Webinar & Virtual Expo, 10 June 2022
The Centre for Joint Warfare Studies (CENJOWS) and Indian Military Review will organise a Webex webinar-cum-virtual expo on “Cyber Defence India” on 10 June 2022.
Background
A Chinese hacking group called RedEcho is believed to have attacked Maharashtra’s electricity grid in March 2021, amidst an ongoing crisis in Ladakh. Hackers from North Korea penetrated the Kundankulam Nuclear Power Plant (KKNPP) in 2019 in a bid to test the cyber security of the plant and steal information about the reactor design.
In some ways, cyber war between India and China is already taking place – after India banned hundreds of Chinese mobile apps, limiting Chinese investments in the Indian economy and giving a bloody nose to the People’s Liberation Army on the Line of Actual Control on 15 June 2020.
The primary objective is cyber military superiority to provide freedom of action in, through, and from cyberspace to support mission objectives. The corollary is to deny freedom of action to adversaries.
Chinese Cyber Attacks
China has been leading a worldwide hacking and economic espionage campaign, using cyber attacks to steal intellectual property in disregard of bilateral and multilateral agreements.
China is one of the world’s pre-eminent players using cyber weapons. Used as methods of espionage, state-sponsored data breaches and server hacks pose a significant threat to global security. China was responsible for worldwide rise of cyber crime by 600% during the Covid-19 pandemic. Even before the virus hit, China had overtaken Russia as the biggest state sponsor of cyber attacks against the West.
Some of the Chinese cyber attacks that have made digital history in the past include:
- Operation Aurora (Jan 2010) affected Internet Explorer, Google and Adobe.
- New York Times’s reporters and employees, in Jan 2013, were attacked for four-months after it published an investigation into how relatives of the then Chinese prime minister, Wen Jiabao, accrued several billion dollars through business dealings.
- The personnel files of more than 20 million people of the US Office of Personnel Management (OPM), were stolen from Nov 2013 to April 2015.
- Four Chinese military hackers were indicted in 2020, for stealing data of 147 million Americans customers of credit-reporting agency Equifax.
- The Vatican’s computer systems were attacked (100 cyber threats a month) by suspected state-sponsored Chinese hackers in July 2020 ahead of talks between Beijing and the Vatican about the renewal of operations of the Catholic Church in China.
- Two Chinese hackers were indicted, on 7 July 2020, in a bid to steal data from Moderna Inc, the vaccine manufacturer. Spain complained in Sep 2021 that Chinese hackers were stealing Covid research secrets from labs.
Indian Targets
In March 2013, DRDO’s computers were breached by Chinese hackers, who took files related to Cabinet Committee on Security (CCS), to a server in Guangdong in China and the Indian defence ministry ordered a probe.
China-linked hacker group, RedFoxtrot, from their intelligence Unit 69010, targeted India’s power sector, including conglomerate NTPC, in March 2021. RedFoxtrot’s predominant targets are sectors like government, defence, and telecommunications across Central Asia, India, and Pakistan.
Some Indian targets included Walchandnagar Industries engaged in India’s Nuclear and Space programmes, and defence manufacturer Alpha Design Technologies and Bharat Sanchar Nigam Limited (BSNL).
The Times Group (Feb, Aug 2021), Unique Identification Authority of India (UIDAI), and MP Police Department (June 2021) have been targeted by suspected Chinese state-sponsored threat activity group TAG-28, which used Winnti malware. In June 2021, APT41 was responsible for cyber attack against Air India.
Russia-Ukraine War
Cyber conflicts are fought in the shadows, but in the case of Russia’s invasion of Ukraine, skirmishes have come out in the open, although the scale has not been as anticipated.
Cyber warfare has been happening between them since the collapse of the Soviet Union in 1991. Russian cyber weapon Uroburos had been around since 2005. In 2013, Op Armageddon, a Russian campaign of systematic cyber espionage on the information systems of government agencies, law enforcement, and defence agencies, began to help Russia on the battlefield. The victims of Russian cyber attacks were government agencies of Ukraine, the EU, the United States, defense agencies, international and regional defence and political organizations, think tanks, the media and dissidents.
Ukraine power grid was first successfully hacked in Dec 2015 and then again in Dec 2016. The State Treasury of Ukraine was paralysed in Dec 2016. The largest known mass supply-chain attack took place in June 2017 using Petya virus.
Other Russian attacks have included wiper virus NotPetya inserted into tax accounting software used by Ukrainian firms, which encrypts computers permanently. Malware dubbed Hermetic Wiper prevented computers from rebooting.
As part of cyber access denial and skirmishes restrictions were imposed on Facebook by the Russian government, prompting Facebook to ban ads from Russian state media. Google’s YouTube platform banned state media adverts. Elon Musk, a US tech titan, provided satellite internet access to Ukraine via his Starlink satellites.
Ukraine launched cyber attacks under Operation Groundbait in May 2016. The Surkov Leaks in Oct 2016 made public 2,337 e-mails and hundreds of attachments, with plans for seizing Crimea from Ukraine and fomenting separatist unrest in Donbas. The IT Army of Ukraine was established in Feb 2022 during the 2022 Russian invasion of Ukraine.
Anonymous, the hacker collective has declared cyberwar on Russia. The group has claimed credit for hacking the Russian Ministry of Defence database, and is believed to have hacked multiple state TV channels to show pro-Ukraine content.
The group has claimed credit for several distributed denial of service attacks. Its targets in the past have included the CIA, the Church of Scientology and Islamic State
Anonymous’ Russian targets included:
- Roskomnadzor, the Russian government agency in charge of controlling access to social media sites.
- Russian news channels Russia 24, Channel One, and Moscow 24.
- Kremlin’s official website, the Ministry of Defence database, over 300 Russian media, as well as banking websites.
- Hacktivists wanted to keep Russians connected to the rest of the world and alternative media by publishing their data in the hope of exposing the censorship that the Russian government was putting on its citizens.
Top Cyberattacks of 2021
There are millions of cyber attacks every year. Some prominent ones in 2021 were as follows:
Colonial Pipeline. In May of 2021, Russian hacking group DarkSide attacked Colonial Pipeline, a significant fuel provider, impacting petroleum, diesel, and jet fuel supplies across the East Coast of America.
Brenntag. In May 2021, DarkSide also targeted a German chemical distribution company, Brenntag, stealing 150 GB of encrypted data, demanding ransom. $4.4 million was paid.
Acer. REvil hacker group attacked Taiwanese computer giant, Acer, demanding $50 million as ransom.
CNA Financial. In March 2021, CNA Financial, a US insurance company was attacked which compromised data of 75,000 people. CNA Financial eventually paid $40 million to regain access.
Facebook, Instagram, and LinkedIn. Social profiles of 214 million social media users (408 gigabytes of compromised data) from these platforms were exposed by a Chinese social media management company called Socialarks.
Bombardier. Canadian plane manufacturer, Bombardier, suffered in February 2021 compromise of the confidential data of suppliers and customers in Feb 2021.
Sierra Wireless. IoT device manufacturer Sierra Wireless was hit by a ransomware attack and had to halt production at its manufacturing in Mar 2021.
Recent Initiatives
The creation of the Defence Cyber Agency in 2019, Cyber Security Coord at the National Security Council (NSC), preparedness for offensive ops by the National Technical Research Organisation (NTRO), defensive measures by National Critical Info Infrastructure Protection Centre (NCIIPC) and the release of India’s National Cyber Security Policy (NCSP) are steps in the right direction. As roles and responsibilities of the armed forces, other government agencies as well as the private sector are articulated, the nation’s vulnerability to cyber attacks will decrease.
The vulnerabilities facing India’s Critical Infrastructure (CI) need to be addressed with greater urgency. Cyber attacks against India’s CI and Strategic Infrastructure (ST), such as nuclear power plants, are not new.
Defensive measures like having a cyber security framework, Cyber Security Awareness, Incident Response Tools, Vulnerability Assessment and Penetration Testing, Multi-Factor Authentication and so on are necessary but offensive defence is the key. Along with space, Indian must prepare for “cross-domain” warfare to include cyberspace.
Webinar Sessions
The webinar has been organised into the following sessions:
(a) Session 1 – Inaugural
(b) Session 2 – Cyber Security Technologies
(c) Session 3 – Countermeasures Framework for Military Networks
(d) Session 4 – Critical Infrastructure Vulnerabilities & Protection
(e) Session 5 – Cyber Warfare Doctrine and Superiority
ALSO READ: Infosec Conferences