WEB WAR AGAINST INDIA: ADDRESSING THE THREATS IN THE

INTERNET AGE

AUTHORED BY

DISHA DHANKHAR

&

JAYANT LAL

1
 ABSTRACT

Sub Theme: Terrorism and Cyber Terrorism

Cyberspace today has become just as much a relevant strategic domain, if not more,
than the other four that occur naturally - air, land, space and sea. There is an urgent
need for a global convention on cyberspace which has been recognized in its domain
recently. The last few decades have made it unmistakably clear that the internet age
has revolutionized, not only the human connections, but also the means for waging
wars; taking it from the distant battlefields and bringing it into the hearts of our cities,
amongst our homes. India's strategic challenge in cyberspace stems from external
threats as well as the design and density of its digital ecosystem. In the virtual world,
the two states - China and Pakistan - have posed the biggest threat to India’s national
security time and again. Neither of the two have ever been on friendly terms with us
and have always been trying to unearth the data which is of political, territorial and
economic importance. However, India has also taken measures to retaliate and
safeguard the honour of our motherland. In response to the cyber security threats
countries like Russia, China, Israel and North Korea have set up their own cyber
armies. It is imperative for our government to focus their attention on the tremendous
threats to the national security posed by the ongoing web war on India in order to
prevent future attacks. This paper examines various instances that have happened in
the recent past and also discusses few of the many suggestions as to how the nation
can respond to and dodge the cyber attacks in future.

2
 WEB WAR AGAINST INDIA: ADDRESSING THE THREATS IN
THE INTERNET AGE

DIHSA DHANKHAR* & JAYANT LAL**

1. INTRODUCTION

“We've gone from the Cold War to the Code War.”

― Thomas Waite

Cyber threats fall into four broad categories: espionage; warfare; terrorism; and
crime. Remarkably, few international rules or norms currently exist to regulate the
first three, while cyber crime is largely a concern of state law enforcement agencies,
with limited legislative guidance on investigative processes.

Today, data is transferred from laptops to USB sticks, over wireless networks at café
hot spots, and stored across cloud computing services whose servers are located in
far-off political jurisdictions. These new modalities of communicating de-concentrate
and disperse the targets of exploitation, multiplying the points of exposure and
potential compromise. Paradoxically, documents and data are probably safer in a file
cabinet, behind the bureaucrat’s careful watch, than they are on the PC today.1

In today’s world, cyberspace is as relevant a strategic domain as are the other four
naturally occurring domains, namely - land, air, sea and space. In 2015, the then
Union Minister for Defence, Manohar Parikkar, highlighted that India's Defence
capabilities must be strengthened against disruptive and highly sophisticated cyber-
attacks.2 In addition to this, the Armed Forces of the country must adapt to fight future
wars in cyberspace, whether standalone clashes or in conjunction with kinetic battles.
Unlike conventional arenas of warfare, cyberspace has seen, and will continue to see
the proliferation of non-state actors, widely ranging in profile and capabilities.

1
*The author is a Second year student of Army Institute of Law, affiliated to Punjabi University,
Patiala.
**The author is a Second year student of Army Institute of Law, affiliated to Punjabi University,
Patiala.
TOWARDS A PERFECT CYBERSPACE http://www.rfa.org/english/commentaries/cyberspace-
04072010125518.html (last updated April 7, 2010)
2
Arun Mohan Sukumar and Col. R.K. Sharma, The Cyber Command: Upgrading India’s National
Security Architecture, Observer Research Foundation (2016)

3
Instances of 'weaponising' the internet are on the rise -using its technologies for
activities like recruitment of terrorists, radicalization on the basis of specific
narratives, disruption of crucial public services like electricity grids and the
financial sectors, and the theft of commercial secrets. It is no exaggeration to claim
that the integrity of India's digital networks can affect the strategic trajectory of a
nation: cyberspace can be used to mould, even determine political outcomes; spur or
stunt the growth of its economy; and strengthen or destabilize its critical
information infrastructure.

India's burgeoning digital economy hosts the world's second largest user base on the
internet. The Union government's flagship initiatives like 'Digital India', as well
as the emphasis on governance premised on connectivity, are raising the stakes for
the country's information infrastructure.3 It is conceivable that the integrity of
India's cyber platforms will increasingly be subjected to threats and suffer
vulnerabilities in the immediate future. Vice Admiral Girish Luthra, former Deputy
Chief (Operations) in Headquarters Integrated Defence Staff (HQ IDS), recently
suggested that a “cyber-race” is currently underway: with incidents of commercial
espionage, IPR theft, denials of service, and other kinds of attacks being perpetrated
on a daily basis. To safeguard India’s cyberspace (which includes infrastructure
physically located within the country's borders, as well data hosted by Indian people,
corporations and governments in any part of the world) a coherent conceptualization
of India's strategic interests and a clear outlining of methods to secure them, as well as
time-bound plans of action are required. As the nation's cyber security apparatus is
slowly being put in place, there is a need for policy and operational coherence.

India's strategic challenge in cyberspace stems not just from external threats but the
design and density of its digital ecosystem. While technology is moving from the
West to the East, information is flowing in the reverse direction, offering law
enforcement agencies few options to protect and, where warranted, extract the data
of Indian citizens.4 The custody of data in other nations exposes the sensitive
information of citizens and they become vulnerable to foreign attacks: for example, if
there is a foreign database which is located in foreign soil but hosts the data of Indians
3
Ibid.
4
Arun Mohan Sukumar and Col. R.K. Sharma, The Cyber Command: Upgrading India’s National
Security Architecture, Observer Research Foundation (2016)

4
is attacked by some third party, Indian authorities will have limited jurisdiction to
investigate and prosecute the culprit.

The United Nations Charter, which prohibits the unauthorized use of force except in response to an
armed attack, was drafted and adopted during an era in which warring nations inflicted physical
damage on their adversaries primarily through kinetic attack: the bombs and bullets delivered by
artillery and rifles that are the mainstay of conventional military combat. Although the Charter does
not define what constitutes a "use of force" or an "armed attack", decades of state practice and
International Court of Justice (ICJ) application have provided some measure of clarity with regard to
the traditional modes of war—aerial bombardment, ground assault, missile strikes, and other
territorial incursions.

There is, therefore, an urgent need for a global convention on cyberspace that builds
robust mechanisms of information sharing across borders and institutions, defines
appropriate rules of the road for engagement in the cyber domain, puts the onus on
states to not tolerate or encourage mischievous networks whose activities operate
from within their jurisdictions, and protects and preserves this valuable global
commons.5

“Until such a normative and policy shift occurs, the shadows in the cloud may grow
into a dark, threatening storm.”6

2. THE ONSET OF WEB WARS AROUND THE GLOBE

WEB WAR AGAINST ESTONIA

Estonia is one of the most advanced country in the world in terms of internet usage. In 2005, Estonia
became the first country in the world to use internet voting in local elections. As per the official

5
Information Warfare Monitor and Shadow Server Foundation, SHADOWS IN THE CLOUD:
Investigating Cyber Espionage 2.0, (April 6, 2010)
6
Ibid.

5
statistics 95% of Estonia’s banking operations are carried out through the internet. However, Estonia’s
historical enemy, Russia, viewed Estonia’s leap into the internet age as a means of waging a cyber war.

In April 2007, one million computers from around the world, including zombies in India, shut down the
networks in Estonia. Estonia’s information technology (IT) infrastructure was subjected to a massive
barrage of spam, viruses, and ‘botnet attacks’, which rely on thousands of hijacked personal
computers. There were also large and sustained distributed denial-of-service (DDoS) attack on several
Estonian national web sites, including those of government ministries and the Estonian Prime
Minister’s Reform Party.7

The cyber attack followed a series of riots sparked by the relocation of the ‘Bronze Soldier’, a Soviet
Red Army war memorial in Tallinn. The Estonians wanted to move the memorial because it was a
symbol of Russian occupation. On April 27, 2007, the Estonians moved the statue. Subsequently,
rioting broke out between thousands of Estonians and ethnic Russians. The cyber attacks broke out
almost simultaneously. The cyber attack on Estonia is referred to as Cyber War I, however, in fact,
Russia’s first cyber attack is considered to be its 2002 attack on Chechnya and not the 2007 attack on
Estonia.

Estonia’s Computer Emergency Response Team (CERT) mounted a coordinated response and
concentrated on protecting the most vital resources while sacrificing less important infrastructure. 8
Estonia’s CERT reportedly implemented an online ‘diversion’ strategy that made attackers hack sites
that had already been destroyed.9
3. WEB WARS AGAINST INDIA

3.1 INDIA AND CHINA

A general perception has been created in the West, from continuous reports of cyber attacks
originating in China, that most cyber crimes and hacking originates from China. The US, Belgium,
France and Russia have stated that China is attempting to control the cyberspace ‘offensively’ through
cyber operations of the Chinese People’s Liberation Army. 10 According to the US, in September 2007,
the Chinese military was planning a cyber attack targeting a Pentagon computer system in the office of
US Defense Secretary, Robert Gates. According to reports, China has internally set a deadline of 2050
for themselves to be able to stop any military attack through cyber warfare. Moreover, hackers have

7
Mike Collier, ‘Estonia: Cyber Superpower’ Information Warfare Monitor
8
Ibid.
9
Ibid.
10
NATIONS BLAME CHINA FOR RECENT CYBER HACKINGS, International Business Times,
(May 21, 2008)

6
been mobilized into Unions and Red Alliances with alleged ‘official backing’. At the same time, China
has protected itself by a firewall known as the ‘Great Red Firewall’.

Since 2006, China has reportedly been waging daily cyber attacks on Indian computer systems, both
private and governmental. The Chinese are constantly scanning and mapping India’s official networks
which not only gives them access of the content but will also enable them to disable the networks
during a conflict between the two countries.11

In 2008, the main attacks attributed to China were an attack on NIC (National Informatics Centre),
which was aimed at the National Security Council, and on the Ministry of External Affairs (MEA). In
April 2008, Indian government officials stated that the computer networks of the MEA had been
broken into allegedly by Chinese hackers. The hackers allegedly broke into the internal
communications network of the MEA and accessed the emails bearing information on policies and
decision matters across the Ministry’s offices in India and in their foreign missions. 12 Similar allegations
had been made against China back in June 2007 which were denied.

On February 21, 2009, the Information Warfare Monitor reported that 10 websites belonging to
various ministries and departments of the government of India had been hacked by attackers
suspected to be from China. According to reports in the newspaper DNA, a senior official of the IT
Ministry, Government of India, stated, ‘Low to medium intensity cyber intrusions into web servers
maintained by the Indian government have been reported.’ 13

On December 15, 2009, computers in the Indian Prime Minister’s Office (PMO) and the MEA in New
Delhi were hacked by planting a ‘Trojan Virus’ from a mail purportedly sent from China. The Trojan
virus allowed the attackers to access and delete the personal Gmail accounts of Government
officials.14 The attack was discovered by Google engineers in Silicon Valley, North California who then
reportedly mounted a secret counter-offensive attack to detect Chinese intruders who had accessed
the government’s private Gmail accounts. The investigators were able to verify the internet protocol
(IP) addresses and the Media Access Control (MAC) addresses, which are unique identification
numbers, of the hackers and confirmed that they originated in China. 15 The hidden virus had come in
an email and was embedded in an Adobe Acrobat attachment which had breached both Gmail and
other networks’ security. Both the Indian investigators and Google engineers were of the view that the
data stolen through the Trojan could only be of use to a government.

11
Indrani Bagchi, ‘China mounts cyber attacks on Indian sites’, The Times of India, (May 5, 2008)
12
‘MEA Computer Network Hacked’, Indiaserver.com, (April 11, 2008)
13
Information Warfare Monitor, (Feb 21, 2009)
14
Indian PMO, External Affairs Ministry networks ‘hacked’, Technology Base, (Jan 16, 2010)
15
China behind hacking Indian Government computers, Silicon India News, IANS, (Jan 19, 2010)

7
THE SHADOW AND THE TRACKING GHOSTNET REPORT

In an April 2010 report on cyber attacks on India, entitled ‘Shadows in the Cloud: Investigating Cyber
Espionage 2.0’16 by John Markoff and David Barboza, two Canadian researchers at the Munk School of
Global Affairs at the University of Toronto, John explains an India-focused spy ring based in Chengdu,
Peoples Republic of China (PRC), used social networking sites such as Twitter, Google groups, Blogspot,
blog.com, Baidu Blogs and Yahoo! Mail to take over control of computers in India after they had been
infected by viruses or other malware. 17 The shocking revelation of the Shadows Report was that,
based on geographic location, the vast majority of the compromised computers were in India. The
Shadows Report analyzes how the attackers ‘leveraged multiple redundant cloud computing systems,
social networking platforms, and free web hosting services in order to maintain persistent control
while operating core servers located in the People’s Republic of China. The attackers obtained
documents from the Indian government marked ‘secret’, ‘restricted’ and ‘confidential’.

The Chinese are known to use mainly three weapons against Indian networks: BOTS, key loggers and
mapping of networks. These Chinese are reportedly experts in setting up BOTS which is a parasite
program embedded in a network (known as BOTNETS) which hijacks the network and makes other
computers act as per its instructions. The controlled computers are known as ‘zombies’ and are a key
tool in cyber warfare. Therefore, at a selected time, the controller of the BOTNETS will command the
zombies at their will. In other words, there are networks in India which are controlled by China.
Therefore, it is not surprising that a cyber attack on government websites operating out of the Prime
Minister’s Office in March, 2010 was traced to an Indian IP address linked to the ISP Videsh Sanchar
Nigam Ltd. (VSNL).18

Key loggers is a software that scans computers and their processes and data the moment a person
strikes a key on the keyboard. This information is immediately carried over to an external controller so
they know even when the user changes his password. Mapping or scanning networks is done as a
preliminary step to cyber warfare tactics.

The current situation at Doklam can lead to the infamous Chinese cyber attacks that
India has had to endure from a long period of time. It seems likely that China is far
ahead of India in terms of cyber warfare capabilities, and it could try to cripple parts
of vulnerable businesses in banking, finance and other sectors. An American-Israeli
collaboration created a computer worm called ‘Stuxnet’ that was intended to cripple

16
Information Warfare Monitor and Shadow Server Foundation, SHADOWS IN THE CLOUD:
Investigating Cyber Espionage 2.0, (April 6, 2010)
17
http://www.nytimes.com/2010/04/06/science/06cyber.html (last accessed on Sept 22, 2017)
18
PMO tracks cyber attack to Indian IP Address, bdnews24.com, (March 21, 2010)

8
Iran’s nuclear programme – and it did substantially succeed. There is no reason to
believe that China does not have a Stuxnet up its sleeve for use in conflict situations
with India - with plausible deniability.19

3.2 INDIA AND PAKISTAN

The South Asian neighbors have fought three major conventional wars ever since their
birth in 1947, until the end of the 20th century – in 1947-48, 1965 and 1971, and a
smaller war in 1999. At the end of the 20th century, the tension between the two
nations increased to its highest level, as both countries achieved the status of ‘nuclear
weapon states’ after successfully conducting nuclear explosive tests for military
purposes, one after the other.

Cyber crimes reached India on June 3, 1998, when the Indian website owned by the
Bhabha Atomic Research Centre (BARC) came under a cyber attack by a group called
‘milw0rm’. The attack was caused by breaching into the website of BARC and
defacing the same. It was also found that the attackers had downloaded five
megabytes of e-mails and data from the database. 20 In the message that the hackers
left on the defaced website, they had stated that the attack was a response to the
testing of nuclear weapons done by India on May 11-13, 1998.

Initially, it was believed that the attacks were by Pakistani hackers backed by the
Inter-Services Intelligence (ISI). But, after a thorough investigation was made, it was
revealed that hackers were individuals who only had contact among themselves
through the internet, operating under their pseudonyms and that they belonged to
different nations.

19
Blocked at Doklam, What Will China Do Next? India Needs To Be Ready On Many Fronts,
https://swarajyamag.com/politics/blocked-at-doklam-what-will-china-do-next-india-needs-to-be-ready-
on-many-fronts 12 July 2017 (last accessed on 20-08-17 at 1546 hrs)
20
Subject: BARC Hacked! http://ces.iisc.ernet.in/hpg/envis/doc98html/miscbarc69.html , (last accessed
on 26-08-2017, 1130 hrs.)

9
The group consisted of teenagers - VeNoMouS, 18, hailed from New Zealand,
ExtreemUK and JR, both 15, from England, Keystroke, 16, from the US, and
Savec0re, 17, from Russia.21
This was the ice-breaking, which cleared the path for future cyber attacks between
both the countries. Post this incident, in the year 1999, there were four attacks on
Indian cyber networks that were recorded and were found to have their roots in
Pakistan as revealed in the investigation. This count increased drastically to 72 in the
year 2000, and there were also reports confirming seven attacks in 1999 and 18
attacks in 2000 on the Pakistani networks conducted from India.22 In the 21st century,
the first half of 2001 witnessed 150 incidents of defacing of websites on the Indian
side.23

One of Pakistan’s most infamous hacking group – the Z Company Hackers Crew
(ZHC) has a record of attacking 1,846 Indian websites, government as well as civilian.
Other organizations - Pakistani Hackers Club (PHC) whose founder is claimed to be
from Karachi, and the G-Force, which is believed to be consisting of eight members,
is from Lahore24

On the Indian side also, there was the emergence of many groups of which H2O or
the Hindustan Hackers Organization25 is famous among the cyber hacking
community. Another group called Team Nuts did a record hacking and defacement of
57 commercial sites in Pakistan in one day in 2010.26

On November 26, 2010, second anniversary of the 26/11 Mumbai terror attacks,
Indian Cyber Army (ICA) launched an all out attack on 870 27 Pakistani websites, out
of which 34 belonging to the Pakistan Navy were important government websites
such as - Maritime Security Agency, Foreign Ministry, the Chief Minister of Sind, etc.

21
“India: Sahara India Mass Communication,” Rashtriya Sahara, 1996.
22
Iftikhar Alam, “Pakistan India Cyber War Begins”, The Nation, December 5, 2010.
23
Alamzeb Khan, “Pakistan Cyber Warfare and Internet Hacking”, (January 17, 2012),
http://www.simple-talk.com/opinion/opinion-pieces/pakistan-cyber-warfare-andinternet-hacking/
24
Supra note 22.
25
Ibid.
26
Mohit Kumar, 57 Pakistani Websites Hacked By Team Nuts, (December 06, 2010)
http://thehackernews.com/2010/12/57-pakistani-websites-hacked-by-team.html (last accessed on 26-
08-2017 at 1125 hrs)
27
Sandeep Unnithan, “ Inside the Indo Pak Cyber Wars”, India Today, March 18, 2011.

10
The spokesperson for ICA said, “Our objective of launching cyber attacks was to pay
our homage to the martyrs of 26/11,” on Hacker Regiment. In retaliation Pakistan
made a similar attack on December 3, 2010, which was executed by their strongest
hacker group - Pakistan Cyber Army, on 39th anniversary of the 1971 Indo-Pak war
by attacking 27028 Indian websites amongst which the website of the Central Bureau
of Investigation (CBI) was affected the worst. It remained offline for approximately
one month post the attack before it was revoked with immense difficulty. The
Department of Information Technology later found that the hackers were based in
Peshawar and had used an Indian Air Force website as a back gate to enter into the
CBI website, which shared the same database and this became a major security
lapse.29 ICA, in retaliation, attacked and defaced the website of the Oil and Natural
Gas Regulatory Agency (ONGA), on December 4, 2010.

After these attacks, a multi-level meeting was held by Mr. Sachin Pilot, who was the
then Minister of State for Communication and Information Technology, from the
various agencies like CBI, NTRO and National Informatics Centre (NIC) to discuss
the issue.30 Even though the hacking chronicle faded away after the government’s
intrusion, the hacking groups from both countries now claim to have an easier access
to each others cyber networks. “We still own many servers of Pakistan and are
prepared to respond to any attack from the PCA or any other Pakistani hacker group,”
says ‘Disfigure’ a hacker from the ICA.31

RECENT INSTANCES

After the surgical strikes that were carried out by the Indian Army, annihilating
‘terror’ infrastructure in Pakistan, hackers from India have carried out a massive cyber
attack on Pakistan government’s network claiming to have locked its data using a
software called ‘Ransomeware’. Experts in India claim that a hacker, who goes by the
name Vuppala Dhani, has infected Pakistan government’s networks and has taken
control over hundreds of computers. Using a malicious programme, he had made the

28
Ibid.
29
Supra note 23.
30
Supra note 27.
31
http://www.civilspedia.com/2010/12/indiaica-pakistanpca-cyber-army-warfare.html (September 13,
2012)

11
data on the network inaccessible for users. A cyber attack had begun between hackers
from Pakistan and India almost 10 days after the Uri attack that claimed the lives of
19 jawans.32

According to reports, a group of hackers called ‘Pakistan Haxors Crew’ had claimed
that they defaced 7,051 Indian websites. The websites targeted include the official
website of National Green Tribunal and Bihar State Electronics Development
Corporation. To avenge this, Indian hackers locked the computers of their
counterparts in Pakistan. “In order to free their locked data, techies from Pakistan
offered to pay Indian hackers in Bitcoins but the “patriotic” Indian hackers refused to
surrender the decryption key needed to unlock the data” a black hat hacker told the
newspaper. There have been many cases of Pakistani hackers targeting data of
commercial establishments and companies and holding the data ransom until the
companies pay up, usually in the form of Bitcoins. Many Indian hackers have said
that they are ready to launch a massive cyber attack on Pakistan’s cyber space.33

The accounts of about 50 IT companies were attacked by Pakistan-based hackers for

10 days since 17 October, 2016.34 Indian hackers on the night of January 2, 2017
claimed to have hacked Islamabad, Peshawar, Multan International and Karachi
airport website. Not only have they hacked and brought the website down, but have
also injected it with ransomware malware which restricts the owners use of their
website35.

WHY DOES IT MATTER?

32
Sourabh Trivedi, Indian Hackers launch Massive cyber attack on Pakistan govt’s Network, (Oct. 7,
2016)http://www.deccanchronicle.com/technology/in-other-news/071016/cyber-war-indian-hackers-
lock-pakistans-data.html (last accessed on 19-08-2017 1215hrs)
33
Ibid.
34
Jayprakash S Naidu, India needs to counter attacks by Pakistan: Experts,(Oct. 17, 2016)
http://www.hindustantimes.com/mumbai-news/india-needs-step-up-cyber-attacks-on-pakistan-
experts/story-g8UoSzrwrF8ro4LWPf2ABI.html, (last accessed on 19-08-17 at 1220hrs.)
35
Monitoring Desk, India, Pakistan cyber war intensifies, (January 4, 2017)
https://www.thenews.com.pk/print/176619-India-Pakistan-cyber-war-intensifies, (last accessed on 19-
08-17 at 1230 hrs.)

12
While aggression is the only tactic followed by the hacker groups in both countries,
on the contrary, the security providers for the cyber space have always been lacking in
vigilance to provide security to their country’s cyber networks and infrastructures.
According to a cyber security professional working with one of India’s intelligence
agencies, “We once sat down to check the Delhi [internet] Backbone. We found
thousands of systems compromised. All were government systems, Research and
Analysis Wing, Intelligence Bureau, Military Intelligence... we don’t realize how
much damage has already happened.”36

In August 2012, The Indian government was alerted by the exodus after thousands of
people from the northeast gathered at railway stations in various cities all over the
country after being threatened by the rounds of SMS and violent morphed pictures
that were being circulated on more than 100 websites. The SMS threatened the
northeastern people living in various cities in India of a targeted attack on them,
asking them to go back to their homeland, whereas the pictures circulated on the
internet were images of some violent bloodshed. The Government of India reacted
soon on this matter and a 43-page report was prepared by intelligence agencies along
with the National Technical Research Organization (NTRO) and India Computer
Emergency Response Team (CERT-IN) which traced several doctored images to
Pakistan. The origins of these morphed images were later traced back in specific to
Lahore, Rawalpindi and other Pakistani cities by the Indian intelligence agencies.
“From all available forensic evidence, we are fairly convinced that all those postings
came from Pakistan,” said an official of NTRO.

4. SUGGESTIONS AND SOLUTIONS

36
Pierre Mario Fitter, “Stuxnet Attack Wakes India Up to Threat to Critical Infrastructure”, India
Today, September 5, 2012.

13
WHAT SHOULD BE DONE:

BRING IN THE PRIVATE SECTOR: With India’s great soft power skills and
dominant software what is needed is a coordinated, comprehensive and unified policy
that applies to stock exchanges, financial institutions, government organizations and
private companies. It doesn’t matter from where the data is being stolen, what matters
is how quickly the organization learns of it and lets people know so that they too can
take any action they need to.37

WHAT NEEDS TO BE DONE:

There is a requirement to upgrade the legal system of India towards enhanced cyber
laws since its present form is dwelling on the IT Act 2000, IT Amendment Bill 2006
and IT Amendment Bill 2008 which are not competent to cover all types of the
problems in the field that is racing ahead every single day. Finally, there is also a need
to increase the number of cyber security experts and IT security auditors, in which the
country is facing a crisis at present. Currently, the number of IT security auditors
stands at 60 in India.

For India, it is not only Pakistan that endangers its security in the cyber front but there
is always the Red Giant Cyber Dragon – China, which has more of an advanced and
organized form of cyber army, with which it challenges even the United States
through cyber espionage operations like ‘Titan Rain’38. It is believed that the Chinese
cyber warfare policy is based on the ideals of 6th century B.C. Chinese strategist Sun
Tzu regarding, “the art of fighting without fighting”. There have been instances
between India and China where officials in the Indian government have alleged that
attacks on Indian government networks, such as that on the Indian National Security
Council, have originated in China. Fears of Chinese cyber espionage have resulted in
37
Sushil Kambampati, “Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say
No”, (Sept. 21, 2016) https://thewire.in/67398/india-is-unprepared-for-future-cyber-attacks/ (last
accessed on 19-08-17 at 1241hrs).
38
Nathan Thornburgh, “Inside the Chinese Hack Attack”, TIME, August 25, 2005.

14
the blocking of deals with Chinese telecoms, like Huawei, due to their ties with the
Chinese military.39 India’s intelligence agencies have warned about Huawei’s
penetration into the Indian tele-com industry. Their worst fear is that the Chinese firm
could be a Trojan horse, meant to infiltrate India’s network during peace and disable it
through remote ‘kill switches’ during war, through hidden ‘trap-doors’ and malicious
programmes that could then open a channel back to its designers.40 In 2010, the cyber
attacks on the computers of India’s National Security Adviser’s (NSA’s) office, Indian
Air Force and Indian Navy are suspected to have originated from China. In each case,
it opened up several small windows through which classified documents and
presentations were whisked away.

At this juncture, Pakistan’s affiliation towards China is an important factor and this
affiliation can become deadly for India if the two join hands in the future for cyber
offensive operations against India. In order to prevent extreme situations, the
government should take speedy actions to identify the people who are behind these
hacking sagas on the Indian side and rehabilitate those who deserve, and hire those
into its cyber security system. As most of the hackers are teenagers, this act of
converting the ‘Black Hat Hackers’ into ‘White Hat Hackers’ would be the right step
for the government to get its hands on them and mould them. This will not only give a
future to these youngsters but will also create a strong cyber security culture in the
country.

The experts of cyber security in the private sector can be invited to train the
government cyber security professionals and can help in conducting security drills
from time-to-time in the government and other cyber networks of the country.
Extremely efficient and reliable government cyber security civilian professionals can,
in turn, be used to train the Defence cyber security personnel so that not only the
security of the networks is updated but also it helps in a broader perspective of
national interest in the years to come with regard of the national cyber security.41

ROADMAP FOR IMPLEMENTATION

39
Indrani Bagchi, “China Mounts Cyber Attacks on Indian Sites”, The Times of India, May 5, 2008.
40
Sandeep Unnithan, “ Inside the Indo Pak Cyber Wars”, India Today, March 18, 2011.
41
E. Dilipraj, Cyber Warfare and National Security, AIR POWER Journal Vol. 8 No. 3, MONSOON
2013 (July-September)

15
The US Cyber Command, which was created in 2009, had attained limited operational
capability by May 2010 and was fully operational by 2016. China, Russia and Iran
have also created similar structures in 2010. A conservative estimate would suggest
that India's NCSA may take anywhere between six and 10 years to be fully
operational.42 The biggest task is the enrollment of skilled individuals and human
resources needed to sustain the NCSA's operations.

LIMITED OCCUPATIONAL CAPABILITY BY 2020:

There is a requirement for the creation of National Cyber Strategy, that would
potentially outline the broad goals and parameters for NCSA to function. By 2020, the
Policy Wing and the Advanced Research Center of the NCSA can be set up, which
would involve identifying nominees from various ministries, agencies, and
organizations. Given that this stage does not involve additional appointments or
recruitment from new posts, it can be achieved within a few months from the date of
approval of the NCSA proposal. The foremost step towards the formation of
operational nucleus of the NCSA can be made during this period; which would
require reappointing the existing CERT-In and Sectoral CERTs as a part of the
NCSA's Assurance Group. Guidelines to recruit individuals and technical specialists
to the Operations Wing and the ARC should be drafted during this period, and an
initial call for experts may be sent before 2020.43

FULL OPERATIONAL CAPABILITY: 2025 MILESTONE

Full operational capability requires enhancement of the operational core of the NCSA.
The most important task in this regard would be to populate the wings of the
organization with full-time staff. If recruitment guidelines are in place, and
implemented during this period, the NCSA's functioning would be aided by the fact
that the Policy Wing and ARC would already be providing qualitative inputs to guide
operations.44
42
Arun Mohan Sukumar and Col. R.K. Sharma, The Cyber Command: Upgrading India’s National
Security Architecture, Observer Research Foundation (2016)
43
Ibid.
44
Ibid.

16
5. CONCLUDING REMARKS

17
“We worried for decades about WMDs – Weapons of Mass Destruction. Now it is time to worry about
a new kind of WMDs – Weapons of Mass Disruption.”
― John Mariot

Cyber terrorism, in more ways than one, is similar to physical terrorism, and this
conceptual similarity allows to connect from one dimension to another. However,
there are still few differences – one of which is that it is harder to deter to a cyber
terrorist organization, a reason for which is the problem of assigning responsibility of
such attack on a particular entity since there is no physical evidence to sustain such a
claim. This leads to the deterrence of cyber terrorism from the physical one.

So far, what terrorists have accomplished in the realm of virtual world doesn’t seem to
satiate their hunger as the number of such instances have been on a constant ascent
rather than simmering down. In order to meet these attacks head-on and further secure
the nation, India needs around 500,00045 Cyber Security Professionals by 2018, out of
which the current number is 50,000.

If we aim to achieve and sustain a “crime-free” Digital India, what’s required is a two-
fold approach, whereby, on one hand a nationwide campaign has to be run to prevent
attacks - likely through human error and on the other, sensitisation of the law-
enforcing agencies on cyber laws is of utmost importance.

What the country requires to tackle the menace in the cyber domain is a strong,
structured and unopposed policy that could be applied to every institution in the
nation – ranging from government organisations and financial institutions to the
private enterprises. As long as the organisation learns quickly about the attack and
takes the reins, successfully controlling the situation under any given circumstances, it
won’t matter where the data is being stolen from.

45
Kaushik Deka, Is India ready for a Cyber War, India Today, p.38, September 11, 2017

18