Editorials - 06-03-2021

Doctrinal clarity and institutional coherence are essential for a robust cybersecurity posture

On Sunday, February 28, there was a sensational report inThe New York Times, “China appears to warn India: push too hard and the lights could go out” (https://nyti.ms/3c8wzqN), based on investigations by a United States-based cybersecurity firm. It raised the possibility that the power outage in Mumbai, on October 13, 2020, could have been the result of an attack by a Chinese state-sponsored group. Maharashtra’s Home Minister acknowledged that a report by the Maharashtra Cyber Cell showed that the grid failure was potentially the result of “cyber sabotage”. Meanwhile, the Union Power Ministry denied that the grid failure was linked to any cybersecurity incident, and blamed human error for it. We cannot say who is right since not enough information is available in the public domain. And therein lies the rub.

While Maharashtra’s Home Minister has promised to table the report in the Assembly, this would be the first time, to our knowledge, that a cybersecurity incident has been discussed this openly by government officials.

India has been a target earlier

India has been attacked by suspected Chinese state-sponsored groups multiple times in the past. In 2009, a suspected cyber espionage network dubbed GhostNet was found to be targeting, amongst others, the Tibetan government in exile in India, and many Indian embassies. By pursuing the leads from that discovery, researchers found what they dubbed the Shadow Network, a vast cyberespionage operation which extensively targeted Indian entities, including military establishments, news publications, and even the National Security Council Secretariat itself, with clear evidence that confidential documents had been accessed by the attackers. In response to a question raised in Parliament, the then Minister Sachin Pilot noted an investigation was under way (https://bit.ly/3uXTLAr). There were a number of subsequent attacks that targeted India, including Stuxnet, which had also taken down nuclear reactors in Iran; Suckfly, which targeted not just government but also private entities including a firm that provided tech support to the National Stock Exchange; and Dtrack which first targeted Indian banks, and later the Kudankulam nuclear power plant (Tamil Nadu) in 2019. However, neither the report from the Shadow Network investigation, nor any other, has ever been tabled in Parliament, nor even a redacted version made public. Even when parliamentarians have raised serious questions, the government’s responses have only been perfunctory. Appraising lawmakers of the scale and depth of the damage wrought is critical to enabling meaningful public discussions and crafting a robust response. Further, doing so will enable the government to be able to own the narrative around these incidents.

On a side note, while there is much evidence to show that Chinese state-sponsored groups were responsible for many of these attacks, Chinese cybersecurity agencies have also helped the security community in dismantling the infrastructure behind some of these attacks. And it must also be remembered that documents released by WikiLeaks show that groups such as the Central Intelligence Agency’s UMBRAGE project have advanced capabilities of misdirecting attribution to another nation-state (“false flag attacks”) by leaving behind false “fingerprints” for investigators to find. Given this, questions of attribution are always murky when it comes to cyber attacks — necessitating a robust institutional posture and political acumen in publicly dealing with these issues.

Institutional security

Over the past two decades, India has made a significant effort at crafting institutional machinery focusing on cyber resilience spanning several government entities. The Prime Minister’s Office includes within it several cyber portfolios. Among these are the National Security Council, usually chaired by the National Security Adviser (NSA), and plays a key role in shaping India’s cyber policy ecosystem. The NSA also chairs the National Information Board, which is meant to be the apex body for cross-ministry coordination on cybersecurity policymaking. The National Critical Information Infrastructure Protection Centre established under the National Technical Research Organisation in January 2014 was mandated to facilitate the protection of critical information infrastructure. In 2015, the Prime Minister established the office of the National Cyber Security Coordinator who advises the Prime Minister on strategic cybersecurity issues.

India’s Computer Emergency Response Team (CERT-In), which is the nodal entity responding to various cybersecurity threats to non-critical infrastructure comes under the Ministry of Electronics and Information Technology (MEITY). The Ministry of Defence has recently upgraded the Defence Information Assurance and Research Agency to establish the Defence Cyber Agency, a tri-service command of the Indian armed forces to coordinate and control joint cyber operations, and craft India’s cyber doctrine. Finally, the Ministry of Home Affairs oversees multiple similarly-named “coordination centres” that focus on law enforcement efforts to address cybercrime, espionage and terrorism, while the Ministry of External Affairs coordinates India’s cyber diplomacy push — both bilaterally with other countries, and at international fora like the United Nations.

This institutional framework, while seeking to create an ‘all of government’ approach to countering and mitigating cybersecurity threats at the national level, has also resulted in concerns around effective coordination, overlapping responsibilities and lack of clear institutional boundaries and accountability. This needs to be clarified in India’s National Cyber Security Strategy, which has been drafted by the NSC — a much-needed update to the National Cyber Security Policy 2013 — but is yet to be released. Ensuring coherence and coordination between these different actors should be its primary goal.

Doctrine on cyber conflicts

India is also yet to clearly articulate a doctrine that holistically captures its approach to cyber conflict, either for conducting offensive cyber operations, or the extent and scope of countermeasures against cyber attacks. While reports indicate that India too engages in targeted cyber-attacks, the rules of engagement for that too are unclear. This is unlike India’s approach to other global security regimes. For example, the ‘No First Use’ nuclear posture has been critical in preventing a nuclear armageddon in a region fraught by political and military tensions, and continues to further India’s global reputation as a responsible nuclear state.

Is it fair to argue that ‘cyber’ is different? Could secrecy and ambiguity surrounding a nation’s doctrine and capabilities provide a tactical advantage when engaging in cyber operations? This is hardly the case in today’s increasingly unstable geopolitical scenario. The existing asymmetry in capabilities does not currently favour India. The absence of a credible cyber deterrence strategy means that states and non-state actors alike remain incentivised to undertake low-scale cyber operations for a variety of purposes — espionage, cyber crime, and even the disruption of critical information infrastructure.

Define the red lines

The same argument must be made for India’s contribution to global regimes crafting norms for responsible state behaviour in cyberspace. India has been an active participant at processes within the First Committee of the United Nations General Assembly dealing with issues of disarmament and international security. While the Indian delegation has made public some of their intervention, India’s long-term strategic thinking on core issues of debate at these fora remains relatively unknown, barring a few statements by public officials, including Shivshankar Menon and Arvind Gupta. A key opportunity herein is a precise articulation of how international law applies to cyberspace, which could mould the global governance debate to further India’s strategic interests and capabilities. In particular, this should include positioning on not just non-binding norms but also legal obligations on ‘red lines’ with respect to cyberspace-targets that should be considered illegitimate due to their significance for human life, such as health-care systems, electricity grids, water supply, and financial systems.

Clearer strategy and greater transparency are the need of the hour to improve India’s cybersecurity posture. To better detect and counter threats from both state actors and their proxies as well as online criminals, improved coordination is needed between the government and the private sector, as well as within the government itself — and at the national and State levels. A clear public posture on cyber defence and warfare boosts citizen confidence, helps build trust among allies, and clearly signals intent to potential adversaries, thus enabling a more stable and secure cyber ecosystem.

Pranesh Prakash was a co-founder of the Centre for Internet and Society, and is an affiliated fellow at Yale Law School’s Information Society Project. Arindrajit Basu is Research Lead at the Centre for Internet and Society

The Greater Europe concept has gone, with the emphasis on Russia’s sovereignty and independence

Russian Foreign Minister Sergei Lavrov declared last month that although the European Union (EU) was Russia’s biggest trading and investment partner, Moscow was “ready to break ties” with the EU after criticism of the jailing of Opposition figure Alexei Navalny.

He added that Russia worked with the EU in only a few areas, dealings with the EU were “sporadic” and related mainly to energy and foreign policy issues such as Syria and Iran. The Kremlin later mitigated the Minister’s comments, denying that severance of diplomatic contacts was imminent, though such steps might be considered in response to EU sanctions affecting sensitive areas of the economy.

Idea of a common home

A Swedish soldier in the 18th century, Philipp-Johann von Strahlenberg, defined the Ural Mountains as the border between Russia and Europe, a view warmly endorsed by Russians associated with Tsar Peter the Great’s westernisation programme. In 1962, French President Charles de Gaulle proposed “a Europe from the Atlantic to the Urals”, the idea of a common European home echoed later by Soviet leaders Leonid Brezhnev and Mikhail Gorbachev. President Boris Yeltsin (1991-99) pursued this concept, but his commitment to refashion Russia after the European model failed to result in the inclusion of Russia in European security or political architecture or the removal of Cold War tensions. Instead, Moscow’s embrace of liberalism legitimised sovereign inequality, with the EU lecturing Russia on liberal norms and assuming a role to influence Russia’s domestic affairs, though treating Russian influence beyond its borders as illegitimate and ‘meddling’.

The EU’s attitude was never sustainable since it rested on sovereign inequality. Democracy was advanced when the West assumed the right to promote liberal values in Russian civil society and shape its political opposition, but democracy was under attack whenever Russia attempted to influence the West. Moscow held the contrary view; that power and values could not be decoupled; and refusal to include Russia in European institutions such as the North Atlantic Treaty Organization and the EU continued the structures of the Cold War, and consolidated the opposing Russian and European basic security interests.

Where Europe went wrong

Europe’s mistake in dealing with Russia after the re-unification of Germany in 1990 was in expecting it to westernise unilaterally. This ignored Gorbachev’s warning that “the states of Europe belong to different social systems; recognition of this fact and respect for the sovereign right of each people to choose their social system... are the most important prerequisites.” After its transitory revival in the 1990s, the objective of a common European home remains as unrealisable as ever. On the contrary, it seems that after 300 years, Russia will end its West-oriented approach although Europe and the United States have yet to acknowledge this historic shift.

The West’s support for the 2014 Ukraine uprising, and the NATO and EU’s relentless forward policy in States bordering Russia are intensely resented in Moscow, and the EU’s claim to a monopoly of European values and identity fuels this animosity. The Kremlin’s Greater Europe concept has now been replaced by the more feasible Greater Eurasia Initiative, with Russia looking East for economic connectivity and institutional integration. The current emphasis is on Russia’s sovereignty and independence, the idea of a unified European civilisation replaced by competition in values, and instead of closer collaboration with Europe, the Russian and European integration initiatives will go their separate ways.

The Russian liberals

Ever since the French Revolution, the Napoleonic period and the Decembrist revolt against the Tsar, Russia has been suspicious about liberal political movements, thereby obliging Russian liberals to identify with foreign counterparts and appearing as a fifth column. Upon Russia’s humiliation in its war with Japan in 1905, Russian liberals sent messages congratulating the Japanese Emperor, and used the hardships of the First World War to delegitimise the authority of the Tsar, although it was the Bolsheviks who seized power in the ensuing chaos. Russia’s exclusion from post-Cold War Europe revived its distrust of domestic liberals, who draw encouragement from western support for colour revolutions and anticipate regime change during every street protest in Russia. U.S. President Biden, after pledging to pursue values-based diplomacy, now adopts Washington’s tried-and-failed toolkit of sanctions and use of force.

The Moscow visit by the EU’s foreign policy chief Josep Borrell that provoked Mr. Lavrov’s outburst demonstrates that efforts to reset relations are compromised when mutual expectations about the form and nature of ties are far apart. Moscow rejects EU efforts to intervene in its domestic affairs while the EU feels disrespected and rebuffed. Russia is transitioning from Greater Europe to Greater Eurasia, and diplomatic disengagement may be expedient until the new reality is understood. Paradoxically, Russia’s emphasis on Greater Eurasia might improve the climate for Russian liberals, because a responsible liberal presence in the Russian political system is necessary, and could come about by decoupling liberalism from great power competition.

India, under ever-closer international scrutiny over its human rights abuses, should scrutinise the EU-Russia stand-off and draw the relevant conclusions.

Krishnan Srinivasan is a former Foreign Secretary

Sasikala’s withdrawal from politics mighthelp narrow the gap in TN’s electoral contest

As elections approach, drama and excitement will be a constant feature in the conduct of politics. In December last, it was veteran actor Rajinikanth who provided the theatrics to the political situation in Tamil Nadu by announcing his entry, and then his exit. Now, with the Assembly election hardly a month away, V.K. Sasikala, former interim general secretary of the All India Anna Dravida Munnetra Kazhagam (AIADMK) and aide of former Chief Minister Jayalalithaa, surprised many by declaring that she would step aside from politics. After mobilising her supporters and making a political show of her return to the State on serving out her jail term in Bengaluru, she issued an appeal to the “true followers” of Jayalalithaa to “remain united, act wisely and work hard” during the Assembly election to prevent the Dravida Munnetra Kazhagam (DMK) from capturing power again. There is no clarity over what prompted her to make such an announcement when it was expected that she would play an active political role, going by her observations in the last one month. But regardless of her motives, the latest statement can be viewed as a tactical retreat on her part so that the ruling AIADMK does not suffer any disadvantage in the elections. Although her nephew, T.T.V. Dhinakaran, who heads the Amma Makkal Munnetra Kazhagam (AMMK), is still hoping to lead a coalition of his own, her statement is a shot in the arm for the AIADMK, which is trying to ward off the challenge from the principal opposition, the DMK. It has also laid to rest, for the time being, the debate over the possibility of her return to the AIADMK, which was reported to have turned down a suggestion from its ally, the Bharatiya Janata Party, on the matter.

What the ruling party expects now is that the AMMK’s support base in the central and southern parts of the State will come back to it and help the party win the Assembly elections. There is expectation that the gap between the AIADMK-led front and the DMK-led coalition will narrow down, especially if some of the loyalists in the Sasikala camp are accommodated during distribution of the tickets by the AIADMK. But, elections rarely turn on any one factor, and certainly not on the limited support base of the breakaway group of Ms. Sasikala. On test will be the performance of Chief Minister Edappadi K. Palaniswami in the last four years. Personality-based politics has taken a back seat this election with the passing of M. Karunanidhi of the DMK and Jayalalithaa of the AIADMK. Performance and promises are, therefore, more likely to dominate the campaign.

ISRO must take advantage of the market opportunities from space applications

With the launch of Brazil’s Amazonia-1 satellite last week from Sriharikota, a new chapter has begun in India’s space history. The satellite, a 637-kilogram entity, was the first dedicated commercial mission of NewSpace India Limited, a two-year-old commercial arm of the Department of Space. This is not the first time that NSIL has organised a launch of foreign satellites aboard an Indian Space Research Organisation (ISRO) launch vehicle. The organisation has had launches last November as well as in December 2019. However, the primary satellites aboard both these missions were Indian satellites — the RISAT-2BRI and the EOS-01 — with smaller satellites from several other countries, as well as India, piggybacking on them. The Amazonia mission also saw 18 other satellites being launched and was the first fully commercial mission. India has so far launched 342 foreign satellites from 34 countries using its Polar Satellite Launch Vehicle platform and many of them have involved ISRO’s first commercial entity, the Antrix Corporation. There is still confusion on how exactly the responsibilities of NSIL differ from those of Antrix. But with the formation of the Indian National Space Promotion and Authorization Center (IN-SPACe) — a regulatory agency — as well as plans of an independent tribunal to adjudicate disputes among private space entities, there is a potential explosion of market opportunities from space applications on the anvil. Though the private sector plays a major role in developing launch and satellite infrastructure for ISRO, there are now several companies that offer myriad services. Many of these companies want to launch their own satellites, of varying dimensions, and the experience with ISRO has not been smooth always. The most conspicuous has been the controversy involving Devas Multimedia, to which the Government of India owes nearly $1.2 billion going by an order of a tribunal of the International Chamber of Commerce and upheld by a United States federal court last year. NSIL, it is said, is also a move by India’s space establishment to insulate the prospects of the space industry in India from repercussions of the Devas-Antrix imbroglio.

Much like unfettered access to the Internet has spawned industries that were inconceivable, similarly, space applications and mapping have barely scratched the surface in terms of the opportunities that they can create. NSIL has a broad ambit and will be involved in collaborations spanning from launches to new space-related industries. NSIL is also expected to be more than just a marketer of ISRO’s technologies; it is to find newer business opportunities and expand the sector itself. NSIL must endeavour to not be another Antrix but be continuously in start-up mode. It must conceive of ways to aid space start-ups reach out to rural India and facilitate more recruits from India’s young to facilitate careers in space applications and sciences. It must see itself both as an Indian ambassador and disruptor in the space arena.