Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.”
Communications networks are crucial to the connectivity of other critical infrastructure, viz. civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, communication, information technology, law enforcement, intelligence agencies, space, defence, and government networks. Therefore, threats can be both through the networks as well as to the networks.
Information Warfare (IW)
In near future, Information warfare will control the form and future of war.
Because of the increasing relevance of information technology (IT) to people’s lives, individuals who take part in IW are not all soldiers and that anybody who understands computers may become a fighter.
IW is inexpensive as the targeted party can be delivered a paralysing blow through the net and it may be difficult for the latter to discern where the attack originated. Large amount of useless information can be created to block or stop the functioning of an adversary’s information system.
Thus, a People’s War in context of IW can be carried out by hundreds of millions of people, using open-type modern information systems. Even political mobilisation for war can be achieved via the internet, by sending patriotic e-mail messages and by setting up databases for education.
IW consists of five major elements and two general areas.
The five elements are:
- Substantive destruction, the use of hard weapons to destroy enemy headquarters, command posts, and command and control (C2) information centres
- Electronic warfare, the use of electronic means of jamming or the use of anti-radiation [electromagnetic] weapons to attack enemy information and intelligence collection systems such as communications and radar
- Military deception, the use of operations such as tactical feints [simulated attacks] to shield or deceive enemy intelligence collection systems
- Operational secrecy, the use of all means to maintain secrecy and keep the enemy from collecting intelligence on our operations.
- Psychological warfare, the use of TV, radio, and leaflets to undermine the enemy’s military morale.
The two general areas are information protection (defence) and information attack (offence).
Information defence means preventing the destruction of one’s own information systems, ensuring that these systems can perform their normal functions. In future wars, key information and information systems will become “combat priorities”, the key targets of enemy attack. It also includes many other manifestations of IW like computer virus warfare, precision warfare and stealth warfare, all dependent in some manner on information and software programmes.
Implications for India
The concept of information superiority is somewhat analogous to similar concepts of air, sea or space superiority. This is because proper use of information is as lethal as other kinds of power.
The Indian concepts of IW are generally based on Western concepts and according to the 2004 Army Doctrine, IW encompasses the elements of command and control warfare, intelligence based warfare, electronic warfare, cyber warfare, psychological warfare and network centric warfare, military deception and secrecy as well as media support.
Information operations can vary from physical destruction to psychological operations to computer network defence.
It is in this context that a Defence Information Warfare Agency (DIWA) under the Integrated Defence Staff Headquarters has been formed to coordinate efforts of the three services and certain other agencies to handle all aspects of information warfare.
Securing the networks is complicated by a number of factors.
In the first instance, much of the hardware and software that make up the communications ecosystem is sourced externally; as a case in point, Chinese manufacturers such as Huawei and ZTE have supplied about 20 per cent of telecommunications equipment while Indian manufacturers have about 3 per cent of the market.
As recent incidents have shown, foreign governments are taking advantage of the market penetration and dominance of their companies to infiltrate and compromise telecommunications networks. This is a potent combination of expertise and resources.
The task of securing the networks is also complicated by the fact that much of the infrastructure is in the hands of private companies who see measures such as security auditing and other regulations and frameworks as adding to their costs.
The Ministry of Communications and Information Technology has also repeatedly urged telecom companies to take note of vulnerabilities in their equipment and told them they would be held responsible and subject to penalties if the vulnerabilities are not addressed.
Even though Computer Emergency Response Teams (CERT) at national and lower levels have been formed to respond to cyberattacks on civilian infrastructure, the concept is more defensive in nature. A proactive concept like that of net force may be more appropriate.
The government in the National Telecom Policy of 2012 has set a target for domestic production of telecom equipment to meet the Indian telecom sector’s demand to the extent of 60 to 80 percent by 2020.
A number of other measures, such as making local certification mandatory, have been announced, but there is a need for a more integrated and strategic approach to securing the networks since they are so crucial to the economic, social and political well-being of the country.