Gp Capt Ajey Lele (Retd.) is a Consultant at the Manohar Parrikar Institute for Defence Studies and Analyses, New Delhi. Click here for detailed profile.
The recent incident of five Indian army soldiers being killed on the LOC by troops of the Pakistan army is a continuation of a sustained policy of the ‘powers’ in Pakistan. Over decades, relations between the two have swung from heightened tensions through nuclear posturing and coercive diplomacy to peace efforts through people-to-people contact, economic engagement and even cricket! So, under these now very similar and repeated circumstances what should be India’s response? Are there realistic options between diplomacy and war? Probably the time has come to look at ‘diplomacy plus’ and ‘war minus’ solution.
The ‘war minus’ tool could be to make obvious India’s niche military and intelligence technologies to Pakistan and making the latter realize its deterrence value especially the technological edge that India has in areas like cyber, space, robotics, jamming, etc. For example robotics should not remain restricted towards the usage of drones (unnamed combat aerial vehicles) only. If India can think about operating robots on Moon and Mars then why not have operational manuals to use micro and nano robots in Pakistan?
A number of states today are significantly dependent on cyber and space technologies both in civilian and military field. Pakistan relies on outside agencies to maintain its ICT (Information and Communication Technologies) infrastructure and various communication networks. Any intentional interference in such networks could create chaos.
India has developed its ICT architecture as a tool for social development, growth and commercial activities. Appreciating the dual-use nature of cyber technologies and the increasing danger of cyber warfare/terrorism/espionage, India has recently evolved a broad cyber security policy based on its experience of cyber espionage and cyber attacks for the last couple of years. Given the difficulty of identifying the actual cyber attacker, certain states are using the cyber space as a ‘Peacetime Warfare’ by following the ‘policy of deniability’. These states are either launching attacks by using proxy servers, which are physically located in some other state, or are claiming that the acts have been carried out by individuals without the knowledge of state. Currently there is no globally accepted cyber regime to provide the legal guidelines to recognize what is just and unjust.
There is no significant outcry in respect of cyber attack globally probably because of the peculiar nature of these attacks. The present cyber activities are disruptive in nature but they fail to create global furor essentially because such attacks are bloodless and no visible loss of human life takes place. Recently, Edward Snowden has exposed the covert US Cyber monitoring system for intelligence gathering. Subsequently, the US has accepted the presence of such system. There is nothing ‘covert’ about such activity and the US has time and again justified its action. This could motivate other states also to develop similar mechanisms.
In 2007, cyber attacks on Estonia had created a global furor. The attacks were launched on the parliament, banks, news agencies, various websites, etc, creating unmanageable chaos. The exact source of the attacker has yet to be fully established though Russia remains a prime suspect. Since 2007 the cyber world has further evolved and there now exists a fine line between what is just and unjust. Hence, in the post- Edward Snowden exposé, the US is brazenly defending its activities. The question is whether or not ’Cyber Deterrence’ can emerge as a new geopolitical model for the present era’? Is Pakistan a perfect case and a reason for India to invest in cyber deterrence?
There is a difference between the idea of cyber deterrence and the established nuclear deterrence. Estonia cannot be compared with Hiroshima/Nagasaki. It is difficult to comprehend the virtual nature of the threat against the visual manifestation of death and destruction of nuclear attacks. Hence the value of cyber deterrence may not be perceivable as it is in the nuclear scenario. Demonstrating by testing may not be sufficient. For this purpose probably India would need to launch an actual attack, may be of limited intensity initially on a specific target. What is important for India is not to hide its intentions but be transparent about it. As a policy option India should articulate the need to develop the “first-use option”. It needs to be spelled out that India reserves the right to undertake cyber offensive against a state or a non-state actor if it finds such actor intentionally harming India’s interest. It is time for India to reflect and possibly prepare itself for cyber warfare to counter Pakistan’s proxy warfare.
An Indian attack could target public utility systems like railways, airlines, stock market and the banking sector. Alternatively, to demonstrate its capability, the ‘first wave’ of such attack could involve limited targeting like disabling internet as well as using jamming technologies to target communication networks used by the military.
The value of cyber deterrence would also be dictated by the nature of weapons. Viruses like the Stuxnet, which was used against Iran’s nuclear installations, have already demonstrated that nuclear installations can be successfully targeted. The focus should be to target the ‘critical infrastructure’ like nuclear plants, power grids, military bases and industries. Some terror groups operative in Pakistan may not make good cyber targets due to their imitated dependence on technology, however, networks like D-company which is known to have wider international reach (spot fixing in Cricket is possible provided a communication network is available for a real time data transfer) could be effectively targeted.
Generally, it is perceived that once the computer virus is traced then it is possible to immediately find an anti-virus and hence the value of the cyber attack is limited. But now various new codes are getting written which are resistant to anti-virus software. Also, various new techniques are getting enhanced which use code mutation to produce multi-use cyber weapons.
India’s cyber offensive would need to factor possible cyber backlash from Pakistan. Diplomatically India would have to solidly equip itself to handle global outcry. For this purpose India’s line of argument should concentrate on three major factors. One, since there is no universally accepted cyber regime hence India cannot be blamed for breaking any global norm. Two, India’s transparent approach and adequate forewarning to Pakistan about its likely reaction should give it the moral high ground. Third, India should articulate its response as one of ‘war minus’ solution, an option which states like the US often ignore.
Globally cyber offensive has never been used as a ‘diplomacy plus’ option, hence the impact of such offensive is difficult to prejudge. It’s time for India to possibly think about testing this option.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.
Locked in LOC: Exploring Cyber Offensive Option for India
More from the author
The recent incident of five Indian army soldiers being killed on the LOC by troops of the Pakistan army is a continuation of a sustained policy of the ‘powers’ in Pakistan. Over decades, relations between the two have swung from heightened tensions through nuclear posturing and coercive diplomacy to peace efforts through people-to-people contact, economic engagement and even cricket! So, under these now very similar and repeated circumstances what should be India’s response? Are there realistic options between diplomacy and war? Probably the time has come to look at ‘diplomacy plus’ and ‘war minus’ solution.
The ‘war minus’ tool could be to make obvious India’s niche military and intelligence technologies to Pakistan and making the latter realize its deterrence value especially the technological edge that India has in areas like cyber, space, robotics, jamming, etc. For example robotics should not remain restricted towards the usage of drones (unnamed combat aerial vehicles) only. If India can think about operating robots on Moon and Mars then why not have operational manuals to use micro and nano robots in Pakistan?
A number of states today are significantly dependent on cyber and space technologies both in civilian and military field. Pakistan relies on outside agencies to maintain its ICT (Information and Communication Technologies) infrastructure and various communication networks. Any intentional interference in such networks could create chaos.
India has developed its ICT architecture as a tool for social development, growth and commercial activities. Appreciating the dual-use nature of cyber technologies and the increasing danger of cyber warfare/terrorism/espionage, India has recently evolved a broad cyber security policy based on its experience of cyber espionage and cyber attacks for the last couple of years. Given the difficulty of identifying the actual cyber attacker, certain states are using the cyber space as a ‘Peacetime Warfare’ by following the ‘policy of deniability’. These states are either launching attacks by using proxy servers, which are physically located in some other state, or are claiming that the acts have been carried out by individuals without the knowledge of state. Currently there is no globally accepted cyber regime to provide the legal guidelines to recognize what is just and unjust.
There is no significant outcry in respect of cyber attack globally probably because of the peculiar nature of these attacks. The present cyber activities are disruptive in nature but they fail to create global furor essentially because such attacks are bloodless and no visible loss of human life takes place. Recently, Edward Snowden has exposed the covert US Cyber monitoring system for intelligence gathering. Subsequently, the US has accepted the presence of such system. There is nothing ‘covert’ about such activity and the US has time and again justified its action. This could motivate other states also to develop similar mechanisms.
In 2007, cyber attacks on Estonia had created a global furor. The attacks were launched on the parliament, banks, news agencies, various websites, etc, creating unmanageable chaos. The exact source of the attacker has yet to be fully established though Russia remains a prime suspect. Since 2007 the cyber world has further evolved and there now exists a fine line between what is just and unjust. Hence, in the post- Edward Snowden exposé, the US is brazenly defending its activities. The question is whether or not ’Cyber Deterrence’ can emerge as a new geopolitical model for the present era’? Is Pakistan a perfect case and a reason for India to invest in cyber deterrence?
There is a difference between the idea of cyber deterrence and the established nuclear deterrence. Estonia cannot be compared with Hiroshima/Nagasaki. It is difficult to comprehend the virtual nature of the threat against the visual manifestation of death and destruction of nuclear attacks. Hence the value of cyber deterrence may not be perceivable as it is in the nuclear scenario. Demonstrating by testing may not be sufficient. For this purpose probably India would need to launch an actual attack, may be of limited intensity initially on a specific target. What is important for India is not to hide its intentions but be transparent about it. As a policy option India should articulate the need to develop the “first-use option”. It needs to be spelled out that India reserves the right to undertake cyber offensive against a state or a non-state actor if it finds such actor intentionally harming India’s interest. It is time for India to reflect and possibly prepare itself for cyber warfare to counter Pakistan’s proxy warfare.
An Indian attack could target public utility systems like railways, airlines, stock market and the banking sector. Alternatively, to demonstrate its capability, the ‘first wave’ of such attack could involve limited targeting like disabling internet as well as using jamming technologies to target communication networks used by the military.
The value of cyber deterrence would also be dictated by the nature of weapons. Viruses like the Stuxnet, which was used against Iran’s nuclear installations, have already demonstrated that nuclear installations can be successfully targeted. The focus should be to target the ‘critical infrastructure’ like nuclear plants, power grids, military bases and industries. Some terror groups operative in Pakistan may not make good cyber targets due to their imitated dependence on technology, however, networks like D-company which is known to have wider international reach (spot fixing in Cricket is possible provided a communication network is available for a real time data transfer) could be effectively targeted.
Generally, it is perceived that once the computer virus is traced then it is possible to immediately find an anti-virus and hence the value of the cyber attack is limited. But now various new codes are getting written which are resistant to anti-virus software. Also, various new techniques are getting enhanced which use code mutation to produce multi-use cyber weapons.
India’s cyber offensive would need to factor possible cyber backlash from Pakistan. Diplomatically India would have to solidly equip itself to handle global outcry. For this purpose India’s line of argument should concentrate on three major factors. One, since there is no universally accepted cyber regime hence India cannot be blamed for breaking any global norm. Two, India’s transparent approach and adequate forewarning to Pakistan about its likely reaction should give it the moral high ground. Third, India should articulate its response as one of ‘war minus’ solution, an option which states like the US often ignore.
Globally cyber offensive has never been used as a ‘diplomacy plus’ option, hence the impact of such offensive is difficult to prejudge. It’s time for India to possibly think about testing this option.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India.
Related Publications