Cyber attacks will continue, so we need to be prepared

The last time the world woke up to the deviousness and sweep of cybercrime, was when the employment of Stuxnet and Duqu, the hacking of Tibetan exiles by GhostNet, the international cyber-espionage ring known as the Shadow Network and others, began to pose an existential threat. What Stuxnet did in 2010 was stupendous. It managed to infect a physical manufacturing plant — an Iranian uranium enrichment facility — and make it malfunction. Iran’s faceless adversary — with broadly dropped hints at the United States and Israel — made use of only one cyber virus — to cause machines to break down. The assumption is that if the Iranian facility at Natanz was vulnerable, so can be the electric grid in New York.

We could cite at least three wars in which cyberspace could have played a key role — Kosovo, Afghanistan and Iraq, respectively — waged by the US, but they happened to be countries with minimal presence in cyberspace. This power asymmetry, going by the furious pace at which technological advances are being made, is liable to be bridged sooner rather than later, for the simple reason that space and information operations have become the backbone of networked, highly distributed commercial civilian and military capabilities. No state can afford to turn its back against the imperative of protecting critical information infrastructure from disruption, either physically or through cyberspace, necessitating it to develop offensive information operations and be compelled to devote resources to it.

We are yet to identify the programmers at work responsible for the spread of the “WannaCry” ransomware but the sheer wave of cyber attacks it has spawned managing to hit 2,00,000 computers in 150 countries, raiding alongside communication systems in the US, Russia, Britain, Spain, India, Taiwan, Ukraine and more, gives an idea about its sweep. Its clients (or victims), by no means, come from the unwary Luddite fold, varied as they are such as the British National Health Service (NHS) hospitals, the Russian interior ministry, the US delivery firm FedEx, the Spanish telecom giant Telefónica, the French automaker Renault and universities and healthcare institutions in almost all countries of Asia.

Where lies the risk? According to Internet World Stats (a company that compiles this data), in 1995 there were roughly 16 million Internet users. In December 2011, the number of Internet users exceeded 2.2 billion, more than 30 per cent of the world’s population, while by March 31, 2017 it rose to over 3.7 billion constituting some 49.6 per cent of world population. A greater percentage of the world’s economy has shifted base from physical media, or older electronic media such as telephones and telegraphs, gravitating towards public Internet, private or semi-public Internets. The heightened risk is the theoretical access to systems like power plant controls, previously inaccessible to persons off-premises, or to self-contained networks, such as those that transfer money, through a grid of public networks such as the Internet or the international phone system. Quite naturally, there is greater room for foul play without a proper security system in place. Two years ago, inaugurating “Digital India Week” in New Delhi, Prime Minister Narendra Modi articulated global worries over cyber security: “Somebody, with education of 10th or 12th class, sitting thousands of miles away, can clean up your bank account with a click of mouse.” After the recent ransomware attack, it is legitimate to feel worried about the database of over a billion Indians possessing an Aadhaar card in 2017.

Not that the National Technical Research Organisation, the Defence Intelligence Agency, and the Defence Research and Development Organisation are not up to the task of a blueprint formulated by the Indian government way back in August 2010 to develop capabilities to break into networks of unfriendly countries, set up hacker laboratories, set up a testing facility, develop countermeasures, and set up computer emergency response teams (CERTs) for several sectors. But that cybersecurity can never be off the radar of our strategic thinking is evident from the fact that in that year itself hackers from the Pakistan Cyber Army (PCA) defaced website belonging to India’s Central Bureau of Investigation, supposed to be one of the nation’s most secure. Only last year, one of the biggest data breaches in the country triggered the replacement of about 3.2 million debit cards issued by Indian banks, with advisories being sent to their holders to change their PINs to avoid fraud.

The possibility of cyberattack is real going by the raging debate surrounding whether an apparently innocuous information-gathering operation mounted by Russian hackers morphed into an effort to “trump” Hillary Clinton, over her opponent Donald J. Trump. The debate is not going to die out soon. We now have to brace ourselves for what the defence experts keep warning us — airliners colliding in mid-air when air-traffic controls get compromised, financial chaos with banking computers going haywire, or the shutting down of power grids or imagined case scenarios like China striking at Taiwan by managing to interrupt US reconnaissance satellite coverage for just 30 minutes — hypothetical wars of the future for centuries. We cannot brush aside such les guerres imaginaires, or wars of the imagination, as bunkum.

Think about Julian Assange and his transformation from an anonymous hacker to one of the most discussed people in the world — reviled, celebrated and lionised on the one hand, while being sought-after, imprisoned and shunned on the other — from being a marginal figure invited to join panels at geek conferences to his regression in becoming America’s public enemy number one. The jury is still out if he is a media messiah or a cyber-terrorist. Without making a technology available to the few who would do evil, we cannot make the technology available to the many who would do good. As cyberwars would continue to be waged, the price that we must be ready to pay for our liberty is eternal vigilance.

The writer is a social commentator based in Kolkata