Friday, November 29, 2024

Pakistan and India Cyber Security Strategy

South Asia Security Paradigm: An Introductory Analysis
“To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.” Sun Tzu

The modern world is known as the age of technology and globalization which is characterized by the information and explosion of knowledge. This has not only changed the way the war is fought but it also changed the way we are living. The old conventional war doctrine has changed into a new warfare doctrine on the basis of information technology. There has also been a paradigm shift in the nature of conflict and of national security patterns. It is mainly due to the spread of information technology and the effect of globalizations which has almost diluted the concept of national borders as it was in early 17th and 18th century. The 21st century witnesses to change the shift into two different directions – first dilution of state power to non state actors such as Multinational Corporations (MNC’s) and second is the economic relation between states. These transformations have made use of military policies are less attractive and soft power is considered to be more workable as compare to hard power.

In today world the non-kinetic dimensions1 of statecraft have gained dominance in formulating the global security measures. This has brought to change the concept of security paradigm from traditional to nontraditional. During the cold war period traditional concept of security was much focused in the world politics. The realist paradigm was dominated in the global politics. This school of thought was mainly addressing the issues related, how to expand the military power and how to protect the state interest. But the collapse of Soviet Union shocked this school of thought and it also gave the new concept of security matters such as human security, environmental degradation, food security, social security etc. These changing trends were also felt in South Asia.

South Asia region is the most charged area in the world. As Karl Deutsch described, “security community’ may not be just around the corner in South Asia, the region could be more peaceful, stable and secure if the countries bring about changes in their attitudes”. The hostile relation between Pakistan and India is always discussed in the world forum. Both states are nuclear powers and with well developed missile technologies. Moreover, the strategic importance of the region gives it a special importance in the world politics. In today’s technological world, the traditional security approach which is mostly depending on military is become special in the presence of digital threat in the region. The cyber war between Pakistan and India can also be possible to create the major conflict in the region in near future. Although, officially Pakistan and India are not involved in recent cyber attack on critical infrastructure of both sides but non state actors are busy to creating the situation of war. These non state actors can possibly exploit the situation to bring about a new war between Pakistan and India. Pakistan and India must formulate such a mechanism that will help to make cyber space free from any conflict and this can only be possible with the cooperation of both states. Moreover the security matters can be resolved to make SAARC as an effective organizations.

The development of technology effects the way of clash and war. Amongst the recent aspects of including in clash is “No Contact War” (NCW). The adversary is unseen. Several states are moved to attaining this unseen capacity. In a digital war are included the digital surveillance, figuring out, source-code sharing, production of hardware and many more. China has significantly created its ability in this respect to impressive extents. USA also declared its cyber strategy and the serious digital war between China and USA remains high. Some security pundits declare that this is a new Cold War between two major powers in the world but this Cold War is on the basis of utilization of technology. Unlike other warfare or weapons there is no such kind of treaties or mechanism to ban to use or to develop cyber weapons. In this manner nations which are antagonistic could assemble assets. Moreover, this competence could be imparted to terrorist and fundamentalist gatherings to wreak disorder on a planned enemy.

The provincial circumstance is unverifiable. Relations with China and Pakistan have not seen any significant change but Pakistan and India cannot ignore the threat of cyber war. Previously, the nuclear weapons, missile race and long disputed such as Kashmir, Sir Creek, Siachen were always debated between Pakistan and India but now the digital threat is become a debatable threat. This paper will provide an idea and overview of comparative analysis between both Pakistan and India cyber security strategy in the 21st century.

Pakistan and India Cyber Strategy
Digital security is a complex issue that cuts crosswise over various areas and calls for multi-dimensional, multilayered activities and reactions. It has demonstrated a test for governments in light of the fact that diverse areas are normally managed through ministries and departments. The expanding centrality of the internet indicated by the International Telecommunications Union (ITU), that only in India the Internet users have increased from 2005 to 2013 to more than two billion. These internet users are using the internet for their own purpose and as a result electronic crimes have also increased over the last two decades. Such interruptions or increase of cyber crimes around the world serve as a wake-up call to enhance the security and solidness of the internet regarding security. Pakistan and India are also working to formulate a cyber security strategy and in the proceeding discussion a comparative analysis of both states will be discussed in detail.

Indian cyber Security Strategy: A Historical look
India’s economy is growing day by day. To protect the critical infrastructure and electronic market India is working since the last four decades to formulate a proper cyber strategy. In 1975 the Indian government established the National Informatics Centre (NIC) whose aim was to provide IT solutions to government organizations and also to the private sector2. This policy was slightly changed in 1998 due to the consequences of some reasons. Firstly, it was because of more dependency on the internet in military. Secondly, unknown hackers attack on Bhaba Atomic Research Center which created serious alarm for Indian security. Thirdly, India was progressively developed in space technology and it is very important to secure these stations or space program from unauthorized user.

The New Internet Policy of 1998 was cemented to control the multiple Internet service providers (ISPs). In 1998 there were approximately two million internet users but now there are an estimated more than 100 million; these users are not only connected to the Internet trough computer but this access is increasingly shifting to mobile phones and tablets. It is very interesting that the Indian National Broadband Plan In 2010 aimed to the target 160 million households by 2016. In 2012 a survey was conducted in India according which there were more than 34 million users registered in India who used Yahoo and Gmail, the two top main servers in the world3. This trend has also been seen in the social networking website such as Twitter, flickers, hangout, Viber and Face book. India currently has the fastest growing users portfolio of these two top social networking sites (twitter and face book). An indication of the rapid use of the Internet in India in different departments also show how much India depends on IT. The Indian Railways saw its online sales go up from 25 million tickets in 2010 to 58 million in 20134. The government has taken some initiative to secure cyber connectivity and is still trying to figure out both the scope and meaning of security in cyberspace and apportioning responsibility. The government of India would necessarily have to work closely with the private sector, particularly in promoting cyber security practices and hygiene.

Indian Cyber Strategy in Present Era
The world is moving to secure the cyberspace. The European Union, U.S, China, Russia and many other countries are busy securing cyberspace. They have drafted laws and some states have declared cyber strategy to counter this digital threat and India is also moving towards proper cyber security strategy. Indian security officials have worked on cyber security strategy from 1998 and have adopted different steps and arranged many meetings with security and IT experts. In August 2010 the Indian government decided to form a cyber wing in their military institutions whose purpose was to defend any digital attacks from any part of the world, protect the critical infrastructures from state and non state actors inside or outside the countries, this cyber army can be used to spy on the grouped information of threatening countries (Pakistan and China) by hacking into their computer network systems. The Indian economy is moving towards digital structure so it is very important to have a proper structure that can be used in case of an unfavorable incident. In this respect security experts along with technical experts are working to devise a strategy on how to deal with this threat. A procedure was drafted on July 29, 2010.

Consistent with the strategy drafted in the meeting, India will recruit IT experts and programmers who will be allotted to be in all out attack mode or to start preemptive strikes by rupturing the security dividers of foe’s computer network. After four years work Indian released the National Cyber Security policy on July 2, 2013. The document of policy is the clear indication of the importance of IT for India. The policy is based on different parts. It also highlighted the problem of IT in Indian economic activities and its protection. It also gave guideline to protect the infrastructure and use internet as medium to build soft image of India. The central theme of this policy is to protection of cyberspace inside and outside and information infrastructure, address the threat and minimize the vulnerabilities. It provides the basic guideline to build capabilities to prevent and respond in case of digital threats. It also helps to minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation. To achieve the objective of this policy in broader way it is very important for India to create a secure cyberspace ecosystem and work to strengthen the regulatory system. For this purpose A National and sectoral mechanism known as National Critical Information Infrastructure Protection Centre (NCIIPC) has been envisaged to deal with cyber threats. Secondly, India formed a Computer Emergency Response Team to deal with any cyber crisis. This Center is responsible for coordination and operationalization with different sectors so it also acts as an umbrella organization for cyber security matters. Thirdly, a mechanism is proposed to be evolved for obtaining strategic information regarding threats to information and communication technology (ICT) infrastructure. This system is used for prevention, response and recovery action. Fourthly, for next year more than five lac professional computer experts will be inducted in different Government and private organizations. Fifthly, strong relations should be built and cooperation between public and private organizations to address the cyber threat. Sixthly, in Indian army cyber command wing will be established and cyber security defense will be improved.

The release of cyber security policy is considered one of the most important breakthroughs in South Asia. This policy also indicates that the new medium of war i.e. cyber war is entering this region. As traditional and nontraditional security is also creating disturbance in South Asia it may be possible that this new media will have the same implication as the other tool of war did in the past. The Indian Army directed a war exercise called the Divine Matrix in March 2009 that shows how seriously India looks at cyber security.

Pakistan position in Cyber Security Context
Since independence, Pakistan and India are not enjoying the good relations. The tense relation between both nations is due to lot of unresolved and long disputed issues such as Kashmir, Siachen Issues, border issues, Sir Creeks and many more. After the overt nuclearization of Pakistan and India the threat paradigm has been further compounded to involve both kinetic as well as non-kinetic. Due to greater interdependence and globalization the threat has changed and acquired a new form. Now, information, cyber and media are new tools of influence alongside other traditional means. However, until recent past Pakistan national security decision maker was primary focus on kinetic threats about but now non-kinetic challenges are impinging is slowly being realized. From Pakistan’s point of view, it is currently a field and straightforwardly talking Pakistan is not ready to give strong reaction if any cyber attack happens. Pakistan cyber security strategy can be discuss with two different steps i.e. NR3C and Role of Pakistan Senate Defense committee.

National Response for Computer Crime Center (NR3C)
In 2007, Pakistan was created a department for cyber crimes. This was the consequence of some events5. Firstly, it is due to increase reliance of internet on various governmental and in private organizations. Second, now the terrorist use the Internet for communication. Third, India has developing proficiency of cyber weapons. Fourthly, it helps to monitor global security issues and gather IT security intelligence. Lastly, handle and investigate cyber crime to uphold existing laws to battle computer related crimes and to ensure purchasers and Internet clients. However, this center is to stop low level harm. “The reason for creating the National Response Center for cyber crime (NR3C) is to stop the abuse of Internet and follow those included in cyber identified crimes,” Iftikhar Ahmed, spokesman for Pakistan Interior Ministry, told the press at that time. Importantly, it is very interesting that NR3C only handle small issues6 and it is need to be make more effective to crub the digital threat7. NR3C till now in 2014, have arranged more than fifty different seminars to give awareness about electronic crimes. It has also received sixty eight complains from its zonal cyber crimes unit8.

The Role of Senate Defence Commite of Standing
The CIA contractor Edward Snowden has disclosures the U.S secret that how it is used to monitoring the different countries. According to reports Pakistan is the second largest target of U.S. Edward Snowden who claimed that the American National Security Agency (NSA) was spying on Pakistan through internet and online communication systems with 13.5 billion pieces of email, phone and fax communications intercepted. In this regard the Chairman Senate Standing Committee for Defence, Senator Mushahid Hussain Syed called an important meeting in which a delegation of Pakistan Information Security Association (PISA) headed by Ammar Jaffri met Mr. Mushahid Hussain Syed in Parliament House to discuss Cyber Security Strategy.

Senator Mushahid Hussain Syed said in his Six Point Budget proposal:

“Given the security threat posed by snooping and spying by the US through their secret agencies like CIA and NSA, especially of Pakistan which is the second highest in their list of countries being spied online, funds should be allocated in the budget for a Cyber Security Strategy since Pakistan is a victim of Cyber warfare and Cyber aggression. This should be entrusted to a Cyber Security task force, specially constituted for the purpose that can propose counter measures. Its Secretariat should be in the Ministry of IT”9.

This proposal was accepted by all participants without any reservations. In the meeting following agenda was discussed, First, it was decided to work together for the Cyber Security of defence, economy and citizens. Secondly, it was decided to lay a Private Bill in National Assembly and Senate on 14th August, 2013. Thirdly, the draft bill will be prepared with mutual consultation with National Response of computer crimes center and with Pakistan Information Security Association will prepare a report on the said subject. Fourthly, It was also decided that PISA will prepare the draft of Cyber Security Policy Strategy. Fifthly, Senator Mushahid Hussain Syed desired that it is need to induct required skill sets and experience and professional people in various security organizations. Lastly, the Government must come forward and play its due roll in implementing global best practices to protect the Cyber Space as per International standards.

Proposal of Defense Committee of Standing to Counter Cyber Threat
The Senate Committee on Defence and Defence Production organised a policy seminar on “Defending Pakistan through Cyber Security Strategy” in coordination with Pakistan Information Security Association (PISA) in order to address security issues related to the internet. Senator Mushahid Hussain, Chairman of Senate Committee on Defence and Defence Production, in his welcoming address, highlighted the cyber security threat and how it can affect Pakistan’s national defence, security, intelligence, diplomacy, nuclear and missile programme, economy, energy, education, civil aviation as well as industrial and manufacturing units both in the private and public sector10.

“Our cyber security must have three fundamental elements. Pakistan’s digital infrastructure must have the ability to resist attacks, cyber penetration and disruption; Defend against emerging cyber threats, whether state sponsored or otherwise, and ability to retaliate regionally, at least; Ability to recover quickly from cyber incidents, whether caused by cyber aggression, accident or natural disaster,”11 said Mushahid hussain.

Senator Mushahid Hussain responded by informing that the Committee had already taken the initiative to form a Joint Task Force for Cyber Security, having technical support of PISA to present recommendations and situation analysis. He announced the Senate Defence Committee is proposing the following 7-point Action Plan for a Cyber Secure Pakistan12:

Firstly, the legislation of cyber security must be introduced that will use to preserve, protect and promote Pakistan cyber security. Secondly, the committee will coordinate with different ministries so that the Government of Pakistan should accepted and recognized it as new threat and Cyber security threat should be treated as similar to the threats like terrorism and military aggression. Thirdly, it is time for Pakistan to Establishing a National Computer Emergency Response Team (PKCERT). Fourthly, need to Establishing a Cyber-Security Task Force with affiliation with Ministry of Defence, Ministry of IT, Ministry of Interior, Ministry of Foreign Affairs, Ministry of Information and our security organizations plus relevant and leading professionals from the private security so that Pakistan can take steps to combat this new emerging threat and formulate Cyber Security Strategy for Pakistan. Fifthly, an Inter-Services Cyber Command should be established to coordinate cyber security and cyber defence for the Pakistan Armed Forces and also for civilian department. Sixthly, Pakistan should use SAARC forum and take the initiative to talks with others members states particularly India to establish acceptable norms of behavior in cyber security so that these countries are not engaged in cyber warfare against each other. Seventhly, The Senate Defence Committee, in cooperation with the Pakistan Information Security Association (PISA), will have a special media workshop to promote awareness among the public and educate opinion leaders on the issue of cyber security.

Conclusion
Cyber warfare is world’s nervous system and its protection is a world existential factor. It is an innovative era of war. In this domain both Pakistan and India must adopt a policy to share, access and protect information. Although, now war is not just about a country’s potential in the battle field by conventional means rather its function also belongs to have adequate information about battle field. Cyberspace is such a new arena of conflict that basic defense and attack strategies are still unclear. This is because of some reasons – first there have been no major wars between states, second, cyber warfare tactics are highly technical by nature and very difficult to understand by strategist, third, it is very difficult to trace out the hackers and finally, the sensitive nature of cyber warfare makes it very complex and methods to use to conducted cyber attack are totally different from the conventional warfare.

To conclude, it could need total coordination, arranging within various civil and military organizations and spy agencies that are answerable for the Cyber Warfare and the propaganda wars in the cyberspace. Weapons like E-shells have developed as another danger to challenge the military communication network system by transforming enormous electromagnetic pulse. Pakistan also moved a cyber security bill in April 2014. India is also working to secure cyberspace from non state actors. If Pakistan and India will not coordinate, in future it may be possible the new conflicting zone and new arms race will start in cyberspace. So for both states it is very important to work together to curb the danger of cyber threat.

End Notes
1 Domains of Non-Kinetic Challenges These are:- Information Operations, Media Wars, Cyber Warfare, Diplomacy, Soft & Smart Power, 4th or 5th Generation Warfare, Sub-Conventional Warfare, Proxies, Espionage and Intelligence Operations, Effect-Based Operations
2 This NIC is mainly consists of three main wings. First, INDONET which was connecting the IBM mainframe installations that made up India’s computer infrastructure. Second, NICNET (the NIC Network), being a nationwide very small aperture terminal (VSAT) NW for public sector organizations as well as to connect the central government with the state governments and regional organizations. Third, Education and Research Network (ERNET) center which was used to serve the academic and research communities.
3 According to Internet research firm Comscore, 62% of Internet users in India use Gmail
4 A report compiled by the Indian Market Research Bureau (IMRB) projects domestic ecommerce to be in the region of $10 billion by the end of 2011.
5 “National Response Center for Cyber Crime”, http://www.fia.gov.pk/prj_nr3c.htm, (accessed 18th July, 2013).
6 NR3C just handle issues like website defacement, email hacking, financial crime, denial of service attacks, ATM fraud, Mobil communication, anti Islamic/Pakistan material, credit card fraud etc. it is mainly consists of eight wings including forensic lab, media projection, technology development services, network operation and security, legal regularity and issues, seminar and training
7 “National Response Center for Cyber Crime wings”, http://www.nr3c.gov.pk/wings.html, (accessed 18th January,2014).
8 “National Response Center for Cyber Crime”, http://www.fia.gov.pk/prj_nr3c.htm,
(accessed 18th January, 2014). In Pakistan, as contrasted with the satisfactory measures being taken for the upkeep of the conventional forces and the wellbeing and security of the strategic assets, it is alerting to see the nonappearance of any tough risk observation in the theater of cyber warfare. The government and the armed forces appear to have neglected this risk for too long now and are not ready to promptly react to this unique challenge of cyber attack. Pakistan would not be able to bear any more complacency in this regard and preferred take instantaneous steps to react to this sneaking risk on exacting war.
9 “Mushahid chairs meeting of Senate Standing Committee on Defence” The Frontier Post,
July 1st, 2013. In this meeting, Senator Mushahid Hussain Syed also admitted that Pakistan doesn’t have any Computer Emergency Response Team (CERT), so having required experience PISA may help Senate Defense Committee to establish Pakistan National CERT. PISA Team agreed with the suggestion and offered all technical support.
10 “Mushahid for joint Asian strategy to counter cyber threats”, Pakistan Today, July 8,2013, http://www.pakistantoday.com.pk/2013/07/08/news/national/mushahid-for-joint-asian-strategy-to-counter-cyber-threats/#sthash.vRYzlYlC.dpuf, (accessed on August 6, 2013).
11 Dawn, July 12,2013, http://dawn.com/news/1023706/senate-committee-proposes-7-point-action-plan-for-cyber-secure-pakistan, (accessed date August 6, 2013).
12 “7-point Action Plan for a Cyber Secure Pakistan”, Dawn , July 12,2013, http://dawn.com/news/1023706/senate-committee-proposes-7-point-action-plan-for-cyber-secure-pakistan, (accessed date August 6, 2013).

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest Articles

- Advertisement -