banking frauds. Banks are constantly trying to make people aware by sending awareness messages and emails but generally people delete the email / SMS which is from bank without even reading.

Bank Frauds

Case Study: A doctor got a call from his bank. The bank representative asked him to verify his debit card details for security purpose. As the bank people never ask such kind of details ever, doctor denied to give the details. The bank representative said that the RBI norms have been changed and to keep your account safe we have to verify it. If you will not provide us the details then your bank account will be suspended in next 48 hours. Listening to this official and polite voice and in the laziness of not approaching his bank, doctor trusted the caller and revealed the information. In the next couple of minutes he got few messages on his mobile of online purchase net worth 1.5 lakh.

Wonder why Indian government is still not taking strict action on Nigerian fraudsters. Some strict policies should be made on their visa approval. Funds transferred from Indian bank accounts to Nigeria should be monitored. Suspicious accounts should be verified. In a practice of police patrolling, Nigerians should be checked along with their electronic gadgets Case Study: Cyber Crime can hit anyone, anytime and any person can be victimised no matter he is a normal person or a smart guy. A bank manager received an e-mail on behalf of RBI stating that the norms have been changed and you have to send your debit card details as soon as possible. The bank manager thought it is a genuine e-mail and he shares the details, resulting in a fraud of 25000 INR. Cyber Crime Investigation is quite an easy process up to an extent. Tracing e-mail or approaching the service providers in the cases related to hacking, harassment or identity theft should not be a big deal for any investigating officer. It’s not mandatory that the investigating officer has to be from technical background to investigate cyber crime cases. Majority of cases can be solved easily within one week of proper training.

August 2014 Defence AND security alert

Question which I always ask the law enforcement officials while training them: Is it possible to commit a safe cyber crime? I never got the answer I expected. Unfortunately the answer is YES. It’s 100 per cent possible. There are multiple ways to do so. Not only India but also other countries are suffering from the ways of committing a safe cyber crime with complete anonymity. There are too many methods but I will not discuss, as it can be a support to the criminals. Majorly the professional hackers as well as information security professionals depending on their working are using those methods.

Speed Is The Essence

Cyber Crime cases should be reported immediately and have to be responded quickly by the respective investigating agency. In certain cases, investigation officer has to think logical along with the technical mindset. Investigator should be a good social engineer; it helps in certain cases to trap the criminal. In 95 per cent social networking profile related cases, criminals are not very smart. They just commit the crime to take revenge. Problem occurs when police face Nigerian scams as they are very smart and mostly use fake bank accounts and fake sim cards and USB data cards. Probe in cyber crime takes time as the investigating officer has to take permission from various authorities and follow a certain procedure. The biggest challenge to catch hold of the criminals is when the service provider doesn’t cooperate with the investigating officer. In one recent case of a minor girl’s kidnapping, we traced the Internet Protocol address in two hours and waited for the reply from the Internet service provider till next three days. Fortunately the girl was traced but the service providers are a real disappointment.

International Treaty Is A Must

The only solution is the proper treaty with the service providers in India as well as abroad. This treaty should be discussed with the investigating agencies and then should be finalised on a mutual understanding with them. Depending on the response and cases, treaty should be modified from time to time as per requirement of the investigating agencies. Banks should follow some strong verification process to verify bank accounts to avoid fake bank accounts. As well as the telecom industry should follow the same to avoid fake sim cards and data cards issues. Appropriate trainings should be introduced at Police academies with live case studies and hands-on practice sessions. Living in a vulnerable world of cyber, the citizens should be aware of the recent threats and cyber crime incidents. I have uploaded some information and security tips on: www.hicubes.com/ist.php. You can follow this link to avoid becoming the next victim. Parents should start giving cyber etiquettes to their children now. Those who are not technology freaks, they have to adopt it properly in their daily routine as there is no alternate to it. I envisage a secure and immune cyber culture in India …

cyber security

OVERSIGHT MECHANISM

Ensuring Cyber Security By Regulations In the last four years awareness about cyber security has increased manifold. Credit should be given to Snowden, who revealed to the world that no one is immune from the system of surveillance. Jury is still out whether system of surveillance undermines individual privacy or it is the need of the hour to protect sovereignty of a nation state.

Vakul Sharma

The writer is an advocate, practising in the Supreme Court of India and the High Court(s). He advises the Central Government, State Governments and various Statutory bodies on Information Technology laws and practices.

“Knowledge, power, oppression and resistance always circulate around one another, alternatively feeding off and nourishing one another.”– Foucault

e live in difficult times. Acts of terror have moved beyond the physical world. The computer, computer system and networks are being engaged to bring well-coordinated attacks against nation states. Even in cyberspace, nation states have started drawing imaginary lines of control and indulging in proxy wars using proxy servers! Cyber security has moved from the days of securing personal computers and networks to securing national critical information infrastructure. With each passing day, cyber threats to a nation state are multiplying. However, it is comforting to know that in the recent times, CERT-In has articulated a National Plan on Cyber Security. A beginning has already been made by the Information Technology (Amendment) Act, 2008. This Amendment Act has provided the much-needed legal framework. In the last four years awareness about cyber security has increased manifold. Credit should be given to Snowden, who revealed to the world that no one is immune from the system of surveillance. Jury is still out whether system of surveillance undermines individual privacy or it is the need of the hour to protect sovereignty of a nation state. Cyber security should be seen as a tool to secure nation’s digital frontiers.

Critical Information Infrastructure

Interestingly, it was in year 2000 when for the first time, the concept of ’Protected System’ was introduced in the Information Technology Act, 2000 (hereinafter Act). This Act empowered both the Central and State Governments to declare any computer, computer system or computer network as protected by issuing a notification to that effect. Interestingly, the Amendments

to the Act, have introduced the concept of Critical Information Infrastructure (CII), which means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety. The Amendments now provide that the appropriate Government may, declare any computer resource, which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system. The list of such protected systems may include defence, stock exchange / commodity exchanges, railways, airlines, banks, hospital / disease management system, power grids, refineries, transportation / logistics, telecommunications, corporate networks, software vendors etc.

Strange Inaction

It is heartening to see that more and more State Governments in India, namely Kerala, Tamil Nadu, Maharashtra, Chhattisgarh and Odisha have notified their respective computer resources as Critical Information Infrastructure. However, most of critical sectors have yet to declare their respective computer resources as protected, meaning thereby that on this day Bombay Stock Exchange (BSE), Commodity Exchanges, Bhabha Atomic Research Centre (BARC), Networks of Indian Railways, Aviation sector, Power Grids, Nuclear Reactors etc have not been notified as CII under the Act. Believe it or not, even the networks of armed forces have not been declared CII under the Act. Better believe it! The question is – why this inertia even after the amendments. The Parliament has willed its intent in the form of the information technology legislation. It is now for us to implement the spirit of the said legislation. In this context, it is significant to observe that recently the Central Government has designated the

August 2014 Defence AND security alert

cyber security

OVERSIGHT MECHANISM

National Critical Information Infrastructure Protection Centre (NCIIPC), an organisation under the National Technical Research Organisation (NTRO), as the national nodal agency for CII Protection.

What Constitutes A Secure System?

The Act gives a very balanced view while determining what constitutes a reasonably secure system. One has to determine its own level of secure system one, by reasonably securing it from unauthorised access and misuse, two by providing a reasonable level of reliability and correct operations, three by being reasonably suited to performing the intended functions and four by adhering to generally accepted security procedures. The Act has adopted a very pragmatic definition in view of ever increasing risks and threats. It accepts the fact that there is nothing like ‘absolute’ secure system. But this does not mean that one should not strive for creating, operating or managing secure systems. Also, the Act introduces the term “cyber security” meaning protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction and “cyber security incidents” as “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service / disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.” It further provides that any person who secures access or attempts to secure access to a protected system shall be punished with imprisonment for a term, which may extend to ten years and shall also be liable to fine. And suppose the department / agency of the Government has not notified its computer resources as protected though they constitute CII, then under the circumstances any accused would be charged under a minor section!

Most of critical sectors have yet to declare their respective computer resources as protected, meaning thereby that on this day Bombay Stock Exchange (BSE), Commodity Exchanges, Bhabha Atomic Research Centre (BARC), Networks of Indian Railways, Aviation sector, Power Grids, Nuclear Reactors etc have not been notified as CII under the Act. Believe it or not, even the networks of armed forces have not been declared CII under the Act. Better believe it! Penalising Cyber Terrorism

Role Of NCIIPC

1. An intention to threaten the unity, integrity, security or sovereignty of India or to strike terror and causing or likely to cause (i) death or injuries to persons or (ii) damage or destruction of property or (iii) damage or disruption of supplies or services essential to the life of the community or (iv) disruption of or affecting the critical information infrastructure, as specified in Section 70, by any of the following acts:

• to protect and deliver advice that aims to reduce the vulnerabilities of critical information infrastructure against cyber terrorism, cyber warfare and other threats; • to provide strategic leadership and coherence across Government to respond to cyber security threats against the identified critical information infrastructure; • to coordinate, share, monitor, collect, analyse and forecast national-level threats to CII for policy guidance, expertise-sharing and situational awareness for early warning or alerts; • to evolve protection startegies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for protection of CII; • to undertake research and development and allied activities; and • to develop and execute national and international cooperation strategies for protection of CII.

• denying or causing the denial of access to any person authorised to access computer resource; or • attempting to penetrate or accessing a computer resource without authorisation or exceeding authorised access; or • introducing or causing to introduce any computer contaminant. Section 66F further provides, whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.

Interception, Monitoring Or Decryption

The Amendments have also introduced three provisions to further strengthen the cyber security environment in India. These are: • Section 69 – Power to issue directions for interception or monitoring or decryption of any information through any computer resource • Section 69A – Power to issue directions for blocking for public access of any information through any computer resource

August 2014 Defence AND security alert

By introducing the aforesaid section, the Parliament has recognised the fact that the free flow of information over the Internet has the capability to even affect a State’s both internal and external security, which may include it’s sovereignty, integrity, defence, security, public order etc. These sections create a regulatory framework to intercept, monitor all sorts of data or information flowing through the computer resources located in India. This is in fact a kind of proactive piece of legislation. These provisions do safeguard individual privacy and related rights as procedural rules have also been framed and notified in the form of subordinate legislation.

The new Amendments in the Act have introduced section 66F, which penalises all acts of cyber terrorism. Essential ingredients of cyber terrorism are:

Significantly, the Act also takes into consideration the cross-border cyber terror activities, if an offence or contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India. This would imply that the perpetrators of 26/11 attacks could also be charged under section 66F of the Act for the acts of cyber terrorism!

• Section 69B – Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security

NCIIPC has been designated as a national nodal agency under Section 70A of the Act. Its functions include:

Role Of CERT-In

Section 70B of the Act empowers Computer Emergency Response Team-India (CERT-In) as “a national focal point” for gathering information on threats and facilitating the Central Government’s response to computer based incidents. The role of CERT-In along with NCIIPC is to institutionalise ’cyber security’ and insulate India from any such ’cyber incidents’. Under the Act, the role of CERT-In is in the area of cyber security, which may include following components: • collection, analysis and dissemination of information on cyber incidents; • forecast and alerts of cyber security incidents; • emergency measures for handling cyber security incidents; • coordination of cyber incidents response activities; and • issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.

Further, CERT-In may call for information and give direction to the service providers, intermediaries, data centres, body corporate and any other person regarding aforesaid components; and any service provider, intermediaries, data centres, body corporate or person who fails to provide such information called for or comply with the direction shall be punishable with imprisonment for a term upto one year or with fine which may extend to one lakh rupees or with both.

India is among few countries where cyber security has been given a statutory mandate and not an executive or administrative mandate. It thus becomes imperative that the collective spirit of the Parliament in the form of legislative intent be implemented in a granular fashion across all sectors of the economy. It should not be forgotten that the danger is present and clear!! Quo Vadis?

It is evident from aforesaid discussion that cyber security is one of the key elements of national security. The law on cyber security is here, but what is required is implementation of its key provisions, namely: • • • •

Identification of Critical Information Infrastructure(CII) Preparation of a National Register of Critical Assets Implementation of Guidelines of CII Notification of such CII as Protected System under the Act • Effective usage of section 66F – cyber terrorism in terror-linked cases • Knowledge about the key aspects of interception, monitoring of computer resources, as articulated under sections 69, 69A and 69B and • Training of judicial officers, law enforcement agencies, defence personnel, service providers, corporates etc on cyber security provisions India is among few countries where cyber security has been given a statutory mandate and not an executive or administrative mandate. It thus becomes imperative that the collective spirit of the Parliament in the form of legislative intent be implemented in a granular fashion across all sectors of the economy. It should not be forgotten that the danger is present and clear!!

August 2014 Defence AND security alert

network centric warfare

DISJOINTED EDIFICE?

Absence Of Inter-Services Inter-operability

All military operations are conducted in three domains. Two of these – the physical domain and the domain of the mind are well known and understood. The domain of the mind is where battles are won and lost. This is the domain of the intangibles: leadership, morale, unit cohesion, level of training and experience, public opinion and so on. The third domain is that of information. It is this domain which is now increasing combat power in a broad range of operations. Our military is perhaps a decade and a half away, if not more, from emerging as a truly Network Centric Warfare capable force.

apid advancements in IT have enabled robust networking of well informed, geographically dispersed forces, contributing to information advantage. But this is just one part of Net Centric Warfare (NCW). Often, the interpretation of NCW is related to just technology, which is a misnomer. Networking enabled by IT needs to be meshed with overall technological advancements and combined with organisational structures, processes and above all people; warfighters, operators, managers and commanders. NCW encompasses the entire gamut of emerging military response to the information age. An NCW capable force is robustly networked with improved information sharing, situational awareness, collaboration, self-synchronisation, sustainability, speed of command and mission effectiveness. Lack of networking creates avoidable gaps in information and duplication of tasks. At critical moments of national security, there is no scope for any breaks in downtime. The last decade has seen significant improvements in sensors, high speed digital data transfer using worldwide space, optical and mobile telephony links and the ruggedisation of the hardware, coupled with greater affordability. Cutting edge sensor technology has ensured that the results remain unaffected by bad weather and light conditions. The important thing is that precise data and imagery for quick and

August 2014 Defence AND security alert

accurate decision-making is available on call, ensuring battlefield transparency and situational clarity even under the most trying circumstances.

Acknowledged Characteristics

NCW aims at the near instantaneous distribution of a large amount of data, which enables different units and even individuals to share a common operational picture. Networking provides a new type of advantage which results in significantly improved capabilities for sharing and accessing information. The characteristics of NCW are speed, precision, knowledge and innovation. The relationship between information and combat is well known. However, the challenge has always been as to how it can be maximised. All military operations are conducted in three domains. Two of these – the physical domain and the domain of the mind are well known and understood. The physical domain is where attack, defence and manoeuvre occur – on ground, sea, air or space. Elements of this domain are easy to measure, like lethality and survivability. The domain of the mind is where battles are won and lost. This is the domain of the intangibles: leadership, morale, unit cohesion, level of training and experience, public opinion and so on. Key attributes of these intangibles have remained relatively constant. The third domain is that of information. It is this domain which is now increasing combat power in a broad range of operations. It is NCW capable forces that help us to share a common operational picture, resulting in a very high level of shared situational awareness. Our military is perhaps a decade and a half away, if not more, from emerging as a truly NCW capable force. Lack of political direction and impetus in terms of revolution in military affairs (RMA) has also contributed to the slow progress. The vital need to acknowledge information as a strategic asset has not been acknowledged in the true sense, which has prevented adoption of a top-down approach. Therefore, tri-Service net-centricity remains a casualty and there is a host of disparate

systems whose integration is happening at excruciatingly slow pace. Net-centricity in our military continues to be in standalone mode amongst the three Services. Intra-Service net-centricity is more within the navy and air force simply because the type of weapon systems that they operate just cannot function without networking. So, net-centricity is perforce streamlined in these two Services. In the army, net-centricity has mushroomed bottom upwards. Lack of tri-Services NCW Doctrine has resulted in a deficient tri-Service NCW architecture, which is still being worked out. Though we have doctrines for Command, Control, Communications, Computers, Information and Intelligence (C4I2) and Information Warfare (IW), these two spheres are components of NCW and do not constitute NCW by themselves. NCW must also encompass policies, strategy, concepts, military organisations and adjustments. To transform our military into an NCW capable force, we need a Joint NCW Doctrine as the start point. Concepts of individual Services should flow from this joint doctrine. This will facilitate development of coherent tri-Service networked architecture. Non-integration of HQ IDS with MoD, limited authority / operational responsibility with HQ IDS and void of a CDS too have contributed in developing the NCW architecture.

No Inter-operability

Presently, networks of the three Services are not interoperable. Neither voice or data networks nor our radio communications are interoperable to the desired degree. Each Service develops networks on its own and starts thinking of interoperability at a much later stage. Common Standards and Protocols for the three Services have not been evolved. Finalising and adoption of standards and protocols, mutually compatible database structures, development / deployment of interfaces between systems using disparate platforms and commonality of hardware are challenges which need to be overcome. No single unifying secrecy algorithm for the three Services has been developed either. There is absence of knowledge management. Collaborative working needs to be looked at closely, not only across the Services but also within each Service. The command and control structures will have to cater for collaborative working. Though a

network enabled environment for the military will likely be available down to operational level perhaps in a decade plus from now but it is the change in mindsets and absorption of technology that is likely to take up most of the time. Modern IT permits the rapid and effective sharing of information to such a degree that “edge entities” or those that are essentially conducting military missions themselves, should be able to “pull” information from ubiquitous repositories, rather than having centralised agencies attempt to anticipate their information needs and “push” it to them. This would imply a major flattening of traditional military hierarchies, which militates against existing age-old hierarchical vertical military chain of command creating unwanted fear of loss of turfs. Then there are the painfully laborious procedures of procuring information systems through the Defence Procurement Procedure (DPP) and layers of military and civil bureaucracies coupled with our unaccountable and unfocused Defence R&D. The age-old maxim “the pursuit of excellence is a never ending process” merits serious consideration here. It goes without saying that in order to improve, it is essential to identify and incisively analyse the shortcomings and voids in the existing system.

Lack of networking creates avoidable gaps in information and duplication of tasks. At critical moments of national security, there is no scope for any breaks in downtime. Cutting edge sensor technology has ensured that the results remain unaffected by bad weather and light conditions. The important thing is that precise data and imagery for quick and accurate decision-making is available on call, ensuring battlefield transparency and situational clarity even under the most trying circumstances Turf Predicament

The current military hierarchical model relies heavily on centralised control and detailed orders. These are implemented by the subordinates as best as they can. There

August 2014 Defence AND security alert

network centric warfare

DISJOINTED EDIFICE?

may be some changes on account of the tactical situation, but by and large the endeavour is to stick to laid-down plans and orders to the maximum extent. Centralised control has been an acceptable way to exercise command. With the changing nature of war however, the importance of actions of sub-units and at times even of individuals, has increased exponentially. This translates into adopting the ‘directive style of control’, which is based on effective delegation of authority. This is a direct result of appreciating that the future battlefield milieu is a mix of uncertainty and chaos. Networks are particularly suitable for this environment, as they distribute decision-making. Decision-making thus becomes a mix of bottom-up as well as top-down approaches. The intention of directive style of control is not to replace hierarchies, but make them more attuned to initiative by subordinates and optimally use fleeting opportunities. This ability to increase combat power at the tactical levels provides operational commanders with increased flexibility to employ their forces and to generate desired effects. NCW provides commanders with an improved capability for dictating the sequence of battle and the nature of engagements, controlling force ratios and rapidly foreclosing enemy’s courses of action. There is a strong correlation between information sharing, improved situational awareness and significantly increased combat power in a network-centric force or its components, as it has the capability to share and exchange information among geographically dispersed elements of the force, whether they are sensors, shooters, decision-makers or supporting organisations. This results in a common operational picture and a common tactical picture. Better networked forces may well be the key to the future battlefield. The road to an efficient networked force requires a multi-disciplined intellectual approach. While developing an increasingly networked force, we need to keep in mind the ethical dilemma of how much decision-making should be devolved to subordinates when that decision-making vitally affects military personnel on the battlefield. Ultimately, wars are won by those soldiers and their leaders who are technologically prepared and equipped for the battlefields of the future.

Cyber Security

Networks are complex systems that thrive on connectivity, flat organisations and peer-to-peer links. These are increasingly becoming important for providing regularity and predictability. Increased network connectivity increases communications as they are not subject to the filtering and limits inherent in a vertically integrated hierarchy. Unlike hierarchies, networks spread the responsibility for planning and decision-making across many subordinate levels. There are drawbacks too but in the overall context there are important benefits. NCW capability requires a multi-disciplinary and holistic approach, which includes the development of matching doctrine and infrastructure, restructuring and even re-engineering of some organisations. Our military, the entire national security establishment, DRDO, PSUs and IT companies have to work closely in unison and leverage their capabilities. Since the basis of NCW revolves around a networked environment, thence the importance of Information Assurance, of which Cyber Security forms one part. Information assurance encompasses not only the basic system security properties, but also policies, procedures and personnel that are used to maintain the system and its data in a known, secure state. Information

August 2014 Defence AND security alert

Assurance Objectives that support Security Control Objectives are: One, Personnel Management: It refers to the personnel practices that support the administration of the security functions of the info system. Two, Vulnerability Management: It refers to the maintenance of the info system software updates process to ensure all known vulnerabilities are corrected ie the employment of a comprehensive vulnerability scanning and remediation capability. Three, Configuration Management: It refers to that part of the information assurance system that tracks the hardware, software and firmware configuration of each physical device and allows the info system to be maintained in a known, secure state at all times. Four, Secure Software Development Management: It is the systemic use of software design principles and processes through a Security Development Lifecycle to ensure that the information system software is secure by design. Five, Verification Management: It is the process of testing and validation used to ensure the system works correctly, that is, the maintenance of an independent verification and validation programme that includes, at a minimum, unit, subsystem and system verification procedures. The winner in conflicts of tomorrow will be one that has information advantage. The military must recognise the strategic advantage that can accrue from information resources and accord it the due importance.

We are at a nascent stage of developing cyber security. Bulk of our computer parts, telecom equipment and even pen drives come from China and we have no capacity to even check for vulnerabilities embedded at manufacture stage. Then we are just about taking baby steps in manufacturing integrated circuits (ICs) that are vital in NCW and haven’t developed our own operating systems. Information assurance is vital for facing the future challenges and without information assurance information dominance will remain a distant dream. Lastly, RMA, NCW and C4I2SR are so intimately interlinked that they can hardly be surgically segregated in separate compartments. History will mark the 21st century as the age of networking, with individual systems plugging into larger systems, thus leading to the ultimate goal of a system of systems. We must take full advantage of this and aim for complete Network Centric Warfare capability for our armed forces and the nation to ensure attainment of our national security objectives.

cyber security

battle of narratives

Media As Soft Power

An Indian Perspective It is agreed that world power is shifting from one set of actors to Kriti Singh The writer is an Associate another set of actors. In this shift, we will see a ‘battle of narratives’ Fellow at the Centre for Air Power Studies, being played out, as different stories are being told of the shifts in New Delhi and currently on the research geopolitical power. The media’s role will be instrumental in these working project related to Media power contests. A strong nation is an outcome of various powers and National Security. Her areas of interest are media merging into one and also to large extent the projection of their military relationship, media research, theories strengths and powers in the international arena. A strong projection and cyber journalism. can to a great degree mould or change the perceptions and opinions of the people, within as well as outside the country. And for making a positive projection with a fruitful outcome depends largely on the nation branding in the eyes of the world, where media can play a tremendous role.

“The destiny of the world is determined less by the battles that are lost and won than by the stories it loves and believes in.” - Harold Goddard

ower is the ability to affect the behaviour of others to get the outcome you want and there are three basic ways to do that: 1) You can coerce them with threats, 2) You can induce them with payments, or 3) You can attract and co-opt them.

However, soft power rests on the ability to shape the preferences of others. In a simple term, soft power is, “A persuasive approach to international relations,

Coercion Hard Command Power

Inducement

typically involving the use of economic or cultural influence.” The term ‘soft power’ was coined by US origin political scientist Joseph S.

Confuse Or Attract?

Nye Jr, back in 1990’s in his book Bound to Lead: The Changing Nature of American Power said soft power often allows a leader to save on costly carrots and sticks. Similar concepts had already been introduced in other disciplines such as Gramsci’s hegemony, Bourdieu’s symbolic power,

Attraction

Agenda-setting

Soft

Co-optive Figure 1: Behavioural Power

Power

Source: Bound to Lead

August 2014 Defence AND security alert

cyber security

battle of narratives

Weber’s authority, Foucault’s disciplinary power and Habermas’ communicative power. However, simply put, in behavioural terms, soft power is attractional power. However, on the flip side, there is continuous confusion in some section of international relations, whether the soft power is power of attraction or confusion?

It may not want to be co-opted by the West but it shares many Western values. It is confident and culturally rich. India thus offers unprecedented opportunities to study soft power in a globalisational world with a media and communication infrastructure that enables the rapid global interchange of ideas and influences

Soft power can be roughly framed into five categories in accordance with the policy goals to achieve. They are: • Soft power to improve external security environment by projecting peaceful and attractive images of a country • Soft power to mobilise other countries’ support for one’s foreign and security policies • Soft power to manipulate other countries’ way of thinking and preferences • Soft power to maintain unity of a community or community of countries • Soft power to increase approval ratings of a leader or domestic support of a government

Media As Soft Power

While highlighting the media role as a soft power, Nachman Shai a former journalist who currently serves as a member of the Knesset, said, “The media has played

a significant role in this shift from hard to soft power.” Shai while presenting an illustration to support his views on media as soft power emphasised, “In the Palestine conflict, Israel used to enjoy a monopoly over the flow of information. But Palestine has learned to play the game.” Further he elaborated, that Palestine has “developed communication perception … and created an alternative source of information from Israel’s.” Speaking on the similar lines, Dawood Azami from the BBC World Service (London) agreed that world power is shifting from one set of actors to another set of actors. In this shift, we will see a ‘battle of narratives’ being played out, as different stories are being told of the shifts in geopolitical power. The

Overall industry size (INR Billion) (For calendar years)

2007

2008

2009

2010

2011

2012

Growth in 2012 over 2011

2013P

2014P

2015P

2016P

2017P

CAGR (20122017)

211.0

241.0

257.0

297.0

329.0

370.1

12.5%

419.9

501.4

607.4

725.0

847.6

18.0%

160.0

172.0

175.2

192.9

208.8

224.1

7.3 %

241.1

261.4

285.6

311.2

340.2

8.7%

Films

92.7

104.4

89.3

83.3

92.9

112.4

21.0%

122.4

138.3

153.6

171.7

193.3

11.5%

Radio

7.4

8.4

8.3

10.0

11.5

12.7

10.4%

14.0

15.4

18.7

22.7

27.4

16.6%

Music

7.4

7.8

8.6

9.0

10.6

18.1%

11.6

13.1

15.3

18.3

22.5

16.2%

OOH

14.0

16.1

13.7

16.5

17.8

18.2

2.4%

19.3

21.1

23.0

25.0

27.3

8.4%

Animation and VFX

14.0

17.5

20.1

23.6

31.0

35.3

13.9%

40.6

46.9

54.2

63.1

73.5

15.8%

Gaming

4.0

7.0

8.0

10.0

13.0

15.3

17.7%

20.1

23.8

30.9

36.2

42.1

22.4%

Digital Advertising

4.0

6.0

8.0

10.0

15.4

21.7

40.9%

28.3

37.1

48.9

65.1

87.2

32.1%

Total

514.5

579.8

587.4

651.9

728.4

820.5

12.6%

917.4

1058.5

1237.5

1438.4

1661.1

15.2%

Figure 2: Overall industry size and projection

August 2014 Defence AND security alert

media’s role will be instrumental in these power contests. A strong nation is an outcome of various powers merging into one and also to large extent the projection of their strengths and powers in the international arena. A strong projection can to a great degree mould or change the perceptions and opinions of the people, within as well as outside the country. And for making a positive projection with a fruitful outcome depends largely on the nation branding in the eyes of the world, where media can play a tremendous role. Besides, media can play an extraordinary role in maintaining equilibrium, in the multi-culture, multi-religion and multi-civilisations existing across the globe. It can act as a bridge and connect various nations and communities with each other. A window which can provide a glance to a country’s internal life, culture, traditions, irrespective of distance and distinctions.

Indian Perspective

Historically, India has always been centre of attraction and dissemination of rich culture, knowledge, values and traditions. India’s strong cultural and knowledge influence echoes in the various historic civilisations like Mesopotamia, Rome and Greece etc. India has been a major exporter of human and intellectual capital to universities, transnational corporations and multilateral organisations in the West. Today, as one of the fastest growing economies and a vibrant, pluralist and secular polity, India is increasingly viewed as an economic and political power. Although poorer and less economically dynamic than China, India has soft power in abundance. It is committed to democratic institutions, the rule of law and human rights. As a victim of jihadist violence, it is in the front rank of the fight against terrorism. It has a huge and talented diaspora. It may not want to be co-opted by the West but it shares many Western values. It is confident and culturally rich. India thus offers unprecedented opportunities to study soft power in a globalisational world with a media and communication infrastructure that enables the rapid global interchange of ideas and influences.

Today, as one of the fastest growing economies and a vibrant, pluralist and secular polity, India is increasingly viewed as an economic and political power. Although poorer and less economically dynamic than China, India has soft power in abundance. It is committed to democratic institutions, the rule of law and human rights. As a victim of jihadist violence, it is in the front rank of the fight against terrorism. A closer look at India’s media power reveals that in contrast with the Western countries trend, the Indian media industry is booming. According to the Federation of Indian Chambers of Commerce and Industry (FICCI) and KPMG 2013 report, “The Indian Media and Entertainment industry grew from

INR 728 billion in 2011 to INR 820 billion in 2012, registering an overall growth of 12.6 per cent.” The same trend has been witnessed in the current year. The latest report released in March 2014, titled ‘Economic Contribution of the Indian Motion Picture and Television Industry’, by leading financial services firm, Deloitte, “The Indian motion picture and television industry is one of the largest and fastest growing sectors, contributing US$ 8.1 billion (INR 50,000 crore) to the country’s economy, equating to 0.5 per cent of GDP, in 2013. The sector also supports a significant 1.8 million (18.8 lakh) jobs. These facts and figures display the might of Indian media industry.

According to Professor Daya Thussu, University of Westminster, “India’s Soft Power, includes Buddhism and its influence over large swathes of people, “Bollywood” and its yet uncharted influence, the worldwide ’Yoga industry’ and finally the very large and widely spread Indian diaspora” To win minds and hearts of people, media’s soft power plays an extensive role. For example, the integral part of media industry, Bollywood, plays a key role in winning the minds and hearts of people across the world. The Middle East is Bollywood’s third-largest overseas market and growing so rapidly that many Bollywood movies now hold premiers in Dubai on opening night. Dubai is even erecting a Universal Studios like Bollywood theme park. But the Muslim country most in the grip of Bollywood mania is Pakistan, India’s cultural twin in every respect but religion. As with the Beatles under communism, the more aggressively Pakistani authorities have tried to purge Bollywood from their soil, the more its popularity has grown.

Conclusion

The present and the future of the countries of this ‘global village’ are tied together with economic and resource dependency, issues of global concern like environment, depleting resources, terrorism etc. The intertwining of the hard powers and soft powers is one of the answers to the global concerns. The media’s role as soft power can’t be denied. The global reach of Indian media is immense but its huge potential is yet to be optimised. The Indian media industry is growing at an immense speed and according to analysts, by 2050 it will supersede USA also. According to Professor Daya Thussu, University of Westminster, “India’s Soft Power, includes Buddhism and its influence over large swathes of people, “Bollywood” and its yet uncharted influence, the worldwide ’Yoga industry’ and finally the very large and widely spread Indian diaspora.” To conclude, with former Minister of State for External Affairs Shashi Tharoor’s words, “it is not the size of the army that wins but the country that tells the better story.” And there is no better story teller than the media.

August 2014 Defence AND security alert

get connected

An initiative of DSA

Mission: Vasudhaiva Kutumbakam: To endeavour to create “one world – one family” Maha Upanishad Chapter 6, Verse 72

Vision: To offer a global interactive platform for dialogue, debate and discussion to avoid confusion, contention and conflict for a safe and secure world of peace, harmony and prosperity.

he appreciation and applauds received from the readers of Defence and Security Alert magazine from around the world have inspired the conception of “DSA Dialogue”, an online interactive platform with the objective to develop a community which influences change and is value packed with analyses on paradigm shifts in defence, security, safety, surveillance and international relations. We envision DSA Dialogue as the most sought after forum for the defence, police and paramilitary forces, coast guards, intelligence agencies, corporates, think tanks, defence and security industry, airlines, hotels, critical infrastructure and establishments in India and around the world. DSA Dialogue is a daily pulpit to share your knowledge by discussing topics which resonate with global scenarios in defence, security and international relations.

DSA DIALOGUE Focus Areas  Airlines  Banking and insurance  Border security  Corruption  Cyber terrorism  Cyber security  Defence budget  Defence forces  Defence industry  Defence policies  Drugs and human trafficking  Education  Environment  Entrepreneurship  Finance  Food

 Fundamentalism and jihad  Future textiles  Geopolitics  Geostrategy  Healthcare  Hospitality industry  Intelligence  Insurgency  Internal security  Infrastructure  Plants and establishments  International relations  Innovation  Science and technology  Laws and policy  Maritime security

 Military affairs  Migration  Money laundering  NATO  Naxalism  Politics  Police reforms  SCO  Security budget  Security and development  Security forces  Security industry  Social and political discord  Terrorism  Others

We invite experts and analysts from the entire spectrum of ’defence’, ’security’ and ’international relations’ to initiate enthusiastic conversations and discussions that generate new ideas, unlock hidden insights, create an engrossing outlet of thoughts and make a difference for creating a more aware, safe and secure world for all of us and our coming generations. DSA Dialogue is a great way to get feedback on an idea that you want to develop further. Having a different view and some constructive criticism is invaluable in building a global recognition for your novel idea or unique perspective.

ToAugust know please visit:alert www.dsalert.org and start the dialogue now! 2014more Defence AND security

DEFENCE AND SECURITY ALERT The First and the Only ISO 9001:2008 Certified Defence and Security Magazine in India

Subscribe Now! Tenure

Cover Price

discounted price

India

You Pay

Shipping charges Delhi / NCR

rest of india

Delhi / NCR

Rest of india

1 year

` 1440

` 1008

` 400

` 700

` 1408

` 1708

2 years

` 2880

` 1872

` 800

` 1400

` 2672

` 3272

3 years

` 4320

` 2592

` 1200

` 2100

` 3792

` 4692

US$ 240 US$ 480 US$ 720

US$ 156 US$ 288 US$ 396

US DOLLARS US DOLLARS US DOLLARS

120 240 360

US DOLLARS 276 US DOLLARS 528 US DOLLARS 756

US$ 300 US$ 600 US$ 900

US$ 195 US$ 360 US$ 495

US DOLLARS US DOLLARS US DOLLARS

240 480 720

US DOLLARS 435 US DOLLARS 840 US DOLLARS 1215

Saarc Countries

1 year 2 years 3 years

Rest of the world

1 year 2 years 3 years

I would like to subscribe to DSA for I would like to gift a subscription of DSA for

July 2014

new initiative

1 Year 2 Years 3 Years

Name (Self )................................................................................................................................ Organisation ........................................................................ Billing Address................................................................................................................... City.......................................... Pin code ..................................... Shipping Address.............................................................................................................. ......................................City........................................................... State.........................................Pin code............................Tel.......................................................................Mob..................................................................... E mail id.......................................................................................................................................................................................................................................... DD / Cheque No...................................................................................................Dated.................................Drawn on....................................................... for ’ ...................................................................................................................................................... in favour of OCEAN MEDIA PRIVATE LIMITED, Payable at New Delhi. Please add ’ 50 extra for all outstation cheques.

Terms and Conditions Minimum subscription is for one year ie 12 issues. Your subscription will start with the next available issue after the receipt of your payment. DSA issues will be dispatched through Postal / Courier Services, as advised by the subscriber. Please forward the completed subscription form with all the required details. DSA will not be responsible for any theft, loss or delay once the magazine has been dispatched. Please mention your subscription ID in all your future communications with us. Please inform our subscription department about non-receipt of your copy latest by 20th day of the month, failing which the request for re-dispatch will not be entertained. Subscription prices can also be viewed at the following web link http://www.dsalert.org/dsa-subscription/print-edition Print and Online editions can be subscribed online through credit card via Payment Gateway. The terms and conditions may change without any prior notice. This offer is for new subscribers, valid from 1st April 2013. This subscription form supersedes all the previous. Please address all your subscription related queries through E-mail: subscription@dsalert.org or call us at: +91-11-23243999, 23287999. Write to us at: Subscription department, Defence and Security Alert (DSA), 4/19 Asaf Ali Road, New Delhi - 110002 (INDIA).

For print edition login at: www.dsalert.org/dsa-subscription/print-edition 71 August 2014 Defence AND security alert For online edition login at: www.dsalert.org/dsa-subscription/online-edition

August 2014 Defence AND security alert