• 21 November, 2024
Foreign Affairs, Geopolitics & National Security
MENU

India-China Cyber Asymmetry: Act Now

Commander Sandeep Dhawan (Veteran)
Thu, 29 Apr 2021   |  Reading Time: 9 minutes

India-China Cyber Asymmetry: Act Now

This is a regular working day in Mumbai, India. The lines outside the ATMs and Bank tellers are getting serpentine, and people are losing their patience, the banking servers have crashed. In a short while stock market Servers crash, and airlines & train bookings are not accessible. Airliners in the air and trains on the tracks are running amuck without any controlling, without signals. Almost every online economic activity has ceased to exist, and slowly it starts spreading across the nation. In a short while, mobile services stop, emergency response systems crash, and water supply to the Mumbaikars stop. Then comes the worst news, the power grids have crashed. The financial capital of India is a dark patch on the mother earth, incommunicado; inaccessible, spiraling down the labyrinth. India is under attack, and the attackers are invisible.

The scenario is very scary and is not from any Sci-Fi movie. Some of it has already happened in the past. The rest of it could be very much possible in the near future, in any city, in any country, across the globe. Are we, knowingly or unknowingly inching towards a very different kind of war? ‘The Cyber War’ – are we ready for it?

Denial has not helped India

Now, this is a real scenario, which took place on 12 Oct 2020 at 10.10 a.m. in Mumbai. The 400 KV Padgha-Kalwa transmission lines that supplies power to Mumbai, tripped. Life in Mumbai came to a grinding halt. Later on National Critical Information Infrastructure Protection Centre (NCIIPC) informed that this was a cyberattack by the Chinese state-sponsored group, Red Echo. It used malware ‘Shadow Pad’ targeting the Indian Power sector’s Regional Load Dispatch Centres along with State Load Dispatch Centres. Similarly, on 30 October 2019, Tamilnadu-based Kudankulam Nuclear Power Plant’s IT network was hacked by supposedly North Korean hackers.

Both are worrying trends. Authorities immediately went into ‘denial mode’ initially and then followed by ‘the attack was ineffective’ mode. The Chinese PLA Unit 61398, APT41, APT22, and some other groups from North Korea are known to systematically target and sabotage Indian defence and offence mechanisms. It is also public knowledge who controls North Korea, externally.

Recent remarks by Chief of Defence Staff General Bipin Rawat on Chinese capabilities are the first admission by any high ranking government official,

“We have been a little slow on the start, therefore over the years, a capability differential has come in. Most important, where the biggest differential lies, is in the field of cyber. We know that China is capable of launching cyber attacks on us, and that can disrupt a large amount of our systems.”

India has not been slow; rather India has been in slumber. China started showing its hideous side from the beginning of the new millennium; however serious cyberattacks began in 2007. China mounted daily attacks on government and private networks in India. These attacks were far more sophisticated than normal hacking. There was a method in the madness. They were studying the Indian systems.

India has been doing piecemeal efforts to resolve a very complex issue. It created Defence Cyber Agency (DCA) in 2019. DCA is a dual-purpose agency. It is tasked to fight virtual wars in the cyber dimension as well as formulate a doctrine of cyber warfare. Towards the end of 2020, the Indian Army created Director General of Information Warfare under the Deputy Chief of Army Staff, Strategy. This curate’s egg with a plethora of other agencies was no answer to Chinese capabilities. Nostrum of half-hearted Indian efforts along with lack of one single central authority is outright insufficient and ineffective.

China’s Strategic Support Force: A Conjuring or Real Threat

China started paying serious attention to cyber warfare in the 90s when it was known in a more simplistic term the “information warfare”. China had closely studied the United States and how its military had benefited from the application of high technologies in the Gulf War, Kosovo, Afghanistan, and Iraq. China realized the importance of information technologies and the critical role it will play in future wars.

Beginning in 2013, there was a flurry of activities in China. These activities were centered on a well-thought-out strategy. China’s kairos moment came in 2015 with the advent of the People’s Liberation Army (PLA) Strategic Support Force (SSF). This force was called a “new-type combat force” which was designed to leverage space, electromagnetic, and network capabilities for joint operations across multiple domains of conflict threatening key nodes of enemy’s combat systems.

The main role of the SSF was jointmanship, providing an “information umbrella” to land, sea, air, and missile force operations, which is crucial to China’s expanding hard power as well as its commercial and strategic interests.

The widely known cyber unit of PLA is the Second Bureau of the Third Department, Unit 61398. This unit consists of the most experienced and competent IT specialists, electronic engineers, mathematicians, and linguists. Most of them are English speaking. Its main headquarters is in Shanghai. Unit 61398 is not just a typical conventional unit, rather it implements the decision undertaken by the Chinese Communist Party, who to attack and where to attack in cyberspace.

Where does India Stand

As per cyber security company FireEye Inc., India is the 5th most targeted country by China. Speaking to ‘India Today’ magazine this information was further explained by Antara Ghosal Singh, a China expert and a research associate at Delhi’s Policy Group. She said, “Cyberspace is an area where we need to beef up our preparation. China believes that the level of PLA’s electronic warfare is “world-class” and that it has an edge over India in this realm. Therefore, organizing cyber attacks to destroy the command network, air defence network or radar network, air command network, etc. of the Indian armed forces at all levels, are very much part of PLA’s action plan in case of a major conflict.”

 

Courtesy: insightful

 

National Cyber Power Index, is an annual list prepared by Belfer Center for Science and International Affairs. The 2020 list puts India in a very tight spot. In the list of 29 countries, India was lowly 21. Another list, the Cyber Capability Index, puts India at number 26.

India ranked 12th in Norms, 15th in intelligence, 19th in commercial parameters, 24th in the Defence category, 26th in surveillance, and 29th in Control. In addition to India, 12 more countries haven’t built offensive cyber capabilities. It was sad to note from the whole study that even the intent to build such capabilities is also missing.

Two Asian powerhouses, India and China, had similar GDP per capita in the early 80s and India was a rising IT power of the 90s. Today, China is in the top 5 for every single objective in the index prepared by the Belfer Center. In the last decade, China has invested heavily in the research and development of technologies. These results not only reflect China’s dominance in cyberspace but also highlight the significant gap in capability between China and India in most areas. It is also noteworthy that China was nowhere among the top ten, in the Cyber Power Index till 2011.

 

Courtesy: insightful

 

India spends just 0.65% of its GDP on R&D and innovation compared to other economies who spend 1.5-3.0% of GDP. This neglect over a period of time has left India far behind. Even countries like the United Arab Emirates, Vietnam, Malaysia, and Singapore have become more capable cyber powers compared to India. Today the top ten dominant cyber powers are the U.S., China, U.K., Russia, the Netherlands, France, Germany, Canada, Japan, and Australia.

 

Powerful offense may not be good defence

Force India magazine’s editor Pravin Sawhney in a recent YouTube program stated that in cyberspace only offensive posturing works and not defensive posturing. His line of thinking is incomplete. A cyber expert and Senior Colonel of PLA, Li Daguand, stated the principle that “the best defense is a good offense is not favorable in cyberspace.” He states, “after the first round of a cyberattack, the targeted side can respond with a precise counter-attack as long as it has a strong defense. The attacker will then suffer unfavorable outcomes if its defense is not good enough. From this perspective, it is wiser to make efforts in building up a strong defense, then only you can take offensive action.”

Poor defensive mechanisms have costed India dearly in the past. I have written about this, and I reiterate that,

“the crash of the Vikram lander while landing on the dark side of the moon was not a scientific failure. It could have been a ‘Logic Bomb’ inserted by our adversaries, which activated during the lander’s descent and force it to crash.”

China has voracious appetite for your data

In April 2020 Forbes magazine reported that some of the security experts have discovered that the Redmi Note 8 smart phone observes and transmits much of data to remote servers hosted by the Chinese tech giant, Alibaba. It records all the websites visited, search engine queries, folders opened and every item viewed on a news portal, etc. That tracking appeared to be happening even in “incognito” mode. India is one of the biggest markets for Chinese smartphones.

 

Top five smartphone companies in India: insightful

 

Another worrisome aspect is network and telecom equipment, as well as wifi routers. Most of these types of equipment are often made in China. Many backdoors have been found in Chinese telecom equipment (Huawei and ZTE), which give access to Chinese state-backed attackers. This data has immense use in commercial and defence-related activities.

 

Imagine not only Indian industries but defence organizations and every individual in India using Chinese equipment is at the mercy of the Chinese Communist Party. I am sure the Ministry of Defence is keeping this aspect in mind while procuring such equipments

What should India do

Keeping in mind India’s present status of cyber defence, it would be prudent to decouple critical defence and civilian infrastructure from the open network till the time right defensive and offensive cyber systems are in place. After all, even Pentagon was dissuaded from networking the nuclear weapon systems to the Columbia-class ballistic missile submarine and B-21 Raiders.

As a general rule, Indian armed forces should purchase the simplest possible tools to fulfil the intended tasks. If the forces can achieve a task without giving enemy cyber-warriors a point of entry, then they should persevere that option. High tech weapon systems must carry out a specific task better than the low-tech alternative, offset consequent cyber vulnerabilities and additional logistical burdens. The forces should reject any system that fails these tests.

 

Courtesy: insightful

India should work on the following:

  • Establish a Central Cyber Command as soon as possible.
  • Disband or merge all existing institutions with Central Cyber Command.
  • Lay down clearcut military and civilian targets in China and other rogue nations.
  • Countries like China implement domestic surveillance vigorously. China still uses HTTP since ‘Great Firewall’ and Hyper-Text Transfer Protocol, Secure (HTTPS) along with Transport Layer Security(TLS) do not go hand in hand. This leaves a back door open for exploitation. To name a few organizations using HTTP and available for exploitation:
    • People’s Liberation Army Navy
    • Chinese Central Government’s Network
    • Ministry of Foreign Affairs
    • United Front Work Department of the CCP’s Central Committee
    • Bank of Jilin
  • Prepare for the offence on China’s economy and nuclear infrastructure but lay low till foursquare defence is in place.
  • Spell out and disseminate threshold level, crossing which lethal offensive action against the perpetrators would be initiated.
  • Without effective cyber systems in place, the proposed ‘Theatre Commands’ would remain on paper
  • Last but not least, prepare to fight the next war without GPS.

ACT NOW

“A great deal of intelligence can be invested in ignorance when the need for illusion is deep.”– Saul Bellow

The former head of the Communications Department of Chinese General Staff General Xu Xiaoyan had openly adumbrated China’s great power ambitions in 2014. He stated, “China needs a network confrontation technology – intercepting, utilizing, corrupting and damaging the enemy’s information and using false information, viruses and other means to sabotage normal information systems functions through computer networks”.

Alas, we chose to ignore similar messaging from uppity Chinese President Xi Jinping. The urgency for India to up the ante in the cyber domain has never been so real. The last hacking of the Kudankulam Nuclear power plant was restricted to the ‘information technology’ (IT) side, but when it would cross the ‘air gap’ and move to the ‘operational technology’ (OT) side is just a matter of time.

Jeremy Fleming, director of the British spy agency GCHQ, cautions while speaking at Imperial College London, “The West must urgently act to ensure China does not dominate important emerging technologies and gain control of the global operating system”. There is an urgency in his lecture, where is our urgency?

 

References:

  • insightful.co.in/2020/04/28/beware-the-war-is-getting-uglier
  • medianama.com/2019/10/223-india-defence-cyber-agency-part-2/
  • wired.com/insights/2015/01/is-cyber-terrorism-the-new-normal/
  • brookings.edu/research/china-as-a-cyber-great-power-beijings-two-voices-in-telecommunications
  • belfercenter.org/publication/national-cyber-power-index-2020/
  • cloud.mil/JEDI-Cloud/
  • c4isrnet.com/congress/2021/04/16/senators-push-quantum-computing-at-dod
  • ndupress.ndu.edu/Portals/68/Documents/stratperspective/china/china-perspectives_13
  • indianexpress.com/article/india/china-has-capability-to-launch-cyber-attacks-cds-general-bipin-rawat-7263541/
  • carnegieendowment.org/2019/04/01/what-are-china-s-cyber-capabilities-and-intentions-pub-78734
  • rand.org/content/dam/rand/pubs/monographs/2009/RAND_MG877
  • inc42.com/features/the-anatomy-of-cyberwarfare-is-india-ready-to-take-on-china/
  • drive.google.com/file/d/1ryMCIL_dZ30QyjFqFkkf10MxIXJGT4yv/view
  • c4isrnet.com/show-reporter/c4isrnet-conference/2021/04/22/navy-to-test-potential-for-information-warfare-cells-at-maritime-operations-centers/
  • worldscientific.com/doi/pdf/10.1142/S2630531319500021
  • valentinweber.com/https.html
  • forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/?sh=78ce094f1b2a

Author

 

SD

A veteran of the Indian Navy, Cdr Sandeep Dhawan served in the Navy from 1988 to 2009. He was a Maritime Reconnaissance Pilot and a Flying Instructor. He is a geopolitical analyst and writes for the various online websites and organizations.

 

 



Disclaimer

The opinions expressed in this article are the author’s own and do not reflect the views of Chanakya Forum. All information provided in this article including timeliness, completeness, accuracy, suitability or validity of information referenced therein, is the sole responsibility of the author. www.chanakyaforum.com does not assume any responsibility for the same.


Chanakya Forum is now on . Click here to join our channel (@ChanakyaForum) and stay updated with the latest headlines and articles.

Important

We work round the clock to bring you the finest articles and updates from around the world. There is a team that works tirelessly to ensure that you have a seamless reading experience. But all this costs money. Please support us so that we keep doing what we do best. Happy Reading

Support Us
Or
9289230333
Or

POST COMMENTS (40)

Indian

Nov 20, 2021
Sir, I have been following your articles since almost 3 years now. I am just an ordinary common man, but I suppose it's high time that Indian defence forces should have a dedicated Cyber offensive Wing, not just to find who is doing what, but to have have coordinated Cyber attacks on rogue countries affecting India negatively. This will boost the internal Cyber security, while also show to the world that India is a not a lame duck any more. There are now several countries like US, Russia, China, Israel, Japan, Norway, New Zealand, North Korea..so why not India.

Anurag Chandra

May 22, 2021
Thought provoking. The asymmetry between our and China needs to be bridged. It is not that we do not have people with the skill sets required. It is more an issue of national will to create these capabilities.

Gautam

May 22, 2021
A very well written article. Good insight I the current scenario.

Bijaya Dash

May 09, 2021
Thanks again Nicely collated......there should be certain decisions that any political party in power can't overrule.... specially related to national security....for example certain political establishments had completed disengaged the talented intelligence officers and even punished a few to drive their party agenda and rein control...but then do we need some dictatorial approach to implement certain national interest...?

Mishika Raj

May 07, 2021
Thanks for sharing well-researched information on this topic. As there is a shortage of highly skilled professionals in this field, it is crucial that we as a country set up a strong foundation to combat cyber threats.

Nanda

May 06, 2021
As ever, Commander, you offer a detailed description of the current state of the problem at hand along with a sensible array of solutions. Thank you for being one of the ‘grown-ups’ in the room.

P k sharan

May 06, 2021
The article brings out our vulnerability in this important domain so well. And it is so necessary to put systems in place post-haste as suggested in this write-up. Very topical and not a day early. Well done , Sandeep once again.

Jas Dhali

May 05, 2021
Sandeep, Par Excellento as always. Very aptly written. We must wake up, be alive to the situation and act NOW. In-depth study.

Yati Raj

May 05, 2021
Thank you for sharing uncle! It was a highly informative read . India is very vulnerable to cyber attacks, its high time the government prioritizes it and comes up with strong policies to curb future attacks.

Marilee Wein

May 03, 2021
Ouch! That abject disparity was unexpected.

John P McQuary

May 02, 2021
Do you believe that an electromagnetic pulse (EMP) attack would be used in conjunction with a significant CCP cyber attack? On another happy note, we should have no doubt about ChiComs willingness to go from ' jump' straight into biological warfare (clandestinely if possible) as witnessed by nCOVID-19.

Wendell Bruges

May 02, 2021
Commander, you always surprise me with your in-depth knowledge, spread over a plethora of subjects. Your research is impeccable and succinct. Your articles are getting increasingly popular among my circle and many times I get the link to your articles from other sources on SM. That shows your ever-increasing reach and popularity. Keep up the good work, and more power to you.

Rajesh Dhawan

May 01, 2021
I have read the article. It has lot's of content and information. The facts and incidences quoted given by you are right but the inferences derived may not be 100% right. This government is very much aware of the situation. There reaction is slow by it is there. The way this government has taken decision in last one year against Chinese business in India, it is giving fruits now. Like in our Tyre Industry, it is almost total ban from China and due to that Indian Tyre industry is booming. In all Government tenders they have put the condition that companies participating in tender and having boundary common with India has to take prior approval from Indian Government, which they don't give. That way they are not allowing Chinese companies to participate in Indian Government tenders, including infrastructure, military and Cyber. Government will extend it further to private companies like Tyre and toy industry, I know it is happening. You will see very soon good results. China knows what India can do. More China poke India ,more India will gain strength. This Covid has put in hard position on unitizing it's resources but it is bringing out more opportunities for us to work upon. One more difference. India being democratic country cannot impose anything on the public for good to the nation. Whereas, China being non democratic can do anything. China will compete to see that India should not come up but She will not destroy India as rest of the world want that India should survive to be pitched against China. I believe in positivity out of every negativity.

Vinod Nikkam

May 01, 2021
The fact that India is still ignoring this facet of warfare is surprising and will come at a great cost. The asymmetry in cyberwarfare increases geometrically with time. Just like the asymmetry in economy. And like the economy we have a long way to go before we can catch up with China. Even if we start today!

Sandesh Pathak

May 01, 2021
A precise commentary on the state of affairs. My congratulations sir! The quote on wars beginning in the minds of men, which has found its way from the Vedas to many a high plaque, might as well read - 'Since wars will begin and end in cyberspace, it is here that the defences of peace and the weapons to instruments to assert our will need to be constructed' . Made for an informative read. Thank you!

Rajeev

May 01, 2021
Sandeep, another insightful paper from you and it comes at probably just the right time. Any further delay in action by the Govt could leave India far behind the leading nations in cyber security. And, that is not for want of talent.

JJ

May 01, 2021
Cyber-Vourism, the Next, Very well analysed and presented. No doubt every aspect should not be computer controlled to avoid jamming and hacking. Old school but sure if it works. But yes spending and progressing R&D has to be at forefront. Great Read.

N K Lohani

Apr 30, 2021
Sandeep, it's a treat reading your articles which are always well researched, concise and to the point. Although, India lags in the field but given it's plethora of IT talent, a focussed leadership in this field is what that is desired.

Sukhjit

Apr 30, 2021
Very well written article. The problem with India is not lack of talent but lack of able leadership, where anyone without any defence inkling can become defence secretary or minister what can one expect

P K Misra

Apr 30, 2021
Very well written article. It is the need of the hour to scale up our Cyber security urgently. Many incidents have been quoted by the author, which ring an alarm bell. They must be actioned with careful planning.

Shaunak

Apr 30, 2021
My regards Cdr. Sandeep Dhawan A new perspective to conflicts and the grave shortcomings of our country in these aspects. An eyeopener. Very insightful and frightening. Please accept my congratulations on such detailed and researched article. 🙏🏻

Clarence carvalho

Apr 30, 2021
A wake up call which we need to heed.

Clarence carvalho

Apr 30, 2021
A wake up call which we need to heed

R Dalal

Apr 30, 2021
Without doubt another wake up call to the Indian system to take a step in the right direction.

Ajit

Apr 29, 2021
Very interesting and well researched peice...surprising that our armed forces let so much of assymetry creep up. With our fairly robust IT industry and capable manpower, it should be possible to get ahead in a short time.. provided necessary impetus is given by our leadership. Hope your article will give a nudge in the right direction! Great read👍

Narinder

Apr 29, 2021
A great insight into likely cyber warfare that India could face. A sample of the same has already been experienced by the country. A serious wake up call for India and the Government needs to urgently think on recommendations listed in this article. Thank you very much Sandeep. As usual a very informative article.

Deovrat Pagay

Apr 29, 2021
Any nation which can excel in 5G, Electromagnetic spectrum mgt, Robotics, Nanotechnology & Cyber prowess will call the shots in future! This article is a wake up call for our leaders… please take notice before it’s too late… Thanks for the insight Sandeep!! Kudos…

B Raja

Apr 29, 2021
Great write up! The thing about you writing is; that is meant for everyone. While volumes of material can be self researched, but putting it in just the number of words you do, deserves kudos. I'm certain, that even vertical specialists will accept the well rounded presentation of you views. You have, by being specific, about the rather belated efforts have not spared the the powers that be! It is shocking, that despite a approx 40 year warning by Alvin Toffler, we are (visibly) completely out of depth. Today, the appreciation of the generally aware common man on the subject too is adequate. This shall bite us deep. And, given the universal acceptance of the impervious nature of the 'Great Firewall' : even belief in the world's countermeasures may fall short! Once again. Kudos.

Brian S Thomas

Apr 29, 2021
Brilliant article,as always by one of my colleagues who is an expert in researching China. Just brings out the fact that,as a nation, India is excellent at all the wrong things. Being asleep at the wheel,dragging their feet,putting the cart before the horse,having tunnel vision closing the barn door after the horse has bolted etc etc etc. One can go on with the clichés and metaphors. Whether it is dealing with the awakening red dragon on all fronts or getting people vaccinated at home before giving away vaccines to other nations, India is always a day late and a dollar short. Hopefully, Captain Dhawan's articles resonate in the corridors of the bloated bureaucracy that is endemic in India and folks will realize that we need to wake up and smell the chow mein before we are conquered again.

Jpchitkara

Apr 29, 2021
Excellent article.

Rammohan Oka

Apr 29, 2021
Well researched and thought-provoking article 👏

Raman

Apr 29, 2021
The inaction in spite of such spot on advice from house experts is seriously alarming. Hope your words reach the right forum and shake the right tree.

Sanjeev Amrit Nayyar

Apr 29, 2021
Article is comprehensive and covers threats well. Must read. GOI must realize that China and Pakistan are India's adversaries in every possible field and pro actively plan accordingly.

Joseph Mathew

Apr 29, 2021
A well written article on a topic of immense importance. It is time our political leadership wakes up to the threat.

Cooper

Apr 29, 2021
Very well researched and written Paper. Great work Sandeep

Gp Capt Ravi Kudari

Apr 29, 2021
1. Very well researched article. 2. Needs to be read and discussed by policy makers, ITs, defence, heads of govt to take adequate timely precautions to stay ahead. 3.

Pravin Kumar

Apr 29, 2021
Good work dear Sandeep as usual by you. The article may initiate some awakening to those who are entrusted with this responsibility. Meanwhile, a comprehensive awareness programme and public cyber ethics may contribute greatly. You remember, "SWACHH BHARAT ABHIYAN ", something on those lines- viz "Safe Bharat Abhiyan" or "Cyber safety- Public Safety " etc. NCC, youth org, govt departments, PSUs and pvt companies have to be part of this nation wide awarenss campaign and all stakeholders have to develop Cyber ethics and follow it ruthlessly. Merely making law will have ltd effects but once a culture is developed ie "public cyber ethics", I think the massive disruptions could be averted.

Rdhawan

Apr 29, 2021
Very interesting and informative. Thank you.

Ashit Patel

Apr 29, 2021
A harsh reality of life which will only become worse with an ostrich head in the hole approach A well researched paper which will hopefully open eyes

Dhirender Gaur

Apr 29, 2021
It so enriching! Very Insightful. It the resin I keep looking forward to your blog. Hope GOI strategist would take advantage out of this.

Leave a Comment