The news story about the Chinese hacker corps getting into the Eastern Naval Command (ENC) data net and stealing information related to the Arihant nuclear submarine came as no surprise. Like everything else they do, the Chinese are thorough in casing out likely adversaries as part of their military preparedness regime.
The senior echelon in government had been warned through unofficial channels about the Chinese achieving improbably high levels of access into ostensibly “fire-walled” servers with the Bhabha Atomic Research Centre (BARC), Trombay, missile design facilities (such as the Advanced Systems Laboratory, Hyderabad) and other critical DRDO installations, the ministry of defence and the various service headquarters and, perhaps, even the Prime Minister’s Office (PMO).
How vulnerable such agencies are can be gauged from the fact that at one point in time not too long ago Indian hackers forcefully assumed control of the Indian Navy, Indian Air Force, and BARC servers (named after Indian rivers — Ganga, Yamuna, Saraswati, etc.). A more malicious force intent on harm could on that occasion have wreaked merry havoc, sucked out information, and secreted away bugs of the kind the Chinese hackers placed in the Indian Eastern Naval Command computer network designed to relay targeted classified information to external sources. There’s no guarantee this was not done.
One might, in the circumstances, wonder just what it is that official Indian agencies tasked with cyber defence are doing. The supposedly premier National Technology Research Organisation (NTRO), like every other institution in the overly bureaucratised Indian state, is busily aggrandising turf and monopolising capability but, by itself, has conducted near zero offensive or even defensive cyber operations — the reason why the Indian government remains exposed to almost any passing cyber threat.
Heavy financial investments in NTRO have so far led to it successfully warding off Research & Analysis Wing’s (RAW) attempts to have its own offensive cyber operations cell, for instance, but not to its mounting even a single sustained offensive against Chinese networks. Such offensive programmes, protocols, and algorithms as have been created are products of informal Indian hacker groups working for the NTRO. Except NTRO has expropriated and passed off this work as its own and won laurels for itself!
NTRO, which is manned by DRDO stalwarts, like the RAW, has huge funds at its disposal for which there is no accountability, affording ample opportunities for siphoning off public monies. How is this done? One method, as already indicated, is to hire highly motivated young privateers who hack as serious hobby but are eager to do their bit for the nation. They are promised much but paid a pittance and that too tardily, thereby de-incentivising them. By one account, as much as nine-tenths of any sanctioned expenditure is thus spirited away. NTRO, in other words, is yet another vehicle for unreported scams on a vast scale. If this organisation is proving to be more a cyber liability than help, what are the other agencies in the same business up to?
The Headquarters Integrated Defence Staff, ministry of defence, has under its wing the Defence Information Assurance and Research Agency. It is manned by veteran officers from the EME (Electrical and Mechanical Engineers) Corps of the Indian Army, who have almost no clue about the cyber warfare domain, leave alone what to do in it.
The Indian Navy and the Indian Air Force have separately developed capabilities for engaging in purely defensive operations. They can repel cyber strikes and penetration attempts — apparently not all that well in light of the Chinese cyber infection of the ENC communications hub — but cannot counter-attack.
Extant Indian cyber capability and efforts are, in actuality, so pathetic that NTRO has stalled exploratory inquiries by the US National Security Agency to jointly develop means to attack and defeat the Chinese cyber threat. NTRO understandably fears that any collaborative work with professional American organisations will quickly reveal them as poseurs and frauds or, at the very least, as incompetent.
The trouble is, despite boasting of incomparable cyber talent in the country in the non-governmental sphere, India is saddled with a government, a science and technology establishment, and a military that are strictly industrial age. It is doubtful if anybody in the PMO, for instance, knows anywhere near enough to appreciate the basic fact of cyber reality — that the most inspired offensive and defensive cyber operations and breakthroughs are done by youngsters barely out of school who can negotiate their way through the most complicated protection schemes and plant “logic bombs” in heavily defenced communication networks on a dare or just to show off to their peers.
This enormous human resource wealth is available and can be mobilised for the national cause by offering these computer whiz-kids not babu pay scales and suffocating bureaucratic environs of work but freedom to operate as they wish to overcome meaty challenges. Of course, they have to be compensated directly and well (without intervening organisations decanting the moolah). Pitting a huge number of teams of these young guns hired by military and intelligence agencies — the more of them the better — to compete with each other in relentless offensive, defensive and pre-emptive cyber campaigns, bypassing the usual mode of government functioning, is a desperate need. They would seriously discomfit any adversary — something the wretched NTRO and other, cyber-wise Neanderthal, government organisations cannot ever dream of doing.
The problem, however, is the reliance on technology imports. Everyone is aware of the Chinese Army-controlled Huawei telecommunications company being permitted to sell area networks, including switching systems in India, on the condition that its wares are certified by a Huawei-funded centre at Indian Institute of Science, Bangalore. This is a joke considering the centre is given select units to examine.
Worse, the Indian government talks incessantly of “buying Indian” but its agencies as studiously purchase possibly compromised cyber software and enabling systems from RSA, Cisco, etc., rather than support indigenous development of comparable software and hardware, such as the enormously efficient router developed by IIT Mumbai. In the event, one should be prepared for cyber-savvy states like China to disable the Indian government and military at will early in any crisis.
[Published July 5, 2012 in the 'Asian Age' at www.asianage.com/columnists/cyber-neanderthals-925 and the 'Deccan Chronicle' at www.deccanchronicle.com/columnists/bharat-karmad/cyber-neanderthals ]