Karl von Clausewitz defined war as “…an act of violence intended to compel our opponent to fulfill our will In order to attain this object fully, the enemy must be disarmed, and disarmament becomes therefore the immediate object of hostilities….” At the end of the second millennium, this classification no longer describes the full spectrum of modern warfare. In the future, we will have the prospective to make war without the use of violence and fulfill the second half of von Clausewitz’s definition-with software alone. Today’s software intensive systems make this probable. “Cyber” describes systems that use mechanical or electronic systems to swap human control. Cyber warfare can be executed without violence and therefore the reliance on software intensive systems-cyber systems-can make nations exposed to warfare without violence.
What is Cyber? Terms with cyber used as prefix are currently in vogue not only among some visionaries and technologists seeking new concepts, but even by the man in the street, and each has its own connotation. The term cyber is from Greek root kybernan, meaning to steer or govern and a related word Kybernetes, meaning pilot, governor, and/ or helmsman. Norbert Weiner first introduced the prefix in the 1940s in his classic works creating the field of cybernetics (which is related to cybrenetique, an older French word meaning the art of government). Cyber, in fact has been the most acceptable term due to the reason that it bridges the gap between information and governance, the two inseparable facets of control. The prefix therefore, is freely used in the following:
- Cyberspace. Originally coined by William Gibson in his science fiction novel Neuromancer, published in 1984, and defines it as that position within the computer where electronic activity / communication takes place. He further describes it as a place of ” unthinkable complexity”. The term has given rise to a vocabulary of “cyberterms” such as cybercafes (cafes that sell coffee and computer time), cybermalls (online shopping services) and cyberjunkies (people addicted to being online).
- Cybernetics. It is the science of communication and control, which interfaces a monitor (human brain or an electronic machine) to other parts of a system. The function being, to compare what is happening in the system, to what should have happened and then draw the difference, which is passed on to the control system for rectification (feedback). It applies equally to organisations, machines and organisms. Cybernetics is also used to describe a general analytical approach to control, communication and other system technologies and attempts to link engineering disciplines with the related work of social scientists through the unifying threads of feedback in its most general aspects and through its interest in transfer of information.
- Cyberwar. A RAND Corporation synonym for information warfare, it is also sometime called netwar. Another school considers it as knowledge related conflict at the military level. However, Denis Quigley comes close by designating it as ‘control warfare’ or leitenkreig in German. Cyberwar will be discussed more in detail later in the Study.
- Cybernation. Loosely used, it implies digitisation of various systems of an arrangement/organisation or super systems, where electronics links humans to machines, thereby immensly amplifying the human capabilities. It, in its most basic form, would indicate electronic automated management of information and knowledge.
Cyber warfare (CW). It is a relatively new addition to the glossary of warfare. With the escalating use of computers in military and government, there has been a growing awareness of both a new susceptibility in national infrastructure and a new method of attacking one’s enemies. There is the potential of using information systems to protect, control or attack information networks. CW could mean winning wars without firing shots, the shutting down of entire national infrastructures at the push of a button, and the complete exploitation or destruction of an enemy’s communication networks. It could mean threats from across the world by states with no ability to launch a conventional attack, or attacks by non-state actors using cheap laptops. There has also been talk of super-viruses shutting down nations, and how a disgruntled individual or small group could wage a ‘war’ on a nation. CW is the new wonder weapon, and the new unknown threat. However, the concept of CW, and the technology on which it relies, is beset by vague depictions of the dangers it presents, or the benefits it offers.
CW is conceptualised by security expert Amit Yoran, cyber-security chief at the US Department of Homeland Security and vice president of computer corporation Symantec, as the future “primary theatre of operations”. There is a consensus that CW is something noteworthy, but it is not clear if this consensus extends to a common understanding of what CW actually is. It is so new that there is no standard definition to describe it. This leads to one of the most frequent confusions regarding cyber warfare: its relation to Information Warfare(IW). IW is not unproblematic in definition, but can be understood as the “offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary’s information, information-based processes, information systems, and computer-based networks while protecting one’s own”. While IW covers the territory of cyber warfare, it also covers a much broader mandate. Electronic (‘cyber’) communication is only one aspect of IW, which includes all information operations in a conflict. Chinese strategist Sun Tzu and Napoleonic strategist Carl von Clausewitz referred to information operations, and the importance of such operations in war. IW predates electronic communication, and is not interchangeable with cyber warfare for this reason.
CW involves units organized along nation-state boundaries, in offensive and defensive operations, using computers to attack other computers or networks through electronic means. Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks. These individuals often operate under the auspices and possibly the support of nation-state actors. In the future, if not already common practice, individual cyber warfare units will execute attacks against targets in a cooperative and simultaneous manner.
Analyzing the Threat. In 2007, a denial-of-service attack was launched every 53 minutes. The 2007 FBI/Computer Security Institute study indicated that loss of revenue attributed to DDoS (dedicated denial of service) was approximately US$90,000 an hour for a retail catalog sales company. Malware is a common cyber-weapon. Malware (short for malicious software) is a computer program designed with malicious intent. This intent may be to cause annoying pop-up ads with the hope you will click on one and generate revenue, or forms of spyware, Trojans and viruses that can be used to take over your computer, steal your identity, swipe sensitive financial information or track your activities. At least five new pieces of malware emerge every two minutes, according to Kaspersky’s Internet Security Lab. One critical measure I monitor regularly is the number of significant events reported to Hackerwatch.Org. At the time I’m writing this, in the past 24 hours, there have been more than 8 million significant incidents reported. The warning signs are there, but the question remains: Are we smart enough to prepare?
A key premise of this paper is that information processing-whether by equipment (computers) or by humans-is becoming a “center of gravity” in future warfare. Although there is much debate on the reality of the CW threat, the growing number of computer intrusions on government and non-government systems substantiate the fact that the threat is very real. The growing dependency on information and information based technologies have made us very vulnerable to hostile attacks Hence, our immediate goal must be to both imagine and define how foreign cyber attack capabilities might threaten information networks in India and what potential effects they might have.
STATEMENT OF PROBLEM
This paper seeks to study and analyse the use of cyber warfare in future conflicts & its implications on national security. To suggest India’s response to these cyber threats by outlining a clear, well defined cyber security strategy and suggest measures to safeguard own national security.
As information systems permeate in military and civil lives, a new frontier is being crossed – The Information Age- which will define the future wars. Cyber Warfare has become central to the way nations fight wars and is the emerging theatre in which future conflicts are most likely to occur. Cyber warfare will take the form of a devastating weapon of the future battlefield which will be integrated in the ‘War fighting Doctrines’ of nations across the world.
JUSTIFICATION OF STUDY
The premise of cyber warfare is that nations and critical infrastructure are becoming increasingly dependent on computer networks for their operation. Also as armies around the world are transforming from a platform centric to a network centric force there is increasing reliance on networking technology. With all the advantages of such connectivity come unprecedented challenges to network security. Threats to information infrastructure could be in the form of destruction, disclosure, modification of data and/or denial of service. A hostile nation or group could exploit the vulnerabilities in poorly secured network to disrupt or shut down critical functions.
The protection of our information resources – information assurance, will thus be one of the defining challenges of national and military security in the years to come. To take advantage of Information Technology revolution and its application as a force multiplier, the Nation and army in particular needs to focus on Cyber Security to ensure protection / defence of its information and information system assets.
Many will argue that defence and intelligence computer systems of most countries including Idia are air gapped and thus, isolated from the Internet. It may appear convincing that by air gapping the networks and using superior technology, the risk may be reduced. However, this will not provide fool proof security. With the proliferation of technology at an astronomical rate, the threat of cyber terrorism will only increase. The air gapped networks are vulnerable from insiders, disgruntled employees and moles planted or recruited by cyber terrorists or their sympathisers to cause the intended damage. A cyber terrorist may impersonate a computer technician and call individuals within the targeted organisation to obtain information to penetrate a system. Once in possession of legitimate log on information, cyber terrorists will have Iegal access to a system and can insert viruses, trojan horses, or worms to expand their control of the system or shut it down. In Russia, hackers used a gas company employee to plant a trojan horse which gave them control of the nation’s gas pipelines. It is against this backdrop that it becomes imperative as a soldier to understand cyberspace, the threat that it poses and to suggest some steps in order to minimise, if not eliminate the menace that it would cause.
This study concentrates on the evolution of cyber warfare and the giant leaps that it has taken in the past decade. The entire spectrum of cyber conflict, including threat reality of cyber warfare being used as a potent and devastating weapon of the future battlefield has been covered. Further the study outlines the cyber warfare capabilities of select nations and how vulnerable India is to these threats. Finally the report outlines a cyber security strategy and recommendations for combating the cyber warfare threat in the 21st century.
METHODS OF DATA COLLECTION
The data has been collected through various journals, seminar papers and certain books on the subject. Some material has also been downloaded from the Internet. A bibliography of sources is appended at the end of the text.
ORGANISATION OF THE DISSERTATION
It is proposed to study the subject under following chapters:
- Chapter I – Introduction and Methodology.
- Chapter II
The Future of Warfare.
Information Revolution and Warfare.
Evolution of Cyber Warfare.
- Chapter III
Global Threat in Cyberspace.
Threats in Cyberspae.
How Real Is the Threat?
Spectrum of Cyber Conflict.
Recognition of the Cyber Warfare Threat.
- Chapter IV – Combating the Threat.
How Vulnerable are We?
Cyber Security: A Few Initiatives.
Def Cyber Warfare.
Cyber security Strategy.
- Chapter V Conclusion.
The Digital Battlefield.
THE FUTURE OF WARFARE
“So it is said, if you know others and know yourself, you will not be imperiled in a hundred battles; if you don’t know others, but know yourself, you will win one and lose one; if you don’t know others and don’t know yourself, you will be imperiled in every single battle.” -Sun Tzu
Will conventional warfare remain the custom for the future or will a new wave of warfare emerge? Down through the corridors of time, wars have been fought for various reasons. Conflict arose from regional instabilities, economic and social perils, and religious animosities. In their book, War and Anti-War: Survival At The Dawn of The 21st Century, Alvin and Heidi Toffler categorize the progression of warfare into three stages or waves: agrarian, industrial, and informational. While some areas of the world still remain in the agrarian realm and some others have advanced to the industrial state, a few have broken out into a completely new era-the information age.
INFORMATION REVOLUTION AND WARFARE
If you know the enemy and know yourself, you need not fear the result of a hundred battles .If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. This extract comes from the 6th century BC Sun Tzu’s The Art of War and is still as compelling today as it was two and a half millennia ago. As a matter of fact, it is in all probability safe to say that knowledge and information about one’s adversary have a greater impact now than they have had at any other point in the history of warfare. At the same time, critical information is now often stored electronically in spaces reachable from the Internet, which means there is a prospective for it to leak out to one’s adversary, or for the opponent corrupting it in order to affect one’s decision making capabilities.
There is no standardised definition of Information Warfare. However it has been defined as “Actions taken to achieve information superiority by affecting adversely information, information based processes, information systems and computer based networks of the adversary, while protecting one’s own information”.
An aim of warfare always has been to affect the enemy’s information systems. In the broadest sense, information systems encompass every means by which an adversary arrives at knowledge or beliefs. A narrower view maintains that information systems are the means by which an adversary exercises control over, and direction of fielded forces. Taken together, information systems are a comprehensive set of the knowledge, beliefs, and the decision making processes and systems of the adversary. The outcome sought by information attacks at every level is for the enemy to receive sufficient messages that convince him to stop fighting.
Information Warfare is a form of conflict that attacks information system directly as a means to attack adversary’s knowledge or beliefs. Information Warfare can be prosecuted as a component of a larger and more comprehensive set of hostile activities a net war or cyber war or it can be undertaken as the sole form of hostile activities. Most weapons, a word used to describe the lethal and nonlethal tools of warfare only have high utility against external adversaries. While most often employed against external adversaries, many of the weapons of information warfare are equally well suited for employment against internal constituencies. For example, a state or group cannot use guns or bombs against its own members; however, the weapons of Information Warfare can be used, have been used, and very likely will be used against both external and internal adversaries.
Information warfare as defined by Martin Libicki has seven components:
- Command and Control Warfare.
- Intelligence based warfare.
- Electronic Warfare.
- Psychological Operations.
- Hacker Warfare.
- Economic Information Warfare.
- Cyber Warfare.
This concept of seven components is universally recognised today, as it encompasses the entire spectrum that Information Warfare offers. Besides, it strongly argues that Information Warfare is not exclusively a military function and various actors viz. the media, private industry and civil society including civilian hackers play a key role in building a nation’s capability to wage Information Warfare. The role of private industry has gradually been acknowledged as cutting edge information technologies become increasingly pervasive in sensors and weapon systems. The information systems while making the military more efficient also render it vulnerable to attacks on the systems itself. Winn Schwartau, also known as the “Civil Architect of Information Warfare” has defined Information Warfare in this very context: “Information Warfare is a conflict in which information and information systems act as both the weapons and the targets”. As far as the Indian viewpoint on Information Warfare is concerned, history amply reveals that information was essentially viewed as a strategic resource. Kautilya, the great strategist of the Maurya period, strongly advocated the need of obtaining accurate information about the enemy forces and plans of action. In fact, he is considered to be instrumental in the victory of the Mauryan’s and placing Chandragupta Maurya on the Magadha throne. His astute thinking on warfare and statecraft is portrayed in the famous treatise Arthshastra. While postulating that war may not always be the right option, Kautilya espoused the importance of information and knowledge in winning wars.
Information Superiority and Cyber Warfare. Information Technology is a double edged weapon. It provides vast opportunities but simultaneously introduces new vulnerabilities and threats, which may arise through computers, content and connectivity or, to put it differently, hardware, software, information and networks. Information superiority over our adversaries including militant and terrorist outfits is very essential. Non Lethal information weapons can black out communication systems, destroy valuable data and cripple the nation. Therefore, we have to act faster than any adversary. This requires defensive as well as offensive cyber warfare capabilities. Cyber warfare can be a full fledged war and vital infrastructure shall get targeted. To handle cyber wars, highest national level decision making is required, in real time and with full fall back options. For this purpose, basic building blocks include excellent monitoring tools for network traffic, web sites and databases, intrusion detection, firewalls, encryption and decryption algorithms, public key infrastructure and remote access facilities. Offensive cyber warfare spans computer crimes and information terrorism. Everyone is under threat telephone, power supply, banks, transport, and the day to day needs. lt is important to create tools, awareness, and structures to assess threats to information resources, including military and economic espionage computer break-ins, denial-of-service, destruction and modification of data, distortion of information, forgery, control and disruption of information flow, electronic bombs, etc. ln essence, the thrust of the initiatives must lead to information assurance like life assurance.
Cyber Warfare. It is the sub-set of information warfare that involves actions taken within the cyber world. There are many cyber worlds, but the one most appropriate to cyber warfare is the Internet and related networks that share media with the Internet. Cyber Warfare as related to defence forces refers to conducting of military operations according to information related doctrine. It means disrupting or destroying information databases and communication systems. It means trying to know everything about the enemy while keeping the adversary from knowing much about oneself. It means turning the equilibrium of information and knowledge in one’s favour especially if the balance of forces is not. It means using information so that less capital and labour may have to be expended.
Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related ideology. It means disrupting if not destroying the information and communications systems, broadly defined to include even military culture, on which an adversary relies in order to “know” itself: who it is, where it is, what it can do when, why it is combating, which threats to counter first, etc. It means trying to know all about an opponent while keeping it from knowing much about oneself. It means turning the “balance of information and knowledge” in one’s favour. This form of warfare may involve diverse technologies-notably for C3I; for intelligence collection, processing, and distribution; for tactical communications, positioning, and identification-friend-or-foe (IFF); and for “smart” weapons systems-to give but a few examples. It may also involve electronically blinding, jamming, deceiving, overloading, and intruding into an adversary’s information and communications circuits. Yet cyberwar is not simply a set of measures based on technology. And it should not be confused with past meanings of computerized, automated, robotic, or electronic warfare.
Cyber warfare requires different principles of warfare which have been derived from thousands of years of experience as documented by Sun Tzu, Clausewitz, Jomini, Liddell-Hart, and others. Some of the kinetic warfare principles apply to cyber warfare while some principles of kinetic warfare have no meaning in cyber warfare. Some principles of kinetic warfare may actually be antagonistic to cyber warfare. The various characteristics and principles of cyber warfare are as under:
- Waging cyber war is relatively cheap. Unlike traditional weapon technologies, acquiring information weapons does not require vast financial resources or state sponsorship.
- Boundaries are blurred in cyberspace. Traditional distinctions public versus private interests, warlike versus criminal behavior, geographic boundaries, such as those between nations tend to get lost in the chaotic and rapidly expanding world of cyberspace.
- Opportunities abound to manipulate perception in cyberspace. Political action groups and other nongovernment organisation’s can utilize the Internet to galvanize political support.
- Cyber war has no front line. Current trends suggest that the economy will increasingly rely on complex, interconnected network control systems for such necessities as oil and gas pipelines, electric grids, etc. and these will become vulnerable to cyber attacks.
- Cyber-warfare must have kinetic world effects. Cyber warfare is meaningless unless it affects someone or something in the non cyber world.
- Anonymity. Cyber warfare can be waged anonymously. Anonymity is the nature of new technologies, especially telecommunications. An anonymous attack creates two problems. Not only has a state’s national security been breached, but there is no one to hold accountable for the attack.
- Offensive Nature. Information technology and computer systems are vulnerable by nature. Therefore, taking defensive measures against the information warfare threat will always be difficult and costly. Improving the defense of information systems also contributes to the security dilemma since decreasing one’s susceptibility to information warfare increases the attraction of using information warfare offensively.
Cyberwar may have broad ramifications for military organization and doctrine. As noted, the literature on the information revolution calls for organizational innovations so that different parts of an institution function like interconnected networks rather than separate hierarchies. Thus cyberwar may imply some institutional redesign for a military in both intra- and inter-service areas. Moving to networked structures may require some decentralization of command and control, which may well be resisted in light of earlier views that the new technology would provide greater central control of military operations. But decentralization is only part of the picture; the new technology may also provide greater “topsight”-a central understanding of the big picture that enhances the management of complexity. Many treatments of organizational redesign laud decentralization; yet decentralization alone is not the key issue. The pairing of decentralization with topsight brings the real gains.
Cyberwar may also imply developing new doctrines about what kinds of forces are needed, where and how to deploy them, and what and how to strike on the enemy’s side. How and where to position what kinds of computers and related sensors, networks, databases, etc. may become as important as the question used to be for the deployment of bombers and their support functions. Cyberwar may also have implications for the integration of the political and psychological with the military aspects of warfare.
In sum, cyberwar may raise broad issues of military organization and doctrine, as well as strategy, tactics, and weapons design. It may be applicable in low- and high-intensity conflicts, in conventional and non-conventional environments, and for defensive or offensive purposes.
As an innovation in warfare, I anticipate that cyberwar may be to the 21st century what blitzkrieg was to the 20th century. At a minimum, it represents an extension of the traditional importance of obtaining information in war-of having superior C3I, and of trying to locate, read, surprise, and deceive the enemy before he does the same to you. That remains important no matter what overall strategy is pursued. In this sense, the concept means that information-related factors are more important than ever due to new technologies
EVOLUTION OF CYBER WARFARE
Since the early days of the Internet, there were individuals trying to compromise computer systems’ security via the network. Initially their activities were limited to defacement of web pages and motivated mostly by mere thrill seeking. In the 1990’s political activists realized the potential for publicity coming with the attacks, and defacements carrying a political message became more frequent (Hacktivism). The palette of attack types also widened greatly, most notably some of them became aimed at bringing services or whole systems down, by generating excessive network traffic (denial of service, email bombardments).
The first reported politically motivated cyber terrorist attack using a flood of emails was carried out by the Tamil Tigers against Sri Lankan embassies in 1998. It was successful, even as it did not bring targeted servers down, because more importantly it attracted worldwide media attention to the attackers’ cause. Activist groups involved in other struggles around the world soon followed with similar attempts.
The diplomatic conflict between Pakistan and India over Kashmir has, since the late 1990’s, been paralleled by a series of mutual cyber attacks. In the Middle East, every time political or military fight escalated between Israel and Palestinians, so did fights on the virtual battlefield. Both sides have used sophisticated techniques and well planned strategies for their cyber attacks. Pro-Palestinian attacks have been carried out by a number of terrorist groups (some of which even came up with the term cyber jihad), and pro-Jewish ones might have been coordinated by the state of Israel, though there is no clear evidence to support that. Studies have shown that Israel leads the list of countries in terms of numbers of conducted computer attacks per 10,000 Internet users.
This brings us to the newest trend in cyber warfare: cyber attacks carried out by hacker groups inspired, coordinated, funded and supplied with resources by nation states. They are usually large scale and prolonged operations targeting specific systems within enemy structures. Probably the first of this type of attacks took place during the NATO air strikes against targets in Former Republic of Yugoslavia during the Kosovo violence in 2000. Targeted were all 100 of NATO servers, each subject to excessive network traffic originating mostly from Serbia, as well as Russia and China – it’s supporters in the conflict. The cyber attacks caused serious disruptions in NATO’s communication and services, lasting several days, but did not directly affect the bombing campaign.
These days cyber warfare still mostly consists of uncoordinated cyber terrorism acts performed by groups whose main aim is publicity and media coverage. Gradually though the nature of cyber warfare is going to change into activities coordinated and paid for by nation states and large international terrorist networks. We can expect attacks trying to exploit vulnerabilities in critical infrastructure like telecommunication systems, airports, power plants, oil and gas infrastructure, supply of water, and military systems. In the coming years we are likely to see a quick rise in the number of cyber battles and one can imagine that in the future wars are going to be fought without dropping bombs and firing missiles.
GLOBAL THREAT IN CYBERSPACE
THREATS IN CYBERSPACE
There are four fundamental categories of threats to our information and information infrastructure, characterised by the degree of structure in their attack capability and the measure of trust or access that the threat enjoys. These categories are:
- Unstructured External Threats. These are individual or small group of attackers who rely heavily on other’s tools and published vulnerabilities. They attack targets of opportunity and lack persistence against difficult targets.
- Structured External Threats. These are coordinated attackers i.e. hostile intelligence agencies or organised crime syndicates, which possess a deep technical knowledge of the target, strong motivation, and the capability to mount combination attacks using multiple complex tactics and techniques.
- Non Malicious Internal Threats. These are accidental breaches of security caused due to ignorance or malfunctioning of system.
- Malicious Internal Threats. Here the attackers are trusted members of the org or a less trusted support worker with some degree of access.
The threats can also be classified under the following heads:
Remote Intrusion. What can also be called remote attacks or break-ins. These attacks can be carried out by the following methods:
- Spyware. Any program that covertly gathers info through internet connection without the host’s knowledge once installed, spywares monitor user activity on the internet and transmit info to interested parties in addition to wasting bandwidth.
- Back Doors and Trap Doors. A program built into a system that allows the designer or manufacturer to ‘take a peep into the system files and information resources’ at a later point in time by circumventing the access controls that are put in place for all users.
- Scanning. Scanning is the act of actively looking for information. Scanning can be a very broad sweeping activity, such as scanning for any active hosts, or a very detailed specific activity such as looking only for servers running Windows NT 4.0, Service Pack 4, and Internet Information Server 4.0.
- Chipping. A technique to slip booby trapped computer chips into critical systems that are sold by foreign contractors to potentially hostile third parties.
- Sniffing/Key Loggers. Sniffing involves picking up data by covert or overt system during its transmission on the network. On TCP/IP networks, sniffers are usually referred to as packet sniffers because they are used to examine the packets traversing a TCP/IP network. Another method of accessing data is by installing key loggers (software or hardware) to computers, these programmes monitor keystrokes and store data which is either retrieved physically or transmitted through internet.
- Data Driven Attack: By Virus / Trojan / Worms. Data driven attack can be launched by following means:
- Computer Virus. A computer virus can be defined as a self replicating and potentially dangerous program. They can attack the boot sector or the executable files. Computer Viruses are generally classified by a variety of factors such as their target operating system, how the virus infects other systems, what programs the virus targets and infects, behavior and characteristics of the virus, and so on. The major categories are File infectors, System or Boot infectors and Multipartite.
- Bombs. A bomb is a piece of code that executes based upon a specific trigger, usually a certain date, time or series of actions such as a keystroke .Bombs, like their name suggests, are almost always destructive in nature and intent and are usually difficult to defend against. Unlike viruses and worms, bombs do not replicate and are usually designed to execute a single time.
- The Trojan Horse. It is a malicious program which is hidden within the host program. Trojan horses masquerade as benign applications when executed and like bombs do not replicate. Many of the more popular and famous Trojan horses, such as Back Orifice, provide an attacker with remote access and control of an infected system.
- Worm. Worms are typically small covert programs consisting of three sections replication, payload and communication which propagates itself over a network, reproducing itself speedily as it travels, infecting the target network.
- Denial Of Service Attacks. To flood / jam / crash / disrupt external connection of a network this is carried out by using Bots and Bot-nets. The term “Bot-net” is generally used to refer to a collection of compromised computers (zombie computers) running malwares under a common command and control infrastructure. A Bot-net maker can control the group remotely for illegal purposes. The most common purposes among them are Denial-of-service attack, Adware, Spyware, E-mail spam, Click fraud, Theft of application serial numbers, login IDs, and financial information such as credit card numbers, etc. cyber warfare climbed the news agenda earlier this year when the Estonian government was hit with major, sustained denial-of-service attacks.
- Spoofing. Spoofing is the act of forging parts of packets or entire packets, usually to make them appear as if they are coming from a legitimate source or to hide the actual source. Most commonly used for denial of service attacks, spoofing is also used by attackers to masquerade as someone or something else to gain access to a target system.
- IP Spoofing. Assume the IP address of a trusted host.
- DNS Spoofing. Assuming the DNS name of a trusted machine by compromising the DNS system.
- Phishing. Phishing is a general term for criminals creation and use of e-mails and websites designed to look like e-mails and websites of well known legitimate businesses, financial institutions, and government agencies in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as usernames and passwords. The “phishers” then take that information and use it for criminal purposes, such as identity theft and fraud.
- Session Stealing. Also called IP Splicing / Hijacking. Here an active connection is captured by the attacker assuming the identity of an already authorised user. To be combated by the encryption of the session or the network layer using a technique like IPSec as mentioned above.
HOW REAL IS THE CYBER WARFARE THREAT?
The exponential growth in information reliance and information-based technology has made Cyber Warfare (CW) a valid threat in the future. For resource-limited adversaries, CW becomes a relatively cheap and practicable alternative to full-scale war. Since CW can be waged from anywhere in the global spectrum, it offers anonymity to potential adversaries. Our ability to prosecute these attackers is very limited due to regulatory and political dilemmas. Thus, CW becomes a legitimate war-making strategy capable of inflicting a vast array of damage upon its victims.
The First War in Cyberspace. When Estonian authorities began removing a bronze statue of a World War II-era Soviet soldier from a park in Tallinn, a bustling Baltic seaport in April 07, they expected violent street protests by Estonians of Russian descent. They also knew from experience that “if there are fights on the street, there are going to be fights on the Internet,” said Hillar Aarelaid, the director of Estonia’s Computer Emergency Response Team. After all, for people in Estonia the Internet is almost as vital as running water; it is used routinely to vote, file their taxes, and, with their cell phones, to shop or pay for parking. What followed was what some describe as ‘the first war in cyberspace’, a month long campaign that forced Estonian authorities to defend their pint-size Baltic nation from a data flood that they say was set off by orders from Russia or ethnic Russian sources in retaliation for the removal of the statue. The Estonians assert that an Internet address involved in the attacks belonged to an official who works in the administration of Russia’s president, Vladimir V. Putin. The Russian government has denied any involvement in the attacks, which came close to shutting down the country’s digital infrastructure, clogging the Web sites of the president, the prime minister, Parliament and other government agencies, staggering Estonia’s biggest bank and overwhelming the sites of several daily newspapers.”It turned out to be a national security situation,” Estonia’s defense minister, Jaak Aaviksoo, said in an interview. “It can effectively be compared to when your ports are shut to the sea.”
As computer technology has become increasingly integrated into modern military organisations, military planners have come to see it as both a target and a weapon, exactly like other components and forces. Like other elements of the modern military, cyber forces are most likely to be integrated into an overall battle strategy as part of a combined arms campaign. Computer technology differs from other military assets, however, in that it is an integral component of all other assets in modern armies. From this perspective, it is the one critical component upon which many modern militaries depend, a dependence that is not lost on potential enemies.
There should be little doubt that future wars will inevitably include cyber warfare tactics. It is increasingly apparent that nations are gearing up to take advantage of the ever-increasing complexity and inter-connected nature of various national infrastructures. Countries around the world are developing and implementing cyber strategies designed to impact an enemy’s command and control structure, logistics, transportation, early warning and other critical, military functions. In addition, nations are increasingly aware that the use of cyber strategies can be a major force multiplier and equaliser. Smaller countries that could never compete in a conventional military sense with their larger neighbours can develop a capability that gives them a strategic advantage, if properly utilised.
Some people believe that cyber threats are just a concept others argue that cyber attacks are serious enough to be considered a threat to national security. Some even go to the extent of believing that an Electronic Pearl Harbour is in the making. Even though the public may not know how serious the aftermath may be, the stories of successful cyber attacks should raise some alarms.
SPECTRUM OF CYBER CONFLICT
The purpose of developing a spectrum of cyber conflict is to show the range of cyber attacks from unintentional actors such as hackers and criminals with only self-serving interests to intentional actors with intent to affect national security. This spectrum will synthesize the type of attack, intentional or unintentional actors, location of attack, and will identify what agency will have the authority to identify and track down the perpetrator. It will also identify what type of appropriate response is likely to be taken by the government against perpetrators ranging from criminal prosecution to extradition or a national policy response such as diplomatic, economic or military action against a state.
It is important to remember that any actor from a juvenile hacker to a sophisticated state intelligence service may have the capability to do extensive damage to our national information infrastructure and the capability to track and identify the perpetrator will always be extremely important regardless of the perpetrator’s intentions. Sometimes, it may be as important to identify a criminal hacker with no national security interests as it may be to prove a state sponsored cyber warfare attack. Regardless, without the close coordination between defense and law enforcement agencies, a quick and accurate response by the government will not be possible.
Type of Attack. The first discriminator in spectrum of cyber conflict is the type of attack. The type of attacks will include the following:
- Cyber Crime. The first level of conflict is identified as Cyber crime and ranges from illegal exploration, hacking or other computer intrusions perpetrated by an individual or group with criminal or self-motivated interests and intent.
- Hacktivism. The second level of cyber conflict is a relatively new phenomenon identified as “Hacktivism” and is politically motivated. Hacktivism is computerised activism and operates in the tradition of non-violent direct action and civil disobedience. It uses the same tactics of trespass and blockade from earlier social movements and applies them to the Internet. The aim of hacktivism is to draw attention to particular issues by engaging in actions that are unusual and will attract some degree of media coverage and possibly affect public or private actions.
- Cyber-Espionage. Cyber-espionage is the use of computer hacking in foreign intelligence operations to obtain information or access to foreign computer systems with the intent to commit espionage or have the access to commit state sponsored sabotage when necessary.
- Cyber-Terrorism. Cyber-terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data, which result in violence against noncombatant targets by sub national groups or clandestine agents.
- Cyber-Warfare. Cyber warfare is defined as the use of computer intrusion techniques and other capabilities against an adversary’s information-based infrastructure to intentionally affect national security or to further operations against national security.
Intention of Cyber-Actors. The intention of actors or perpetrators of cyber attack within the spectrum of cyber conflict can be broken down into two broad categories as relates to national security. Intentional actors are individuals intentionally prosecuting attack through cyber-means to affect national security or to further operations against national security. It includes any act intended to compel an opponent to fulfill national will, executed against an opponent’s computer and software systems. Unintentional cyber actors are individuals who unintentionally attack but affect national security and are largely unaware of the international ramifications of their actions. Unintentional actors include anyone who commits cyber infiltration and penetrates the defenses of a system such that the system can be manipulated, assaulted, or raided. Unintentional actors have a large variety of motivations and intentions but do not intend on inflicting damage to national security or to further operations against national security. These actors can be categorized as hackers and although they commit cyber crime, they are not intentionally prosecuting cyber warfare. It is important to note that unintentional actors may be influenced by intentional actors but are unaware they are being manipulated to participate in cyber operations.
Location of the Perpetrator (Outside or Within India). Thirdly, it is paramount to identify the initial location of the attack and whether it is coming from within or outside India. These three factors (type of attack, intention of the perpetrator and location of perpetrator) will determine whether or not law enforcement or the military initially responds to trace back the attack and will also affect the type of retaliation taken against the perpetrator.
RECOGNITION OF CYBER WARFARE THREAT
The ability of governments to gauge threats to critical infrastructures has traditionally been contingent upon their ability to evaluate a malicious actor’s intent and that actor’s ability to carry out a deliberate action. This was significantly easier during the Cold War, when the authorities were merely concerned with the security of physical structures. Due to the global nature of information networks, attacks can be launched from anywhere in the world, and discovering the origin of attacks remains a major difficulty, if, indeed, they are detected at all. Compared to traditional security threat analysis, which consists of analyses of actors, their intentions, and their capabilities, cyber-threats have various features that make such attacks difficult to monitor, analyse, and counteract:
- Anonymity of Actors The problem of identifying actors is particularly difficult in a domain where maintaining anonymity is easy and where there are time lapses between the action that an intruder takes, the intrusion itself, and the effects of the intrusion. In addition, the continuing proliferation of sophisticated computer technologies among the mainstream population makes the identification of actors increasingly difficult.
- Lack of Boundaries Malicious computer-based attacks are not restricted by political or geographical boundaries. Attacks can originate from anywhere in the world and from multiple locations simultaneously. Investigations that follow a string of deliberately constructed false leads can be time-consuming and resource-intensive.
- Speed of Development Technology develops extremely quickly. The time between the discovery of a new vulnerability and the emergence of a new tool or technique that exploits that vulnerability is getting shorter.
- Low Cost of Tools The technology employed in such attacks is simple to use, inexpensive, and widely available. Tools and techniques for invading computers are available on computer bulletin boards and various websites, as are encryption and anonymity tools.
- Automated Methods Increasingly, the methods of attack have become automated and more sophisticated, resulting in greater damage from a single attack.
These characteristics considerably hamper the ability to predict certain adverse future scenarios. Various types of uncertainties make it difficult for the intelligence community to effectively analyse the changing nature of the threat and the degree of risk involved. And these uncertainties are linked to inherent characteristics of cyber-threats – characteristics that they share with a whole set of “new” threats to security.
The end of the Cold War meant not only the end of a relatively stable bipolar world order, but also the end of the boundedness of threats. Following the disintegration of the Soviet Union, a variety of “new”, and often non-military threats, such as migration, terrorism, proliferation, etc., were moved onto the security policy agendas. Even though the label “new” is not justified in most cases, many of these threats are distinctly different from Cold War security threats. The main difference is an unprecedented quality of uncertainty about them. The reason for this uncertainty is that chief among the new threats are those emanating from non-state actors using non-military means. Any combination of threat involving either non-military – or asymmetric – means and/or non-state actors poses significant difficulties for traditional approaches to intelligence collection. Linking capability to intent only works well when malefactors are clearly discernible and intelligence agencies can focus collection efforts to determine what capabilities they possess or are trying to acquire.
While an attack by another state with unconventional means and a clearly assignable agency at least makes military options feasible, non-state actors completely play outside the “box” of the Westphalian state-order. Uncertainty surrounds the identity and goals of these potential adversaries, the timeframe within which threats are likely to arise, and the contingencies that might be imposed on the state by others. Furthermore, there is uncertainty concerning the capabilities against which one must prepare, and also about what type of conflict to prepare for. In conclusion, experts are unable to predict how a cyber-attack is likely to be launched.
COMBATING THE THREAT
The state must make such disposition of its defense as will put it in the best possible condition to sustain any future war. But…these dispositions for defense must provide means of warfare suited to the character and form future wars may assume. -Giulio Douhet
HOW VULNERABLE ARE WE?
- It is not difficult to anticipate our accelerating transition to a knowledge-based society in the light of the leapfrogging strides in infrastructure development and networking. In the future, the rising dependence on IT would only render us more vulnerable to the very same technologies. The growing dependence is quite discernible by the burgeoning Internet user-base, and increased networking activity in the form of Local Area Network (LANs), Intranets and Extranets.
- Some critical networks, especially within the government and defense are briefly mentioned below to illustrate the growth of networking in the country’s critical sectors.
- Railways. Indian Railways, one of the busiest in the world, transports more than 11 million passengers daily. Country Wide Network for Computerised Enhanced Reservation and Ticketing (CONCERT) is one of the largest software projects to be implemented in India. The Railways has recently introduced online passenger reservation information services through its website.
- NICNET. The government has designated the nation-wide computer communication network NICNET set up by the National Informatics Centre (NIC) as the government network. The satellite based VSAT network links about 540 district administrations, 25 state secretaries and 7 Union Territory (UT) administrations. The NICNET links spread to the Ladakh region and the Andaman, Lakshwadeep and Minicoy islands.
- Military. The army has a fully automated communication network for its field forces-Army Radio Engineering Network (AREN) and Army Static Switch Communication Network (ASCON) for rearward connectivity from field forces. To serve its C4I2 functions, an Army Strategic Information System (ASTROIDS) has been set up for exchange of operational information between Army HQ, Command HQ and Corps HQ. In addition army has an Army Wide Area Network apart from the formation Local Area Networks over which various services like mail, file transfer and the intranet run. The air force has a dedicated communication network for its air defence -Air Defence Ground Environment System (ADGES) complete with radar and communication links for providing surveillance to various air defence elements. For its logistic operations there is an Integrated Material Management On-Line system (IMMOL). The navy is setting up its Navy Enterprise Wide Network (NEWN), which would connect all its ships and shore establishments. The Integrated Logistic Management System (ILMS) and Ship-Based Logistic Management System (SLMS) cater to the navy’s inventory control and logistic management.
- ERNET. The Education and Research Network (ERNET) has been providing network services to Indian academia and research community since 1990. Connecting more than 750 organisations, it brings together a large cross section of universities, academic institutions, Research and Development (R&D) laboratories, non-governmental organisations (NGOs) and more than 80,000 users.
- National Stock Exchange (NSE). The NSE boasts of not only the first private VSAT network, but also the largest Wide Area Network (WAN) in the country. One of the few interactive VSAT based stock exchanges in the world to provide online trading of stocks; it is expected to grow to over 3,100 VSATs covering 425 cities.
Disruption of defence networks or the services of the NSE network or, jeopardising the communication infrastructure of the Software Technology Parks of India (STPI) engaged in software and IT exports would have serious national security and financial implications. And going by some reports, these are certainly not exaggerated threats. In China, the People’s Liberation Army (PLA) recently conducted a network simulation exercise, where PLA soldiers simulated cyber-attacks on the telecommunications, power, finance and media sectors of Taiwan, India and South Korea. In fact, the Chinese IW centre established in 1996 lays down offensive computer attacks on enemy critical systems as its primary mission. The Chinese IW doctrine includes economic and industrial espionage, and the ‘doctoring’ of chips and software that can plant viruses or ‘trap-doors’ in enemy information systems. This is most worrisome: given the thriving piracy in Indian markets, low priced software CDs from Chinese markets sell like hot cakes. On the western front, Pakistani hacker groups like ‘Death to India’, ‘Kill India’, ‘Dr Nuker’ and ‘G Force Pakistan’ have been consistently targeting Indian websites. A number of anti-India websites have also surfaced displaying anti-India propaganda and instructions for hacking into Indian websites.
Notwithstanding the Chinese and Pakistani designs on IW, the threat from terrorists or non-state actors is a cause of greater worry. Cyber-terrorism (convergence of cyberspace and terrorism) offers ideal opportunities for terrorists to carry out remote attacks-safely, anonymously, and without the use of explosives. Terrorist propaganda through Internet websites (for e.g. websites of terrorist organisations like the Hezbollah and Liberation Tigers of Tamil Eelam (LTTE) can be accessed at www.hizbollah.org, www.eelam.com) and increasing use of satellite-phones, electronic-mail and instant messaging for communications have added to the woes of the intelligence agencies worldwide. In the recent terrorist strike at Red Fort by the Lashkar-e-Taiba group, the militants were found to have used a cyber café in North Delhi as a communication link for the operation.
The Indian government needs to address these concerns. Almost at the same time as the Chinese attacks, there has been also the instance of the Swedish hacker breaking into the email accounts of a few of our foreign missions. As usual, our national cyberspace agenda was reactive rather than proactive. A comprehensive critical information infrastructure protection policy is yet to be framed; the focus to look at cybersecurity from a national security standpoint is still far away; and the revised IT Act is yet to be passed by Parliament.
CYBER SECURITY: A FEW INITIATIVES
In the wake of increasing security breaches, a growing awareness of Cyber Security is beginning to set in. India became only the 12th country in the world to enact the cyber-laws and pass the IT Act 2000, which besides granting legal sanctity to electronic documents, covers a broad range of legal issues. The Ministry of Information Technology has set up an IT security centre at Hyderabad, in line with the American Computer Emergency Response Team (CERT) as part of a multi-pronged approach to control cyber-crime.
The National Association of Software Services and Companies, (NASSCOM) a nodal agency for promoting IT in the country, has on its part set up a National Cyber-Cop Committee comprising members from the government, IT experts and the police, to address the growing threat to cyber security in the country. NASSCOM, with the Indian government has also laid the foundation for the required legal framework through the proposed Amendments to the Indian IT Act of 2000 which includes laws and policies concerning data security and cyber crimes and the Indian Copyright Act of 1972 which deals with copyright issues in computer programs.
The Central Bureau (CBI) of investigation is also tuning itself to counter the cyber threat. The cyber crime cell established by the CBI since April 2000, acts as an international contact point in India for resolving cyber-crime cases. The cell has a committed core team, which interacts with the Federal Bureau of Investigation (FBI), Interpol and police forces of other countries. The CBI academy has also introduced cyber-related training programmes for police officers of state police forces.
The Ministry of Information Technology decided in 2003 to establish a $20 million Internet security center in New Delhi. The center addresses computer security incidents, publishes alerts, and promotes information and training. Software Technology Parks India (STPI)-an autonomous body of the government-has a stake in the proposed center. The Center for Development of Advanced Computing (C-DAC) and the Defence Research and Development Organisation (DRDO) have been at the forefront of information security technologies. The Networking and Internet Software Group of the C-DAC, for example, is working on the development of “core network security technologies,” which include C-DAC’s Virtual Private network, crypto package, and prototype of e-commerce applications. FIRST-India (Forum for Incident Response and Security Teams) is a non-profit organization for facilitating “trusted interaction amongst teams from India conducting incident response and cyber security tasks. Membership is open to private and public sector organizations in India, including the Defense Public Sector Undertakings.
The defence forces on their part have adopted information warfare doctrines, which include cyber security as a vital element. The Indian military is investing significant resources to develop information technologies and to train technologically capable forces. The National Defense Academy (NDA) in June 2002 graduated its first group of students earning the degree of Bachelor of Science in Computer Science. The three-year course is consistent with the latest trends in electronic warfare and growing computerization in the armed forces. Private companies have developed programs to integrate their technologies more directly into the defense sector’s needs. Further, the Defense Research and Development Organization has initiated several programs for the development of critical technologies and systems under government auspices, including chip development.