top of page
Writer's pictureSIS Blog

Cybersecurity Threats: The need for an exclusive clique


By Anshu Kumar


With the ever-interconnected world, cybersecurity concerns spread beyond the political boundaries of countries. It would be pernicious to see cyber threats as an autonomous domain having no ties with the overall health and safety of the state. Recent cyber-attacks in AIIMS and past cyber-attacks on Mumbai’s power grid during the COVID pandemic highlight the incapacity of Indian defence to deal with a bigger iceberg beneath the ocean surface, of which cyber-attack is only the visible ice tip.


Lest we see chaos inside the country when there is a simultaneous war in the North, we need to form an exclusive clique with partners sharing the same threats and interests to deal with the behemoth.



The China factor


Whether it is a grid power attack near the border area in Ladakh, the UIDAI database tampering, intrusions in the vaccine manufacturing units (Bharat Biotech and the Serum Institue of India), the Mumbai Power outage, the AIIMS cyberattacks, cyberattacks on Indian banks or attacks on other critical infrastructures, Chinese involvement cannot be denied.

India ranked second, behind the US, in terms of the number of cyberattacks on the healthcare infrastructure worldwide in 2021. Moreover, IBM’s X-Force Threat Intelligence Team reported that Japan, India and Australia, in 2021, were among the top nations in Asia to be under massive server access & ransomware attacks. The observable common thread binding the countries, under attack, is that they are at odds with China. [However, hackers from Russia, North Korea & Iran are also behind such attacks on the US, Japan and India.]


The Hainan Technology company, under Xi’s ambitious cyber war, has employed hackers to infiltrate foreign nations for precious rewards— trade secrets, proprietary research & data, and other critical information.


Looking from Sun Tzu’s perspective, China is analyzing the patterns of India’s movement by skirmishing at the borders and gauging the latter’s strengths and weaknesses through hybrid warfare, including cyber warfare.

If China is merely testing the water by causing the ‘worst power cuts in a decade’ in Mumbai (affecting the COVID patients in Mumbai’s hospitals) or encrypting the critical data at the AIIMS or possessing the ability to tamper the power supply to key infrastructure near the LAC, we can only imagine the severity of blizzard it can bring to India during a large-scale war.


A scenario where hospitals are chaotic and patients are dying due to power cuts; trade markets, banks and businesses are confused owing to the cyber-attacks; and military communications being infiltrated along with a large-scale war going on the LAC may seem to be an exaggeration. But, precaution and preparation may help India against the Chinese ‘salami-slicing’, even if an above-like crisis does not arise in the first instance.


‘Club goods’


Oona Hathaway and Scott Shapiro recommend the idea of producing 'club goods', instead of bothering to form a universal consensus, to address crises transcending political boundaries.


“Club goods are non-rivalrous (like public goods) but excludable (like private goods). Consider a swimming club. Club members can enjoy swimming in their pool at the same time (non-rivalry) and can use a gate to keep nonmembers out (excludability).”


The real power of the club lies in its exclusive nature. There is no point in making a QUAD group which includes China. Likewise, in a failed bid to exclude India, China concluded a ‘China-Indian Ocean Region Forum on Development Cooperation’ in which India was absent.

It is time for India to keep aside the chant of ‘self-reliance’, at least in cyber security issues, and form an exclusive clique to produce a ‘club goods’—cybersecurity firewall. What the QUAD members are doing on cyber threats is still an enigma.


There is a need to form a ‘Cyber-NATO’, with and beyond the QUAD members, which would not only possess the defensive but also the offensive capabilities against the perpetrators. It would be fruitful for the QUAD members to form a club with other ‘liked-minded’ cyber-power countries like the Netherlands, France, Israel, Estonia or the UK.


The club would commit itself to protect the critical infrastructures of its members (non-rivalry) and keep non-members out from sharing information on threats and potential risks and collaborative mechanisms to deal with the threat (excludability). Alike the Nuclear Suppliers Group or NATO, the effectiveness of this club would be gauged by its exclusive success, in fending off cyber criminals, and with the enhanced longings of non-members to join the club.

Conclusion


Whether cyberattacks have been able to cause significant crises in India or not, what is worth heeding is the ability of the perpetrators to infiltrate major critical infrastructures in India, at a time when the country is not going through any calamity, so to speak.


India is ardent to boast of its Aadhar and UPI success on the G20 platform, but it will be interesting to see how India keeps its citadel secure against China’s cyberwarfare. The Indian government must learn that China would not be comfortable sharing this ‘Asian century’ with India.


India needs to collaborate with ‘like-minded’ partners to build an effective fortress, with people inside the fortress enjoying an easy and free flow of information, research data, and kits to deal with the dragon furiously ready to burn the citadel.



Anshu Kumar is currently pursuing his Master of Arts in Politics with a Specialization in International Studies at the School of International Studies, Jawaharlal Nehru University. His interest areas lie in Indian foreign policy, Realism, strategic studies, Indo-Pacific, the rise of China in geopolitics, India’s relations with great powers, and geoeconomics.


Post: Blog2 Post
bottom of page