Essay on Cyber Security in Indian Army

Introduction

The ‘Stuxnet’ incident woke up the Indian cyber security setup from the abysmal slumber and self-induced sense of security & the discourse on critical information infrastructure (CII) protection in India was turned on its head. It was discovered that a large no. of hosts compromised by the Stuxnet attack were from India. The investigations that followed revealed the profound vulnerability of India’s industrial control systems and the experts could visualize the damage potential of these vulnerabilities if left unaddressed only after ‘Stuxnet’. What followed was the creation of a plethora of agencies responsible for various aspects of the cyber domain including the security of critical infrastructure, emergency response, cyber security, vulnerability assessment etc.

The Indian Army was one of the first org in India to take a leap into the cyber world by introducing computers in the late 1980s. The progress since then has been abysmal due to a lack of strategic vision in the cyber domain, poor and outdated HR mgt policies, come oriented structures even in technically proficient arms, minimal engagement with indigenous private players, and ambiguous policies on IT infrastructure, trg, management coupled with the absence of an efficient research &sp org and unwillingness to spend billions of dollars reqd for building cyber capabilities in the long term.

The cybersecurity policy of India, issued in 2013, outlines a mission to protect information and infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities, and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation. However, NCSP-2013 does not talk about the creation and application of cyber power, the role, organization, equipping, and training of the Indian armed forces to execute cyber-enabled operations and cyberwar, leaving a glaring gap in policy with regard to national security.

Present Cyber W Capb of Indian Army

The cap of the Indian Army discussed in this section is primarily that of Cyberdefense. Cyber deterrent caps are being built up at the tri-services level and are not discussed in the public domain. The pace in the last few decades however has been excruciatingly slow. At the Army level, the Army Cyber Gp (ACG) functions as the nodal agency responsible for ensuring the cyber security of fdfmns and formulation of policies and guidelines to be followed by the fdfmns. It also acts as the emergency response team for the Indian Army. The staffing of the ACG is not commensurate with the org requests keeping in mind the immense proliferation of IT assets across the force. Hence, the agency is able to handle only priority tasks and the fmmns are left to themselves to address nonpriority issues. Alternately, the time lag in response to non-priority tasks is so much that more often than not the response itself is ineffective. At the Fmn level, there are no trained pers staffed and equipped to handle cyber security. The Corps of Sigs which has but logically and suitably taken on the responsibility to be the nodal agency at the fmn level are neither staffed nor equipped (in terms of infrastructure) to handle Cyber Security efficiently. Consequentially, the tasks of provisioning of safe, secure, and reliable company is hindered. The patch here is correct, but what is reqd is adequate staffing of Sig units at the come and corps level and dedicated specialist offers, JCOs, and other ranks responsible for ensuring the cyber security of the fmn. These offers would need to upskill themselves every two to three years to remain relevant. Another challenge is the lack of a long-term plug in the procurement of IT infrastructure. There is a recent long-term plug again by specialist officers at the cold level. The procurement cycle is so long that the by the time and equipment is inducted, it is already on the path to obsolescence. Alternately, the GSQR of futuristic eqpmt sometimes is made out of choosing the best char available in the open domain resulting in unrealistic specifications. The procurement procedures need to be suitably modified to enable the procurement of IT assets and also there is a need to train and specialize officers in procurement so they become the nodal agencies for procurement processes. Indigenous manufacturing cap is another challenge. The Army today is totally dependent on vendors from foreign countries to provide the criticalcomn, networking, and cyber security hardware and software.

Jointness in Cyber Domain. Jt infrastructure, trg, doctrines, and policies are reqd for the application of synch efforts in the cyber domain. This jointness is at a nascent stage. Other than a couple of joint courses and interactions at seminars, there is hardly any interaction at the grassroots level. All three services have their own IT and cyber security infrastructure and org without any common linkage/head of the tri-services agencies. (Defence Info Assurance and Research Agency) DIARA with its present org has a limited role and capability for the defense of a tri-services network. This void may lead to a major capability deficit, especially in view of extensive networks being developed for armed forces.

Agencies at Tri-Services and National Level

There is a range of agencies and organizations to ensure def preparedness of the nation against any cyber threat and also act as a deterrent. Limited info is available in the open domain of their charter and mandate. The important agencies with their tasks are enlisted as follows:-

• National Technical Research Organisation (NTRO). The NTRO came into existence in 2004 and is a specialized technical intelligence-gathering agency. While the agency does not affect the working of technical wings of various intelligence agencies, including those of the Indian Armed Forces, it acts as a super-feeder agency for providing technical intelligence to other agencies on internal and external security. The organization is tasked to conduct hi-tech surveillance jobs, including satellite monitoring, terrestrial monitoring, and internet monitoring, considered vital for the national security apparatus. The agency has tech capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development, and strategic monitoring.
• Indian Computer Emergency Response Team (CERT-In). CERT-In is mandated to enhance the security of India’s communications and information infrastructure through proactive actions and effective collaboration.
• National Critical Infrastructure Protection Centre (NCIIPC). NCIIPC was created under Sec 70A of the Information Technology Act, 2000 through a gazette notification on 16th Jan 2014. Based in New Delhi, it is designated as the National Nodal Agency for the Protection of Critical Information Infrastructure. It is under the control of NTRO and is tasked to monitor, intercept and assess threats to crucial infrastructure and other vital installations from intelligence gathered using sensors and platforms which include satellites, underwater buoys, drones, VSAT-terminal locators and fiber-optic cable nodal tap points. This includes seven sectors including transport, Power and Energy, telecom, and financial & banking. These sectors have been identified based on various criteria. The armed forces network does not fit the critical infrastructure criteria as of now.
• Defence Info Assurance & Research Agency (DIARA). DIARA is the nodal agency mandated to deal with all cybersecurity-related issues of Tri-Services and the Ministry of Defence is having close coordination with national agencies like the Computer Emergency Response Team – India (Cert-In) and the National Training Research Organisation (NTRO). DIARA also functions in coord with CERT Army, Navy, and Air Force
• National Cyber-Security Coordinator (NCSC). The National Security Council Secretariat (NSCS) coordinates and oversees cybersecurity issues, including cyber diplomacy. The National Cyber Security Coordinator at the NCSC has been entrusted with the responsibility of coordinating and synergizing cybersecurity efforts.
• National Intelligence Grid (NATGRID). Though not essentially a Cyber Agency, NATGRID is an int-sharing network that collates data from the standalone databases of the various agencies and ministries of the Indian government. It is a counter-terrorism measure that collects and collates a host of information from government databases including tax and bank account details, credit card transactions, visa and immigration records, and itineraries of rail and air travel. This combined data will be made available to various int agencies including the RAW & IB. Est in the aftermath of the Mumbai attacks in 2008, the agency had its first CEO appointed in 2016. However, the agency has not been fully functional and is still being raised. Privacy concerns, legal framework, and bureaucratic hurdles have been the prime reason.

Comments & Analysis

Strategic Deficiencies. The cyber domain requires a No of agencies to perform various tasks at all levels. Hence as we learned lessons from various incidents, these agencies have been recommended to be raised and subsequently raised. If the MSN and mandate of these agencies are studied, it seems that the nation has a well est system and coord enmeshed to respond to cyber threats. However, as far as armed forces are concerned, the mandate has been primarily of cyber def. It must be understood that in the cyber domain, there are no clear-cut demarcations between cyber defense and cyber offensive. As in conventional ops, def also has to be offensive in nature. Hence the Armed forces need a credible cyber offensive/deterrent cap. The second deficit in the present setup is that the tri-services are working in a compartmentalized manner with very little coord. Jt ex is being conducted and best practices are being shared but the jointness is still elusive. Some other aspects which need to be elucidated are:-

• Absence of a Clear-Cut Policy Directive & Cyber Warfare Doctrine. There is no clear-cut policy or doctrine for the Armed forces as far as cyber W is concerned.
• Inadequate Regulatory & Legal Framework. The IT act though being amended regularly does not cover the aspect of issues related to data privacy, data handling, ground rules for cyber espionage, or empower the cyber agencies to conduct even basic ops of svl. Though being a complex issue, the IT act needs to be suitably amended keeping in mind and in synch with the op requests of all agencies concerned.
• Lack of Public-Private Partnerships. Public Pvt Partnerships are the need of the hour to enable the agencies to get the best & the latest and also to upskill their pers. The participation of the private sector is minimal due to minimal incentives and no long-term commitment from the govt agencies. The pvt sector has the required cap and skillset to sp the govt agencies and this aspect should be leveraged by building strong linkages and partnerships.
• Shortage of Skilled Human Resources. The defense forces lack skilled HR, especially the Army. The auth concerned need to relook into HR policies and understand the fact that specialists are required in the cyber domain. There is no place for generalists or popular pers with the ‘GD’ tag in the Cyber Domain. Also, motivated, talented, and go-getters are reqd to work in this grey, continuously evolving fd of warfare. Selection, rect, trg, and service rules have to be altered to select, train and most importantly retain such Offers, JCOs, and all risks. Simultaneously, Cyber literacy is now a must for all ranks in all arms and services. This needs to be ensured.

ADGPI as an Instrument of IW

The army hosts the office of the ADG Public Information (ADGPI) which is responsible for media engagement and stations. It deals closely with the media interactions of the Chief of Army Staff (COAS)on a day-to-day basis, while also planning for information and psychological warfare, for the organization as a whole. The ADGPI is an adjunct office to the Director General Military Intelligence (DGMI) and comes under the Directorate of Military Intelligence. TheADGPI as per its mandate is the most equipped to carry out strategic communication operations.

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

However, it has a minimal interface with the Directorate of Public Relations(DPR), the agency handling stations at the national level. Each command, especially the Northern and Eastern Commands manning borders with hostile neighbors, has an Information Warfare (IW) branch headed by a Major General Staff (MGGS), along with appointments of Brigadier General Staff (BGS) (IW) and Colonel (IW)down the order. An effective strategic communication strategy would harness the work being done by the IW branches at the tactical level and leverage it at the national level. However, since the services have their administrators working in silos, this collaboration is rare.

StratComn is executed by the three Services making use of org which are ad-hoc or not suitably staffed because institutionally they are not supposed to speak to the public or the media. The PRO and officers at the DPR need to be aware of the importance of modern psychological warfare, perception management & strategic communication. The activities in the physical domain have to be in sync with the digital station. There are very few uniformed pers to carry out the plug and exec of station policies and understand the General Staff requirements of outreach. Regional PROs at various stns who report to the PRO Defence, are not under the local formation commanders or staff and hence not in sync with the Army’soperational needs. Hence the army today is without a General Staff oriented PR/Information.

Voids in Current Structure & Way Ahead.

Shift in Mindset. For Stratcomn to actually find a place in the operation and planning process implemented by military and political planners, there needs to be a top-down cultural shift in mindset. It is imperative for the top brass to encourage and empower their subordinates to engage the public information space, create awareness, counter misperceptions and work towards aligning public opinion with policy objectives and improving the perception of transparency.

Org Restructuring. For example, in the UT of Jammu & Kashmir, a purely public relations exercise is unproductive. Terrorist Burhan Wani became a hero without firing a bullet and the Armed forces looked on helplessly. The Armed forces were not prepared, equipped, or empowered to handle this kind of warfare. There was no structure in place to counter the narrative. Hence, the need of the hour is to align all instruments of state power to effectively communicate the message of the Indian state and negate any misperceptions fuelled by the adversary that is aimed at delegitimizing military-civilian ground action.

Trg. Indian Army needs to train its select offers strategic communications specialists. Language training for field operations, and media capsule covering the handling of print, television, and social media need to be inculcated in junior-level courses (Young Officers training) and then revised subsequently during Staff College, Higher Command (HC), and other courses.

Turf War. However, there is no point investing in communication specialists if the MoD does not empower them since the DPR often works at loggerheads vis-à-vis military spokespersons. There is a clear disconnect between the DPR and the ADGPI, which is well-recorded. The turf war between the MoD and

Service Headquarters sends mixed messages to the media which defeats the larger policy thrust behind the exercise of strategic communication.

ImplementingKargil ReviewCommitteeRecommendations. Recommendations of the Kargil Review Committee on info mgt during ops which may be revisited and need to be implemented are:-

• (a) Trg. With some exceptions, media personnel lacked training in military affairs and war reporting and the Armed Services lacked training and preparedness to facilitate the task of the media and counter disinformation.
• (b) PR in CI/CT Ops. The army needs improved PR capabilities even when deployed on counter-insurgency duties. Public relations are presently managed by the MoD at the higher level and by military officers who have no media background at the formation level.
• (c) Response Mechanisms. Negative propaganda needs to be nipped in the bud to ensure the prevention of the escalation of tensions. Quick responses and mechanisms are needed to initiate action.
• (d) Integration of IW & PR machinery. Creation of media cells at the IDS and at the Intervening Jt ServiceHQs, having linkages Defence PROs from each of the Services and with IW br at fmn HQ level would be the right model for structuring the PR &stratcomn machinery. Each of these media cells would coordinate intelligence, disseminatecommuniqués, monitor social media and engage with local media to convey the right msgs to the right audience. The IW branches may also ensure that troops on the ground are psychologically oriented and remain routinely briefed on developments and changing mandates in the op area.

Conclusion

To defend the armed forces in cyberspace, the aspect of including the Armed Forces networks particularly the Network For Spectrum (NFS) and Defence ComnNetwork(DCN) under the NCIIPC should be explored. The security of these networks is of utmost importance to the security needs of the country and the Corps of Signals needs to reorg itself to ensure the same. For cyber offensive ops, there is a need to evolve a common understanding of the targeting philosophy between the military and non-military sectors. While the awareness, resources, organization, and limited infrastructure for cyber security existed on the ground and some activities are being undertaken, there is a glaring gap in the cyber power capabilities of our defense forces. Given the threats and the digitized battlefield, it is a strategic deficiency that could seriously impact our national security and therefore needs to be addressed urgently in ‘Mission’ mode. The ADGPI can transform into a powerful tool for IW using cyber means. However, it needs to be empowered and enmeshed with the Defence PROs and integrated with the IW Br at the IHQ of MOD.