1. Cyber Security
Amit Kumar Anand
www.amitkanand.com
September 21, 2016
1 Cyber Warfare
• Attacking the information systems of
other countries for espionage and for dis-
rupting their critical infrastructure.
• Attacks on websites of Estonia in 2007
and Georgia in 2008.
2 Cyber Crime
• Use of cyber space for criminal activities.
e.g. financial fraud, identity theft, mor-
phing etc.
• Information Technology Act (IT Act)
2000 confers extra territorial jurisdiction
on Indian courts and empowers them to
take cognizance of offences committed
outside India even by foreign nationals.
• Stuxnet targeted nuclear facilities of Iran.
3 Cyber Terrorism
• Use of cyber space by terrorists for com-
munication, command, and control, pro-
paganda, recruitment, training and fund-
ing purposes.
• ISIS
4 Cyber Espionage
• Spying and surveillance over cyber space.
• Titan rain - Series of coordinated at-
tacks on American computer systems
since 2003. China was blamed for this.
• Project PRISM.
5 Securing Cyberspace
• An effective cyber deterrence strategy
will include deterrence by denial as
well as penalty by punishment.
• Deterrence by denial will rely on strong
defences. i.e. the capabilities to bounce
back are strong.
• Deterrence by punishment relies on the
ability to counter-attack.
• If the attacker knows retaliation would be
“certain, severe and immediate”, it will
deter him.
• In cyberspace, where anonymity is the
key, it is difficult to identify precisely who
the attacker is. Non-attribution is the
fundamental weakness of the cyber de-
terrence argument.
6 India’s steps for securing
cyberspace
• National Cyber Security Policy 2013.
• National Cyber Security Assurance
Framework under implementation.
• National Cyber Security Coordinator ap-
pointed in 2015.
• National Critical Information Infrastruc-
ture Protection Centre (NCIIPC) set up.
• National Cyber Coordination Centre
(NCCC) set up.
• Regular dialogue between government
and private sector.
1

2. • New cyber security curricula introduced
in colleges.
• Cybersecurity R&D policy under active
consideration of government.
• Indian Computer Emergency Response
Team (CERT-In).
7 Clausewitzian Trinity
• Trinity held the key to victory in the war
1. military or means to fight war.
2. people or support for war in terms
of manpower and finance.
3. political instrument or government
to provide leadership and direction
in war.
• if these three tendencies are active and
interacting a nation can withstand any
aggression.
• if any of the trinity is completely de-
stroyed,the trinity is resilient enough the
other two tendencies would revive it back
and the trinity will survive.
• Today, all three tendencies are exten-
sively dependent on information and in-
formation assets.
• Modern nations are dependent on infor-
mation systems from military systems to
household essentials.
• the three tendencies of the Clausewitzian
Trinity are becoming extensively suscep-
tible to strategic information warfare.
• if all the three tendencies are simultane-
ously attacked, or in conventional terms
are subjected to parallel warfare in cy-
berspace, then it would generate a cas-
cade effect, inducing strategic paralysis,
and the victim nation would crumble as
a system, resulting in chaos and mayhem.
• Modern militaries rely extensively on in-
formation systems. Command, Control,
Communication, Computer, Intelligence,
Surveillance, Reconnaissance (C4SIR);
Strategic Information Dissemination Sys-
tems (SIDS); Net Centric Warfare/ Net-
work Enabled Operations (NCW/NEO);
Global Positioning System (GPS); Bat-
tle Field Surveillance Radar (BFSR),
Surveillance satellites, Global Command
and Control Systems (GCCS).
• These information assets acts as force
multiplier but at the same time are sus-
ceptible to attack.
• Stuxnet, Duqu malware.
• Modern societies are dependent on infor-
mation infrastructures.
• Critical infrastructures of nations are de-
pendent on information systems. Power
stations on Supervisory Control and Data
Acquisition (SCADA) and Distributed
Control System (DCS). Air Traffic Con-
trol, transportation systems, navigation
systems, banking infrastructure, stock
exchanges.
• Sudden disappearance of information re-
source from a information dependent so-
ciety in the event of cyber attack would
render people in the state of shock. e.g.
they cannot contact their near one due to
loss of communication systems.
• Governments acts as instrument of po-
litical direction and play critical role in
steering the nation.
• Law enforcement agencies depend in
criminal databases.
• Media is important linkage between gov-
ernment and public.
• e-governance.
• Media networks could be used to spread
disinformation. Psychological Opera-
tions (PSYOPS) in cyberspace.
• Potential further exacerbated with the
advent of social media and attack vec-
tors such as social bots for manipulation
of public opinion.
2

3. • PSYOPS can be used to induce fear,
chaos, misconception and division of per-
ceptions within a country which could
result in political upheavals and mass
movements. e.g. Role of Twitter in 2009
upheavals in Iran and Belarus.
• These three tendencies of the Trinity
form the core of a nation, and hence to
destroy a nation, it is important that all
the three be destroyed.
• Their dependence on the cyberspace
makes them a perfect target for strategic
warfare in cyberspace.
• All the three tendencies of the Trinity
should be simultaneously destroyed, as
being a resilient system the chances of
revival of the Trinity and the failure of
the attack to achieve a strategic effect are
very high.
8 Fifth Domain of War
• The potency of this threat has compelled
almost every country to develop capabil-
ities in the cyber domain, as is the case
for land, air, sea and space.
• By the end of 2008 nearly 140 countries
possessed varying degrees of cyber attack
capabilities. [Spy Ops]
• India on its growth path is vulnerable.
Located in an unstable region where the
larger neighbours possess this capacity, it
is logical to assume that the country is
under serious threat and constant attack.
3