Indian needs to adopt a more proactive approach and foresee the potential of cyber technologies in an active war scenario.
Unlike the other countries mentioned, India still lacks a comprehensive, modern, and updated cyber warfare strategy. India is in the final stages of clearing a National Cybersecurity Strategy, 2020 and has a National Cybersecurity Policy, 2013. These, however, do not discuss armed conflict or active espionage. In May 2021, India set up its Defence Cyber Agency (DCA). The DCA works closely with National Technological Research Organisation, India’s Research and Analysis Wing, National Security Council, and the Defence Research and Development Organisation. These organisations have often been the target of cyber-attacks and are now protected to a greater capacity with the inclusion of the DCA. The DCA aims to thwart any attacks on their authorities to access critical military infrastructure. In these capacities, India only addresses cybersecurity attacks and not cyber warfare. That is, the concern currently is over the importance of civil and military data rather than the use of technology in actual warfare. India needs to adjust the current view of cybersecurity from a form of espionage to one that can be used to actively harm in case of war. The current cybersecurity regulations in India avoid questioning the importance of cyber warfare; the necessity of cyber weapons; India’s stance on peace-time state-sponsored hacking; the use of cyber weapons on military targets and defining military use/targets. India needs to employ a strategy that discusses two philosophies of thought: A cyber strategy for offence and defence. India should combine the two in a strategy focusing on deterrence. To allow for this, policies aimed at improving a nation’s cyber security would need to increase the amount of information-sharing and real-time threat detection among governments, industry, and academia. Similar to the cybersecurity legislation signed by the US Senate, as mentioned above, even the private sector and the public would be involved in reporting cyber-attacks, making significant changes in the current classification policy for cyber vulnerabilities and attacks. Governments, industry, and academia would need to share information about the latest attacks, malware signatures, and vulnerabilities aside from an offensive strategy that would focus on intimidation and expansion of peace-time cyber capabilities.
The US was criticised for having loose cyberwar regulations until, in March 2022, the senate signed its Cybersecurity Legislation to protect against attacks in civil and war capacities by enhancing communication between the private sector and the government.
After creating a landscape of information sharing and protecting even civil users, whose privacy/ access can be exploited, from cyber-attacks, India can relegate cyber weapons to the role of a deterrent. India, in this capacity, would be capable of impairing adversary states with little funding, providing an elevated level of deniability, and eliminating the problem of geographical distance, equalising the field against countries with higher nuclear, weaponry or funding capabilities. Using an offensive cyber strategy will also assist in stabilising India over other developing countries that are vulnerable to cyberattacks. India’s current approach adopts a reactionary “whack-a-mole” approach rather than creating deterrence. In addition to such a deterrent strategy, India must harden its targets and aim primarily at state-sponsored attacks (through cyberwarfare strategies, while cybersecurity strategies will continue to focus on non-state data breaches). A segment of cyber deterrence can be classified under ‘cyber persistence’, which includes cyber operations, activities, and actions to generate through persistent operational contact, and continuous tactical, operational, and strategic advantage in cyberspace. Cyber persistence and cyber deterrence do not discuss avoiding conflict or contact, they rather discuss creating in-house strategic benefits that enhance freedom to operate and manoeuvre in cyberspace, tactical friction, and warfare. An effective cyber warfare strategy would discuss developing and employing strategic capability to work in cyberspace, integrated, and coordinated with the other operational domains. It will have to lay down a specific action plan to respond primarily to state-sponsored attacks that threaten national security. While we develop a national cybersecurity strategy, enhancing cyber warfare capabilities is equally imperative. Those enhancements would be technological, organisational, and human, employed for cyber offence, cyber defence, cyber deterrence, or combinations of these.
Policies aimed at improving a nation’s cyber security would need to increase the amount of information-sharing and real-time threat detection among governments, industry, and academia.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Shravishtha Ajaykumar is Associate Fellow at the Centre for Security, Strategy and Technology. Her fields of research include geospatial technology, data privacy, cybersecurity, and strategic ...Read More +