Hey, Defence Lovers! India established its cyber force called “Defence Cyber Agency (DCyA)” in August 2021. It is part of the tri-service command, and this article shall discuss its purpose and future.
Cyber-attacks have become an increasingly important aspect of military operations in recent years, as more and more military systems and infrastructure are connected to the internet. A cyber-attack is any attempt to gain unauthorized access to a computer system or network to steal or damage information stored on these systems.
Military cyber attacks are a growing concern in the modern world, as more and more countries and organisations rely on computer systems and the internet to conduct their operations. These attacks can range from simple acts of sabotage or espionage to more complex and coordinated operations that can have significant consequences for national security.
From a military perspective, cyber-attacks can be used to disrupt enemy communications, gather intelligence, or even disable or destroy military systems. For example, a cyber-attack could disable an enemy’s radar or air defence systems, making it easier for friendly forces to launch an attack. Cyber-attacks can also gather intelligence on enemy plans and capabilities or disrupt their command-and-control systems.
Major Cyber-Attacks Worldwide
Several notable examples of cyber-attacks used in military operations in recent years are described in the following paragraphs. One of the most well-known military cyber-attacks occurred in 2007 when Russian hackers targeted the Estonian government, media, and financial institutions in a coordinated cyber warfare campaign. The attacks were believed to be in response to Estonia’s decision to relocate a Soviet-era war memorial and resulted in widespread disruption to the country’s internet and telecommunications infrastructure. The Estonian government accused the Russian government of being behind the attacks, and the incident was seen as one of the first instances of a state-sponsored cyber-attack.
Another major military cyber-attack took place in 2010 when the Stuxnet computer worm was discovered on the computers of an Iranian nuclear facility. The worm was designed to target the centrifuges used in the facility’s uranium enrichment process, causing them to spin out of control and potentially damaging the equipment. While it is not clear who was responsible for the attack, it is widely believed to have been a joint operation between the United States and Israel and was seen as a significant development in the use of cyber warfare as a national security tool.
In 2014, a group known as the “Guardians of Peace” hacked into the computer systems of Sony Pictures, stealing sensitive data, and releasing it online. The attack was believed to be in retaliation for a comedy film produced by Sony that depicted the assassination of North Korean leader Kim Jong-un. The North Korean government denied responsibility for the attack, but the United States later accused the country of being behind the hack.
In 2016, the Russian government was accused of interfering in the United States presidential election through a campaign of hacking and disinformation. Russian hackers targeted the computer systems of the Democratic National Committee, releasing emails damaging the campaign of Hillary Clinton. The incident was seen as a significant threat to democratic processes and raised concerns about the vulnerability of election systems to cyber-attacks.
In 2014, Russian hackers were accused of breaching the computer systems of the Ukrainian military, leading to the disruption of communications and the loss of sensitive information. This attack was seen as an example of how cyber-attacks can be used to destabilize a country and undermine its military capabilities.
In 2017, the United States accused North Korea of being behind the WannaCry ransomware attack, affecting over 200,000 computers in 150 countries. The attack exploited a vulnerability in Microsoft Windows and encrypted the data on infected computers, demanding payment in exchange for the decryption key. While it is not clear what the motivations behind the attack were, it is possible that it was an attempt to raise funds for the North Korean government.
More recently, in 2019, a group known as APT10 was discovered to be conducting a cyber espionage campaign against multiple countries, including the United States and the United Kingdom. The group was believed to be operating on behalf of the Chinese government and was targeting a wide range of organisations, including technology companies, government agencies, and defence contractors. The attack was seen as a significant threat to national security, as the group was able to steal sensitive data and potentially compromise the security of critical infrastructure.
Major Cyber-Attacks on India
India has been the victim of numerous cyber attacks over the years, ranging from simple phishing scams to highly sophisticated and targeted attacks. These attacks have impacted both government and private sector organizations, with the latter being more vulnerable due to a lack of resources and expertise in cybersecurity. In this article, we will explore some of the major cyber attacks that India has been a victim of and the impact they have had on the country.
One of the earliest and most well-known cyber attacks to hit India was the “Operation Aurora” attack, which took place in 2009. This attack was targeted at several major Indian companies and was carried out by a group of hackers believed to be based in China. The attack was highly sophisticated and involved the use of zero-day vulnerabilities, which are vulnerabilities that have not yet been identified or patched by the affected software’s manufacturer. The attack resulted in the theft of sensitive data, including intellectual property and trade secrets, from the affected companies.
In 2011, India was hit by the “Nitro” attack, which targeted several major chemical and defense companies in the country. This attack was also believed to be the work of Chinese hackers and involved the use of a zero-day vulnerability in Adobe’s Acrobat software. The attack resulted in the theft of sensitive data, including research and development documents and product plans.
In 2013, India was hit by the “Red October” cyber espionage campaign, which targeted government agencies, research institutions, and diplomatic organizations in several countries, including India. The attack was highly sophisticated and involved the use of multiple zero-day vulnerabilities, as well as the use of custom malware and phishing techniques. The attack resulted in the theft of sensitive data, including diplomatic and political documents and research papers.
In 2016, India was hit by the “Dino” attack, which targeted the country’s power sector. The attack was carried out by hackers believed to be based in Pakistan and involved the use of custom malware that was designed to infiltrate the systems of power companies and disrupt their operations. The attack was successful in causing significant disruptions to the power supply in several regions of the country.
In 2017, India was hit by the “WannaCry” ransomware attack, which affected more than 200,000 computers in the country. The attack was a global one and affected organizations in more than 150 countries. It involved the use of a ransomware strain called “WannaCry” that encrypted the data on affected computers and demanded a ransom payment in exchange for the decryption key. The attack had a significant impact on India’s healthcare sector, with several hospitals reporting disruptions to their operations.
In 2018, India was hit by the “Aadhaar” data breach, which affected more than 1 billion people in the country. The breach occurred due to a flaw in the security of the Aadhaar system, which is a national identity database that is used to issue unique identification numbers to citizens of India. The breach resulted in the theft of sensitive personal data, including names, addresses, and biometric information, of millions of people.
According to a report by US-based cybersecurity company Recorded Future, Chinese hackers targeted seven Indian power centers in Ladakh in April 2022 using the ShadowPad trojan. The trojan is believed to have been developed by contractors for China’s Ministry of State Security, leading to the conclusion that this was a state-sponsored hacking effort. India’s Union Minister of Power acknowledged the attacks and said that China had launched “probing cyber attacks” on the Indian power grid in Ladakh three times since December 2021, but that safeguards were in place to prevent their success.
The All India Institute of Medical Sciences (AIIMS) in Delhi faced a cyber attack on November 23, 2022 that paralyzed its servers. According to a source from the Ministry of Health and Family Welfare, the attack was traced to China, and of the 100 servers at AIIMS (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. Data in these servers has been retrieved, but the damage could have been far worse if not contained.
These are just a few examples of the cyber attacks that India has been a victim of over the years. It is clear that the country is facing a growing threat from cyber criminals, who are becoming increasingly sophisticated in their methods and are targeting a wide range of organizations and sectors.
Cyber-Attacks and the Military
Cyber-attacks can be a powerful tool for military operations, but they also come with risks. These can be difficult to attribute, and such attacks can lead to unintended consequences or escalate into a full-blown cyber war. For example, a cyber-attack that disables an enemy’s military systems could also disrupt critical infrastructures, such as power grids or water treatment plants, causing harm to civilians.
Military organisations need robust cyber security measures to protect against these attacks and should have clear policies and procedures in place for when and how to use cyber-attacks as a tool in military operations. This can help ensure that cyber-attacks are used in a targeted and responsible, minimizing the risks and potential unintended consequences.
In addition to protecting their own systems and infrastructure, military organisations also have a role to play in helping to defend against cyber-attacks on a global scale. This can involve working with other countries and international organisations to strengthen cyber security, sharing information and best practices, and cooperating on efforts to track down and prosecute cyber criminals.
India established a dedicated cyber force to defend against cyber-attacks and defend the country’s critical infrastructure. The cyber force will be responsible for protecting government agencies, military systems, and critical infrastructure from cyber threats and, in addition, conducting cyber operations to defend against attacks on India’s interests.
From a military perspective, establishing a dedicated cyber force is a significant development for India. Cyber-attacks have become an increasingly important aspect of modern warfare, and military organisations worldwide are investing in cyber security capabilities to protect against these threats. The cyber force will be responsible for conducting defensive and offensive cyber operations and providing training and support to other government agencies and operators of critical infrastructure.
India’s Cyber Force – The Defence Cyber Agency (DCA)
The Defence Cyber Agency (DCyA) is a specialized unit within the Indian Armed Forces that is responsible for protecting the country’s military systems and networks from cyber threats. Established in 2015, the DCA plays a vital role in ensuring the security and integrity of the country’s military communications and operations, as well as protecting against cyber espionage and other cyber threats.
The DCyA was established in response to the growing threat of cyber attacks on military systems and networks, and it is tasked with defending against such threats and safeguarding the country’s military assets. The agency’s mandate includes protecting against cyber espionage, cyber warfare, and cybercrime, as well as conducting cyber operations in support of military operations.
To fulfill its mandate, the DCyA is responsible for a range of functions, including:
- Cybersecurity for military systems: The DCyA is responsible for ensuring the security of military systems and networks, including those used for command and control, intelligence gathering, and communications. This involves implementing cybersecurity measures such as firewalls, antivirus software, and regular software updates, as well as conducting regular audits and assessments to identify and address vulnerabilities.
- Cyber threat intelligence: The DCyA is responsible for collecting, analyzing, and disseminating information about cyber threats that may affect the military. This includes conducting cyber threat assessments, monitoring networks for suspicious activity, and sharing information with other agencies and partners.
- Cyber operations: The DCyA is responsible for conducting cyber operations in support of military objectives. This includes the use of offensive cyber tactics to disrupt or disable enemy systems, as well as defensive measures to protect against cyber attacks.
- Cyber training and capacity building: The DCyA is responsible for training and capacity building in the field of cybersecurity within the military. This includes providing training to personnel on cybersecurity best practices, as well as working with other agencies and partners to build capacity in the field of cybersecurity.
The DCyA is equipped with advanced technologies and capabilities to carry out its mandate. This includes the use of advanced cybersecurity tools and technologies, as well as a team of highly trained and skilled personnel. The agency also works closely with other agencies and partners, including the National Technical Research Organization (NTRO) and the Indian Computer Emergency Response Team (CERT-In), to share information and coordinate efforts to address cyber threats.
The DCyA plays a vital role in India’s national cybersecurity strategy, which is designed to protect the country’s critical infrastructure and systems from cyber threats. The agency works closely with other agencies and partners to coordinate efforts to address cyber threats and ensure the security of military systems and networks. In addition, the DCyA works with industry and academia to promote research and development in the field of cybersecurity and to build capacity in the field.
Challenges Faced By the Cyber Force
One of the key challenges facing the cyber force will be the need to stay up to date with the latest cyber threats and technologies. Cyber-attacks are constantly evolving, and the cyber force will need to be able to adapt and respond to these threats in real-time. This will require advanced technical skills and a deep understanding of the latest cyber threats and trends. This requires the agency to stay up-to-date with the latest technologies and tactics to defend against them effectively. Another challenge is the lack of resources and funding, limiting the agency’s ability to invest in new technologies and capabilities.
The cyber force will also need to work closely with other government agencies and operators of critical infrastructure to ensure that the country’s cyber defences are as effective as possible. This will involve sharing information and best practices and coordinating efforts to defend the country against cyber threats.
In addition to conducting defensive operations, the cyber force will also be responsible for conducting offensive cyber operations to defend against any attacks on India’s interests. This could involve disrupting enemy communications, disabling enemy military systems, and gathering intelligence on enemy plans and capabilities.
Overall, establishing a dedicated cyber force is a positive step for India to strengthen its cyber security capabilities and defend against cyber threats. By bringing together experts from various fields and working closely with other government agencies and critical infrastructure operators, the cyber force will be well-positioned to defend against a wide range of cyber threats facing India. If it functions as intended, it can become a great asset to the country.
