7 January 2017

*** Secure cyberspace for Digital India

SHANKAR ROYCHOWDHURY

The question is: how well prepared is India for cyber attacks on the note ban process?

“Rome was not built in a day. Otherwise we would have hired the contractor”
— The Chicago City Council, facing
questions on its road repair programme

India had a brief taste of some of the possible fallout during the recent rollout of “Arthakranti”, the multi-pronged strategy to unclog India’s economic arteries through a radical shock therapy of selective demonetisation of currency.

On December 31, 2016, Arthakranti completed its schedule of 50 days which the Prime Minister asked to implement in his dramatic appeal to the nation on November 8, 2016.

The gunsmoke is still drifting over the battlefield, and the jury on its final verdict is still out, but there seems to be a cautious current of tentative overall approval for the strategy, propounded by “Arthakranti”, a Pune-based think tank, and pushed by Prime Minister Narendra Modi himself almost as a personal “dharma yudh”.

It was certainly a bitter medicine which induced nausea amongst the public and triggered a barrage of shrill, antagonistic, political vituperative whose fragmentation has shredded the country into warring political factions. Symbolical bodies were strewn across the landscape. Approximately 50 of these were “actuals”, who died of exhaustion or other causes while standing in the long queues outside banks to exchange old currency notes for new. All these were shrugged off as “teething troubles”, which required rapid fire corrective dentistry immediately on occurrence.

A barrage of instructions and amendments were issued from the “war room” in the beleaguered ministry of finance, while the government and the Opposition remained locked in a tug-of-war which stalled Parliament for over a two months (and counting), regardless of running costs of an estimated Rs 2.5 crore per day by most estimates. The dust is settling to some extent, but the big question is: having led the horse to this “Nayi Duniya” of Arthakranti, will it finally drink?

One prong of the attack, on the flow of forged currency from Pakistan and Bangladesh to finance radicalised terrorist in Kashmir and elsewhere, is generally regarded as being successful. Stone-throwing in Kashmir is down (with stone throwers demanding Rs 500 per day) and so are Naxalite activities in the Abujmarh in Chhattisgarh-Madhya Pradesh.

But amidst all the corrosive political debate, the seemingly trivial and apparently unrelated issue of hackers intruding into the bank accounts of several high-profile political personalities and major political parties does not seem to have raised antennas on something which might be a highly vulnerable Achilles’ heel of the demonetisation process, and by extension, on the national security and the economic wellbeing of the nation itself.

Cyber warfare is a slow poison silently administered by non-attributable, physically non-intrusive ninjas, largely non-detectable, except by specialised agencies. In a “hot peace” environment of proxy wars and plausible deniability, cyber warfare is an attractive low-cost covert option, which can keep involuntary host countries genuinely unaware.

Cyber attacks are almost tailor-made for Pakistan’s “long war” proxy operations against India, with a definite possibility of covert coordination with China. India-Pakistan skirmishes in cyberspace between Pakistani and Indian hackers have been reported, and there have been “hits” on Indian networks.

The massive flow of financial information and electronic transactions involved in the demonetisation process are all entirely dependent on totally secure, tamper-proof telecommunications. Thus becoming prime targets for hostile “Black Hat” cyber attacks by shadowy “electronic snipers” emplaced almost anywhere in the world, including even in India itself. “Murder With a Borrowed Sword” is the domain of such stealth warriors who have undoubtedly begun circling the tempting array of economic and financial targets thrown up by India’s demonetisation process.

If successful, these attacks could deliver economic body blows from which this country might never recover. Electronic security of the demonetisation process is a high priority now, on par with other such threats to national security. The question is: how well prepared is India for cyber attacks on the entire demonetisation process?

While the response to these cyber attacks could be better than before, it isn’t iron-clad as yet. Hence, still inadequate. Here, the formulation of the National Cyber Security Policy in 2013, controlled by the ministry for electronics and information technology (MEITY), has been a giant step forward towards establishing the framework of a basic cyber security infrastructure and mechanism for the country, including a national critical information infrastructure protection centre (NCIIPO) as the nodal agency, fielding multiple computer emergency response team(s), for sectoral coverage of India’s cyber frontiers. These commitments are likely to increase exponentially as the Arthakranti project gets into full stride.

India claims to be a powerhouse in information technology, but after almost 70 years of Independence, this vaunted achievement remains asymmetric and largely confined to software only. There has been very little enhancement of hardware capability, specially the critical strategic area of manufacturing electronic chips.

The manufacturing facilities of the erstwhile Semiconductors India Ltd, a strategically important public sector unit for manufacture of military grade silicon wafers established at Chandigarh in 1984 was destroyed in a mysterious blaze just three years later in 1987, even before it came on stream to its full capacity — a possible hostile “surgical strike” by entities as yet untraced. Ambitious plans to reorganise and re-establish them are still at the empowered committee stage.

The people of India have displayed an admirable restraint during the entire demonetisation process. But this country must take special note of events in faraway Venezuela where violent mobs ran riot during an attempted demonetisation of the peso, as a warning parable if demonetisation is mishandled or mismanaged.

Republic Day 2017 is approaching, and as India enters its 66th year of Independence, it is pertinent to ask: can this country beat off another terror attack, this time coming out of cyberspace?

No comments: