The network intrusions into the Kudankulam Nuclear Power Plant and Indian Space Research Organisation highlight a glaring gap in India바카라s cyber response strategy.
The fact that the attackers had the audacity to target such critical organisations without the fear of reprisal should trigger a critical review of our posturing in cyberspace.
To quote a three-star general, who responded to my dire warnings long before these intrusions were detected, 바카라We are beyond a wake-up call now.바카라
Purely defensive manoeuvring is unlikely to restrain the adversary. So, cyber deterrence relies on complex offence-defence symbiosis. Former Central Intelligence Agency (CIA) technologist Matthew Monte goes to the extent of deeming cyber defence lacking a flavour of offence as 바카라ineffective.바카라
Unlike the case of conventional technologies like nuclear weapons, the parameters of cyber deterrence are highly unpredictable.
The first realisation for our cyber commanders should be that cyberspace is purely a domain of power projection. The undue pressure of creating physical or kinetic effects just acts as a distraction.
Gen. James Cartwright, the US바카라s earliest cyber commander, foresaw this way back when he postulated that the coercive power of 바카라cyberweapons바카라 could be used to 바카라reset diplomacy.바카라 Bringing the adversary back to the negotiating table is a laudable goal.
Rebecca Slayton of Cornell concluded that the cost of developing Stuxnet was roughly $300 million 바카라 heftier than an airstrike 바카라 while the benefits were limited to paltry $14 million.
It busts a major myth around the cyber conflict that it is always asymmetric.
The aim of Stuxnet wasn바카라t really destroying Iranian nuclear centrifuges. As former National Security Agency (NSA) hacker Dave Aitel put it, Stuxnet marked the 바카라announcement of a team바카라 that has been playing World-Cup level soccer on the cyber battlefield for a decade-and-a-half.바카라
Gen. Michael Hayden, who headed both NSA and CIA, mused that Stuxnet had the 바카라whiff of August 1945바카라 바카라 alluding to the bombings of Hiroshima and Nagasaki. The idea was to set new declaratory thresholds for cyber conflict.
As former US deputy secretary of defence Aaron Hughes explained, cyber deterrence 바카라is largely a function of perception.바카라 Its aim is to make the adversary believe that its transgressions may lead to the imposition of unacceptable costs.
However, a major problem with current strategies is that they are struggling to account for the escalatory nature of cyber conflict.
As scholars like Jason Healey of Columbia have suggested that 바카라 despite its awesome cyber firepower 바카라 it was the US which got deterred during the 2016 election interference by the Russians.
Retaliation in cyberspace turns out to be extremely disproportionate and even bizarre.
President Barack Obama and his team had feared that any action against Russia may trigger cyberattacks on the fragile private sector. It was a crucial lesson learnt after Iranian hackers crippled major American banks in 2012 as a response to Stuxnet.
Even the North Korean regime got away with the brazen act of destroying Sony Pictures in 2014 by hacking and making all its data public. The American studio was planning to release a film that parodied Kim Jong-un. As life imitated art, Obama vowed a 바카라proportional response.바카라 Both the Iranian and North Korean attacks were rudimentary in nature.
Nonetheless, such shooting wars should not divert us from the fact that cyber conflict has greatly intensified over the last few years.
The US military바카라s 바카라Left of Launch바카라 strategy 바카라 aimed at disrupting missile tests using cyber-electromagnetic attacks 바카라 is thought to have undermined the North Korean program. As President Donald Trump aborted an airstrike on Iran at the last moment in 2019, the US Cyber Command (USCYBERCOM) went ahead and degraded Iranian military command-and-control.
Again, the aim is to sow fear, doubt and confusion in the mind of the adversary. Cyber deterrence works within the cognitive spectrum.
From a defensive standpoint, it바카라s better to visualise domestic cyberspace as a 바카라continually contested territory,바카라 as former secretary of the US Navy Richard Danzig put it. It calls for a 바카라persistent engagement바카라 with the intruder 바카라 an attritive battle hinged at retaining control.
As such, many of the concepts of counterinsurgency like 바카라Clear, Hold & Build바카라 and 바카라Find, Fix, Finish, Exploit, Analyse & Disseminate바카라 become applicable to cyber defence.
The same idea of constant contestation, when exported to the adversary바카라s information battlespace, becomes pre-emptive manoeuvring like the 바카라Defend Forward바카라 doctrine of USCYBERCOM.
Presence-based cyber operations like espionage prepare the battlefield for event-based operations. The former generally precede the latter by many months or even years. The idea is to produce a potent mix of not just effects but also perceptions.
The National Cyber Coordination Centre (NCCC) should be brought back from stasis to seed automated situational awareness across the defensive spectrum. The National Critical Information Infrastructure Protection Centre could act as the feeder for NCCC.
The Defence Cyber Agency (DCyA) needs to lead the two-pronged framework of deterrence by denial and deterrence by punishment. The job of the National Technical Research Organisation would be to keep the battlefield primed, allowing DCyA to generate effects at a place and time of choosing.
Cyber conflict blurs the lines between war and peace. Victory in cyberspace means not only retaining the initiative, but also the narrative.
Pukhraj Singh is a cyber intelligence analyst who has worked with the Indian government and response teams of global companies. He blogs at www.pukhraj.me.
