Editor’s Note
Is India prepared to fight a 5th Generation War? We have so far witnessed the part application of 5th Generation tools, however, a full range of its tools could well pulverize any opponent even before the targeted country fields its kinetic assets. The article is a call to planners and decision-makers to increase investment in fighting the next war that we would face
…………………………………………………………………………………………………………………………..
A cloned version of the Indian Army app ‘ARMAAN’ is on the prowl and has been targeting army personnel by imitating the app’s appearance and functionality. The fake ARMAAN app modus operandi is to initially request Aadhar credentials from users on their Android phones and then steal personal data with hidden Remote Access Trojan (RAT) attacks. The original ARMAAN app has been designed by the Indian Army and is used for information dissemination: MES related complaints, Army Rest House related and some other services. One of the interesting features of this app is that it allows users to send messages to the office of the Army Chief.
It is not the first such serious threat to the cyber security of the Defence Forces, there are similar other RAT as well as Bot activities that are aimed to steal sensitive data. Imagine if all the contacts, call logs, SMSes, locations, and files from external storage including the sensitive audio conversation are stolen or recorded or reported to a remote hostile server or inimical data-mining agency; it will be a serious and hazardous breach in the security.
There are some new areas of concern also that have sprung up – thus broadening and widening the battlefield beyond the borders. Flashpoints have emerged in the sphere of internal security too. Most of the activities of human life as well as the personal lives of common men are now covered. The Fifth dimension has emerged all-pervasive and has threatened the country from the inside to outside.
How else would you describe the alacrity with which the Indian government has blocked 35 YouTube channels and two websites, which were running anti-India propaganda as well as spreading fake news in a coordinated manner? The Information and Broadcasting Ministry said these websites and YouTube channels had origin in and were operated from within Pakistan and had a huge 120 million subscriber base.
Pakistan was using them for spreading anti-India fake news about sensitive subjects related to India and included topics such as the Indian Army, Jammu and Kashmir, and India’s foreign relations with other countries. Intelligence Agencies had observed that rampant fake news was being spread through the YouTube channels regarding the unfortunate demise of the erstwhile Chief of Defence Staff General Bipin Rawat. Not to be content with it, these YouTube channels had also begun adding content to undermine the very foundation of the democratic process of the upcoming elections in five states in the country, thus impinging upon the security of the country.
Looking at the traditional elements of warfighting mechanisms and the added dimension of cyber, these should not be viewed as compartmentalized elements. Battlefield has evolved to a limitless battlespace that conforms to current realities and as such it must be viewed as an integrated whole.
Warriors are required not only on the battlefront now but on multiple fronts and the operations need to be carried out as a continuum of interrelated activities. The battle is not to be fought by the soldiers on the front alone but by all and sundry; be it in the fields of external affairs or home affairs including the internal matters related to security. Anti-CAA agitation and the yearlong blockade by the farmers of Punjab and others, Greta Thunberg’s Tool Kit and such other activities are the early warning signs of the inimical forces swarming deep into the day-to-day lifestyles of our modern-day existence; it is threatened and when it is threatened the national security slips into the red alert zone.
Cyber threat, as commonly perceived, is neither to be construed nor understood as restricted to cyber-attacks – be it password cracking, social engineering, social media, denial of service, the man in the middle, malware and eavesdropping attack nor hacking of websites, phishing-vishing emails, ransomware demands, stealing of data and identity theft only. The spread is much wider and larger and hence, beyond measurement on most of the scales. Are we all aware and fully prepared?
Today’s simple threat becomes even more complex tomorrow with the onset of Artificial Intelligence (AI), Machine Learning and unassailable crypto technologies such as Blockchain. It is constantly evolving, compounding, and developing in complexities. It is not utterly a wild imagination anymore when we might have a fake digital popular leader, fully cloned through the help of AI, injected into the system; who influences a particular State, its defence forces and the gullible public. We already have instances when digitally altered and fake videos were circulated. These videos misused the available technological tools and misinformed and misguided a substantial portion of the masses and affected the democratic electoral process. It is a Genie unleashed which can barely be pushed back into the bottle and capped.
The cyber threat to national security is today present in the fields of financial management; power generation, transmission and distribution; oil and gas management and the transport sector – aviation, rail, road and shipping and much more. Do you recall and remember the Credit card frauds; money swept from bank accounts; Power grid failure in Mumbai in 2020 and outage of electricity and Jawaharlal Nehru Port Trust coming to a grinding halt a few years back due to the cyber intrusion in the logistics chain – just to cite a few! A cyber activity group ‘Red Echo’ of Chinese origin was responsible for targeting the Indian power sector through malware. Was it not just a teaser of what countries like China or anyone else can do?
National security is not only that of the borders; it includes the security of its citizenry, infrastructure and assets deep within the country. Anything that depends upon, touches or even takes inputs from the world of the Internet, is not safe and is vulnerable forever. You click a picture from your mobile and it thereafter is saved on the Internet cloud. Without much control in your hands, it is then subject to cyber vagaries endlessly.
An innocent picture, posted on Facebook, of the two men posing alone in the desert, gave out the clue to Israeli analysts and intelligence agencies about the possible location of Iran’s nuclear enrichment facility at Natanz. One of the two men in the picture was a nuclear scientist in a meeting with another one. The GPS coordinates gave out the location and an airstrike followed the next day causing great damage and harm to the secret establishment in a perfect hideout with air-gapped Internet service to prevent contact with the outside world.
It might be prudent to further note, the security of the country’s ideologies, cultural and social values and its heritage – all of these need protection and security from the cyber invaders, pseudo-intellectuals and gurus who use social media. YouTubers, Instagram and such tools users have become the social Influencers who build cults that follow them blindly and send forwards without realizing the deep impact and scars they leave on the collective national psyche of the social media users.
Indian Computer Emergency Response Team (CERT-In) has been collecting, analyzing, forecasting and sending alerts of cyber incidents, vulnerabilities and threats. It remains in touch with most of the global CERTs. It nationally coordinates the cyber incident response, however, the sphere of defence forces needs exclusive attention and the military has to step up its proofing of cyber security.
Our belligerent neighbour, China has ramped up investment of billions of dollars into cyberwarfare and cybersecurity for long; but has India kept pace with the need? China believes in keeping tight control of its population and data by developing its network and creating a Great Firewall. It indulges in acquiring others data by keeping a bevy of specialists including the bench strength of hackers who are youngsters excelling in using new exploits to hack into the world’s popular software platforms and services. PLA has special Units which are designated not only snoop but also to conduct offensive cyber operations. These Cyber Units have immense funding and scope to intervene in the operations of their adversaries.
To deal with the adversaries like China, the Indian Defence Forces need to holistically address the structural dimension of all its tactics as well as the operational art keeping in view the challenges posed by the new frontiers.
- The military requires “penta-phibians” or soldiers who can seamlessly operate across all the dimensions of warfare.
- With AI intruding in the arena, it might be worthwhile to develop defensive mechanisms lest it mimics and generates false positives and alarms thereby flooding and fooling the defender.
- Big Data repository is required and the predictive analyses have to be made to reveal and offer the options for actions to be taken.
- Huge amount of investment is needed to plug the gaps in cyber security and the Cyber Security Strategy, which is yet to see the light of the day, has to be hastened up and formulated quickly before the red alert starts flashing so bright as to be blinding.
- Quantum computing is one big area that needs to be addressed quickly. Countries like USA, UK, Canada and Singapore, to name a few, have been involved in deep research in this field and have made substantial progress.
The good news is that in a recent effort, the Cyber Defence Agency has been formed, has begun its work and it’s hoped India would emerge out of the Red Zone soon.
Col Satish Tyagi (Retd)