The Author is Former Director General of Information Systems and A Special Forces Veteran, Indian Army

The vicious surprise attack on Indian troops by the People’s Liberation Army (PLA) on night of June 15-16, 2020 at Galwan has become world famous though the PLA had little idea what it was bargaining for. India suffered 20 killed but the PLA suffered more than three times that number even as China’s Communist Party (CCP) is loath to admit the same. The pusillanimous display of Chinese soldiers in the terrain of Eastern Ladakh has led to the PLA recruitment drive in Tibet. There are reports that China is planning to create a Special Tibetan Army indicating raising of first ethnicity based PLA units. This shows China’s continuing desire for conflict with India, which must be taken note of.

Notably, the Galwan Clash was accompanied by massive cyber attacks by China which is not well known. News reports of June 22, 2020 revealed that in the last four-five days, China launched at least 40,300 cyber attacks in the Indian cyberspace. These cyber attacks were mainly on India's information technology infrastructure and banking sector. The attacks aimed at causing issues such as denial of service, hijacking of Internet Protocol and phishing, whereby attempt is made to obtain confidential information such as passwords or pass-codes by sending a fraudulent email or text message.

The news report also quoted police sources saying that China-based hackers were suspected to have database of some 20 lakh email IDs of Indians. Phishing attempts include impersonating online government agencies, departments and trade associations overseeing the disbursement of government fiscal aid. One such fraudulent email ID was found to be 'ncov2019@gov.in' which sent bogus information about free Covid-19 testing for residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad. According to recent news reports, one of the fake domains was created in the name of President Ram Nath Kovind Foundation and this was redirecting to a Chinese eCommerce Web site. The trick in these fake domains is that on being discovered, they switch to another IP address that keeps redirecting to the Chinese e-commerce Web site.

Achieving information dominance is one of the key goals for PLA at the strategic and campaign levels.

Concurrent to China biologically bombing the world through the Wuhan Virus in end 2019, there has been a upsurge in Chinese cyber attacks. The Chinese Ministry of State Security (MSS) and its affiliated cyber threat actors use publicly available information sources and common, well-known cyber threat actor tactics, techniques, and procedures (TTPs) to target government agencies and national critical infrastructure of the target countries. Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. China has also been targeting COVID-19 research organisations of foreign countries including India. In addition, China’s MSS and affiliated actors are actively exploiting trust relationships between information technology (IT) service providers, like managed service providers and cloud service providers, and their customers.

General Bipin Rawat, Chief of Defence Staff (CDS) has recently stated that China is capable of launching cyber attacks on large amount of Indian systems. This is no startling discovery; a fact known over past two decades with China repeatedly cyber attacking our government ministries including the Ministry of Defence (MoD) and the Ministry of Home Affairs (MHA), President’s office, government agencies including the National Informatics Centre (NIC), National Technical Research Organization (NTRO), Research and Analysis Wing (R&AW), Defence Research and Development Organization (DRDO), Bhabha Atomic Research Centre (BARC), Dalai Lama’s offices, you name it.

Identifying and attacking enemy C4ISR and logistics system is highest priority for IW attacks

China has interfered with our satellites in orbit, downed a Sukhoi fighter jet close to the Line of Actual Control (LAC) through cyber attack and a similarly a drone close to Doklam in Bhutan. It has selectively cyber attacked our power system as well. Recall the power outage at Delhi’s T3 airport some years back and the October 2020 prolonged power outage and disrupted services in Mumbai reportedly caused by a new coalition of Chinese hackers dubbed ‘Red Echo’ by Recorded Future, a cyber security firm based out of the US.

China recognises complementarities between cyber warfare (CW) and electronic warfare (EW) and the role that the electromagnetic spectrum (EMS) plays for both. According to PLA, EW and CW are not mutually exclusive; it is necessary to recognise their convergence and integration to dominate information operations; hence the term Integrated Network Electronic Warfare (INEW). PLA military exercises incorporate network attacks, network defence, electronic countermeasures (ECM), deception and psychological operations, in conjunction with ground, naval, air forces and strategic missile forces.

Complex electromagnetic environment is practiced by the PLA where ‘blue force’ units target command and control networks via Computer Network Attack (CNA) or jamming critical communication nodes, thus preparing the units for realistic IW environment. PLA artillery units have reportedly developed soft kill capabilities integrated into their fire support missions. Achieving information dominance is one of the key goals for PLA at the strategic and campaign levels. Identifying and attacking enemy C4ISR and logistics system is highest priority for IW attacks.

What is the plan for our military to develop INEW capacity like the PLA, and will we continue to develop the DCA independently and why not a National Cyber Command led by the military

The media has quoted the CDS, General Bipin Rawat saying, “What we are trying to do is create a system in which we ensure cyber defence. And we have been able to create a cyber agency, which is our own agency within the armed forces… Each service also has its own cyber agency to ensure that even if we come under a cyber attack, the down time and the effect of the cyber attack does not last long.” Yes, our tri-service Defence Cyber Agency (DCA) was established in 2019 and is tasked to handle cyber security threats, which according to media would have the capability to: hack networks; mount surveillance operations; lay honey-pots; recover deleted data from hard drives and cell phones; break into encrypted communication channels, and; perform other complex operations.

But the questions that the CDS must address in concert with the policy makers are: what is our offensive cyber warfare capabilities against China – about time we stop concentrating only on Pakistan; is mitigating cyber threats our sole aim; what is the plan for our military to develop INEW capacity like the PLA, and; will we continue to develop the DCA independently and why not a National Cyber Command led by the military as is the case in the US and China?

The current National Cyber Power Index by Harvard University ranks China globally second in cyber power. India is among one of the most cyber targeted countries in the world. That India is the primary target for China’s cyber attacks is without doubt. Hence, in developing our cyber capabilities isn’t it time to dispense with the defensive mindset and give priority to offensive cyber capabilities within the concept of cyber defence? Unless we do so, the next and the CDS too will be making similar statements that are high on rhetoric but low in substance.