The cyberspace has become a new area of conflict between nations. Of late, the American Democratic leadership has been accusing the Russians of grossly meddling in the US elections to favour President Trump. Feeding fake news to confuse an adversary’s military or its people is a common practice. Lately, many countries were in the news for either being targeted by fake news or were the originators of it. Cyberattacks between the United States and countries considered hostile to it, such as Iran and North Korea, continue. The US and China too have a long history of targeting each other in the cyberspace. However, since both these major powers have the ability to seriously damage each other’s systems, they have developed an understanding to stay away from cyber conflict to a large extent.
The mafia also uses cyberspace to expand and deepen its criminal activities. Their primary motive is to make profit or divert attention of the authorities by spreading fake news. Even major nations in certain situations use hacking as a tool to confuse the adversary or to facilitate dialogue on serious political and economic issues.
Clearly, cyber warfare is a major tool that can be used to influence the outcome of conflicts or to reduce and weaken the power of the adversary. It has established itself as an essential component of a country’s national power and its utilisation in all phases of conflict is a common feature adding complexity and confusion in the realm of warfare.
Major global and regional countries, apart from having an offensive capability in cyber warfare, have also developed deterrence against cyberattacks. By establishing a deterrence relationship, they in fact bring about restrain and a form of balance that acts as a shield against cyberattacks.
The US, Russia, China and several regional countries including India, Pakistan and Iran have also developed defensive systems to shield themselves from cyberattacks. Despite these measures there are several military and civilian systems that remain vulnerable to a cyber offensive.
There are no definite criteria to define as to what constitutes a credible cyberattack. But if the enemy’s defence or offensive systems become ineffective, or fake news is treated as real leading to the adversary’s weakening, it should be credited to being successful. The US cyberattack on Iranian defence and strategic systems was effective. The retaliatory response of Iran on the US was apparently successful which led to a stalemate in the realm of cyber warfare. When the tit for tat response shows signs of escalation, mediation should be the most appropriate course of action.
Developing countries are somewhat less vulnerable to cyberattacks in comparison to technologically advanced military powers. The most vulnerable are the US, Russia, China, and several European and West Asian countries that rely heavily on sophisticated communication and monitoring systems.
The chances of cyber warfare escalating into a full-fledged war are comparatively less in a kinetic conflict. When cyber weapons are used it takes time for the adversary to identify the nature and source of the attack. Whereas with kinetic weapons the effect is instantaneous and so could be the retaliatory response.
In the India-Pakistan context where tensions are running high and fake news flourishes, prospects of serious conflict are ever present. Introducing Confidence Building Measures (CBM) would be highly desirable. But PM Modi’s present intransigence makes such a proposition unlikely to materialise.
It is, however, encouraging that there are agreements between countries at the global and regional level to reduce chances of escalation due to malicious activity by certain elements. The 2015 Agreement between China and the US is one such document. This agreement did contribute to reducing the malevolent conduct of state institutions. With the availability of the Hotline, prospects of escalation decreased considerably. But after nearly one and a half years as the trade war between the US and China escalated, cyberactivity picked up.
Cooperation between the countries of the Shanghai Cooperation Organization (SCO) and within European countries to counter dangerous cyberactivity remains fairly effective. However, the difficult areas are the Middle East, North East Asia and South Asia where the prospects of cooperation are minimal due to their perennial rivalries and territorial disputes.
Pakistan needs to develop a comprehensive cyber policy. There would be tolerance for this slackness at the international level up to a point. It has been experienced that when China entered into an agreement with the US on cybersecurity, it had to go through a review of its weaknesses and rectify the shortcomings. In short, adherence to the bilateral agreement led China to overcome its weaknesses.
Sensitive military organisations of major powers do not use Microsoft or any commercial software. Understandably, they have their own dedicated or stand alone systems to ensure a much higher level of security and less prospects of vulnerability. Pakistan needs to invest more in cybersecurity for offensive and defensive purposes. It also has to take effective measures against rogue elements. Governments at times do tolerate or deliberately use rogue elements for cyberactivity to confuse the adversary. These are identifiable if proper forensic techniques are used. Experts recommend there should be certain red lines that should be drawn so as to avoid a dangerous escalation. After the Pulwama attack, information warfare between India and Pakistan escalated. Managing cyber rivalry is part of modern warfare.
To avoid any misunderstandings during tense periods, India and Pakistan would be better advised to engage at track 1.5 or directly at the military official level. If that is not possible experts recommend that personnel from leading technical training schools of both could be given this task.
There is a need for serious legislation on cybersecurity issues. Our Parliamentary Committee under the guidance of Senator Mushahid Hussain has done very valuable work in this area that needs to be passed by the Parliament. India has a strong defence and offense cybersecurity policy. We need to step up our legislation and accord a high priority to cybersecurity.
Published in The Express Tribune, October 16th, 2019.