Russia-Ukraine: India Should Prep for Cyberwar, China Might Be Taking Notes
India's cyber defence is lacking. China might be taking notes on the hybrid model of warfare that Moscow is using.
On Thursday, 24 February, Russian President Vladimir Putin launched an invasion into neighbouring Ukraine under the garb of a 'special military operation', wresting control of the Chernobyl nuclear plant amid reports of explosions and air strikes.
Ukraine's President Volodymyr Zelenskyy informed that 137 died in the first day of the Russian invasion. It could be the start of a full-scale war.
But a different kind of war is already underway. The websites of Ukraine’s ministry of defence, the army, as well as the interfaces of two major banks were affected on 15 February, in one of the biggest cyber attacks the country has ever seen.
Ukraine’s Minister of Digital Transformation Mykhailo Fedorov told a press conference that the key goal of this attack was to destabilise, sow panic, and create chaos in the country.
The cyber offensive doesn’t seem to have stopped.
“It was a tough night in terms of cybersecurity of Ukraine. We've been protecting our cyberspace all night. Ukraine is experienced and continues to counter non-stop attacks on main informational sources." Fedorov wrote in a tweet on 24 February.
China, while officially maintaining a neutral stance and calling for restraint, has shown signs of tacit support for Russia. It might also be taking notes on the cyberwarfare that Moscow has employed.
China Could Be Learning From Russia-Ukraine
Anirudh Suri, Founding Partner of India Internet Fund and author of The Great Tech Game, believes that Russia and China may have coordinated to split the attention and efforts of the United States. "Together, they have an opportunity to open two fronts and potentially bleed the US," he told The Quint.
"If the Russians now get away with this kind of military aggression, then the Chinese will also obviously get emboldened. They might conclude that if the US is not coming to the rescue of its allies and friends in Europe, there's a very low likelihood that it will come to the rescue of a regional power in Asia," he said.
'Can't Rely on the US'
If Russia's tactics succeed and the US doesn't retaliate, then China has reason to imitate their playbook and employ similar tactics in the Asia-Pacific, including sustained cyber warfare, which is notoriously difficult to attribute.
"We will have to be a lot more careful now. We can't just rely on other powers coming to our defence. So, it'll not be a collective defence situation and India will have to make sure it's defending both its physical and digital borders," he added.
What Cyber Warfare Looks Like
Cyber warfare generally consists of digital attacks against an enemy state. When this comes in tandem with physical aggression, like in Ukraine, it becomes hybrid warfare.
In Ukraine, recent attacks have primarily been of two kinds – defacement of government websites and DDoS (Distributed Denial of Service) attacks, during which hackers overload a server with a flood of Internet traffic. Microsoft also released information about the appearance of malware called “WhisperGate” on government systems.
"The effects of so-called cyber ops have real world consequences, they are not abstractions. Many essential services – healthcare, electricity, banking, telecommunications – can be affected, leading not just to massive economic harm, but also the lives and livelihoods of people."Trisha Ray, Associate Fellow, ORF Centre for Security Strategy and Technology
There are a few approaches to hybrid warfare which, according to Suri, include the following:
Attack on critical physical infrastructure, a lot of which is digitally connected. This includes power grids, ports, industries and government services, among other things. Attacks of this kind could affect the economy and derail the supply chain.
Attack on digital infrastructure. Internet is routed across the world through undersea and overland communications cables which can potentially be tampered with. Such an attack can disrupt communications, economic activity and cause public unrest. Russia allegedly used such a tactic when it annexed Crimea in 2014.
Information warfare, which involves a flood of disinformation using bots or cyber-professionals. Massive campaigns can be unleashed on various social media platforms to create confusion and sow discontent within parts of the population which are already disaffected.
According to Suri, this kind of conflict can take your eye off the ball before the adversary initiates some sort of physical or cyber offensive. That is why Russians have been employing hybrid warfare with its neighbouring nations and the US.
"It is also hard to localise the effects of certain kinds of cyber tools. Russia has deployed cyber offences against Ukraine before – 2017’s NotPetya malware for example leaked out of Ukraine and became a global malware crisis," added Ray.
India's vulnerabilities include, but are not limited to, payments systems, power grids, dams, industries, nuclear facilities and telecommunications infrastructure.
For instance, last week, the information management systems at the container terminal operated by Jawaharlal Nehru Port Trust (JNPT) were crippled for a couple of days due to a suspected cyber attack, according to ITLN.
Indian power grids and banks have also been targeted by suspected cyber-attacks in the past. India’s Computer Emergency Response Team (CERT-In) reported more than 11.5 lakh cybersecurity incidents in 2020 alone.
"The connectivity of our digital infrastructure and the security of our digital infrastructure are at risk, and that's what India needs to make sure it's defending," Suri said.
India's small number of undersea internet cables also increases our digital vulnerability. Currently, according to Submarine Networks, there are 15 undersea cables landing in different locations across India: Mumbai, Chennai, Cochin, Tuticorin and Thiruvananthapuram.
Suri pointed out that India's United Payments Interface could also invite attacks.
"In India's case, one of the things we should be most careful about is the UPI infrastructure that's powering a bulk of our payments today. If that gets attacked then your payments go down and everything could come to a halt."Anirudh Suri
Trisha Ray suggested that India should also be wary of insider threats, since insiders typically have easier access to sensitive data.
"Often the way an attacker gets into a system is by leveraging 'insiders' who either intentionally or accidentally help attackers gain access to the system," she said.
UK Warns of Cyber Spillover, IT Firms Prepare
British officials are reportedly concerned about the spillover from Russian cyber-activity against Ukraine. “Organisations need to understand there is a heightened risk,” an official told The Guardian, implying that Russian cyber-attacks could have wider consequences.
IT firms in India and abroad are now preparing for the spillover from Russian cyber attacks, sources suggest.
An internal memo from one such firm said that cyber-attacks "may also target other nations or global companies." It recommended that employees be careful of any suspicious links or activities and keep sensitive data to themselves.
What India Should Learn from Russia-Ukraine
The Belfer National Cyber Power Index 2020, which measures the cyber capabilities of 30 countries, ranks India at 21st place in its list of the most comprehensive cyber powers. The US, China, UK, and Russia all feature in the top five.
Such an index isn't necessarily accurate since a lot of these cyber capabilities might deliberately be hidden by governments. However, in Suri's assessment, India can't be considered a top power when it comes to cyber capabilities.
"There's a likelihood that China's cyber offence will be stronger than India's cyber defence. Hence, India must bolster its cyber defence," he said.
He had three recommendations for bolstering India's cyber defence:
India should have the infrastructure and ability to detect attacks and malicious activity at the earliest, to prevent damage.
The private sector should have a clear channel of communication with the government since such attacks frequently affect private entities.
India should focus on its cybersecurity expertise to help deal with an attack, remove vulnerabilities, and get affected systems back up.
"None of this is rocket science. Several countries and companies across the world are doing this. You have many large cybersecurity firms out there today who manage this kind of security infrastructure. We should be engaging a lot with such firms," Suri said.
"Most of India's private sector firms don't have cybersecurity firms they're working with. They're just hoping, maybe naively so, that they will not get hacked," he added.
Nearly 61 percent of Indian organisations did not have well-structured cybersecurity training modules for their employees, according to a 2020 survey by cybersecurity firm Cyberbit.
The survey showed that nearly 90 percent of organisations still relied on theory-based training and had limited practical exposure.
Trisha Ray recommended shoring up defences through access controls, keeping software up to date, air-gapping critical systems, having dedicated cyber response teams.
The Data Security Council of India (DSCI) estimates that India needs a million cybersecurity professionals, but, according to Ray, the right kind of training is also crucial.
She said that India likely possesses cyber offensive capabilities but it remains to be seen whether it will be officially alluded to in the draft National Cybersecurity Strategy.
"Warfare has evolved faster than our diplomatic arsenal and theoretical framings. Strategic thinkers need to get ahead on debates on what cyberwar is, what would constitute red lines beyond which countries can retaliate with force etc," Ray said.
"India already got a taste of this kind of hybridised kinetic and cyber conflict during the Galwan skirmishes and subsequent escalation," she added.
(With inputs from ITLN and The New York Times)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.