As per an estimation of the National Security Council, China, with its 1.25 lakh cyber security experts, is a potential challenge to India’s cyber security. In humiliating contrast, India has a mere 556 cyber security experts. At stake is India’s US$ 2.1 trillion GDP, power grids, telecommunication lines, air traffic control, the banking system and all computer-dependent enterprises.
India and China’s cyber security preparedness is a striking study in contrast. India is a reputed information technology-enabled nation while China struggles with its language handicap. India, with a massive 243 million internet users, has digitized its governance, economy and daily life on an industrial scale without paying adequate attention to securitize the digitization plan. In the digital era, national security is inextricably linked with cyber security, but despite being the single biggest supplier of cyber workforce across the world India failed to secure its bandwidth and falters to detect the simplest of cyber crimes, which often leads to devastating consequences.
Chinese Cyber Agenda
China, with a colossal 640 million internet users, owns a large army of cyber security professionals, possesses extensive control over its internet, and employs patriotic and mercenary hackers to confront its rivals including India. Chinese professional call ‘network security’ (wangluo anquan) what the world calls “cyber security”. China achieved cyber security prowess early because Chinese computers themselves were under severe cyber espionage.
The Chinese Ministry of Public Security considers China as the largest victim of cyber-attacks and response to such attacks, Chinese experts felt, cannot be defensive. It is worth noting that China’s warfare policy is based on what Mao Zedong called ‘active defence’ doctrine under which ‘China strikes only after the enemy has struck, but will employ offensive operations at all levels of war and at all stages of conflict’.
Global cyber hackers targeted Chinese installations to which China had to retaliate and in the melee, India became a collateral Chinese target. China prepared its institutions and generals to not only counter cyber-attacks but also to adopt an offensive posture. The Chinese Academy of Military Sciences declared that an internet tornado had swept across the world and Chinese military could not be passive in the internet war.
Soon Chinese hackers retaliated and hacked into Barack Obama’s campaign computers in 2008. President Obama not only admitted the hacking of his computer data but informed that his rival John McCain’s data were also stolen. The FBI detected the theft and warned both campaigns, which took some defensive steps. But what is nightmarish is: What would have happened had the Chinese hackers destroyed the data?
Media reports suggest that Chinese hackers targeted India’s foreign and defence ministry’s data. However, these are misleading reports since Chinese hackers are primarily trying to destabilize India’s economy.
If Chinese hackers managed to destroy India’s bank data, there would be financial chaos. As per the Reserve Bank of India, India’s banking system is worth $190 billion, ranking it third largest among the BRICS countries and 15th in the world. A financial disruption wouldn’t allow people to get their money, know whether they had it or if they had made payments. Money in the modern world is just an entry on a computer rather than gold and hard currency. Chinese hackers could ruin India without firing a single bullet. A rough estimation tells us that every year India is subjected to US$ 4 billion loss due to cyber attacks, a majority of which originate from China.
In its 2013 White Paper titled ‘The Diversified Employment of China’s Armed Forces’, China reiterated its stand to protect its national security interests in outer space and cyberspace. The Chinese political leadership has taken direct charge of the country’s cyber security as President Xi Jinping and Premier Li Keqiang have decided to head the Security and Informatization Leading Small Group, an exclusively network security structure. In 2014, while addressing the first meeting of the committee, President Xi Jinping clarified the importance of network security to the Chinese political agenda.
India’s Cyber Naiveté
India’s inertia to induct cyber security as an essential element of national security and growth is tremblingly palpable. Cyber security is less debated, sporadically written about, and rumoured at best in India. Because of this apathy and despite India’s grand stature in the cyber world, India is vulnerable to the cyber snarls of China and other countries.
With its archaic governmental architecture, India is still in expansion mode with little time spared on digital security. One of the significant reasons of India’s inertia is its lack of understanding and appreciation of the gravity of cyber security. Added to that, despite being a proclaimed land of young people, India’s age-old lamentation for its youth is one of the vital stumbling blocks to adopting a strong cyber security policy. For example, the Narendra Modi-government appointed expert group ‘to prepare a roadmap on cyber security’ is comprised of aged professors and busy bureaucrats who cannot keep pace with the speed, agility and thought of modern-day hackers. China and all other countries’ cyber security, on the other hand, rest in the hands of their young cyber experts.
Prime Minister Modi might be a cyber wizard but the country’s political apathy to cyber security is blatant. While the Chinese President and Prime Minister have been involving themselves directly with the cyber security initiative, no political figure in India has ever shown the slightest interest in securing India’s cyberspace.
The Ground Zero Summit, which is considered as the Mecca of India’s cyber security debate and an earnest endeavor of cyber security professionals, failed to get a single political figure to deliberate on the issue. The lone reluctant political participant, former army-general-turned-politician Gen. V.K. Singh addressed the gathering through video conferencing. Prime Minister Modi talks about Digital India and the next wave of internet growth will have to come from vernacular users who would be far more vulnerable to cyber-related deception than their city-based English-speaking counterparts.
The apathy of aging politicians and bureaucrats stem from the fact that this new field is dominated by twentysomethings with cans of Diet Coke and a constant chat history with their girlfriends. India is delaying the rightful prestige to its young cyber security professionals at its own peril. China, US, Israel and even war-torn Syria has long been cherishing the ability of its young cyber professionals.
India’s vulnerability to Chinese cyber attacks could be judged from the fact that a colonel rank officer from People’s Liberation Army informed Swarajya contributing editor Ramanand Sengupta that India’s cyber infrastructure to protect its stockmarkets, power supply, communications, traffic lights, train and airport communications is so ‘primitive’ that can be overwhelmed by the Chinese in less than six hours. So if there is a second India-China War, India’s adversary does not need to send troops to the trenches of the Himalayas but to ask its cyber warriors to cripple India’s security infrastructure from their cool air-conditioned computer rooms.
India is nowhere in the cyber war that has engulfed the globe. India’s response to such a critical situation is a timid National Cyber Security Policy that the government circulated in 2013. There is no national overhaul of cyber security and the Indian Computer Emergency Response Team, the statutory body to look after cyber attacks, has little critical strength or capability. Its endeavour to recruit young talent and meaningfully engage them is still to take off. After the 2013 National Security Council note that exposed India’s cyber security unpreparedness, the government decided to augment infrastructure and hire more professionals. However, what is required is a strategic vision to ensure stealth in India’s cyber security and a political conviction to plug strategic vulnerabilities.
The National Technical Research Organization has regularly been alerting successive governments about the danger from Chinese cyber attacks. India cannot afford to be passive and unresponsive because if it does not not act now, by the time a sophisticated cyber-attack happens, it will probably be too late to defend against it effectively.
India’s immediate requirement is to understand the impending cyber security threat from China and build better network filters and early warning devices and add new firewalls around computers that run the Indian economy and regulate vital civil and military installations. But in any battle the attackers are always embedded with all advantages from choosing the battlefield to deciding the time of war to the choice of instrumentalities. Poor defenders end up defending an attack that they even cannot imagine.