By Dr. Ravi Bhatia
The world-wide web or the internet has become an omnipresent presence in the contemporary world. From sending and receiving messages to accessing services such as banking, booking rail or air tickets, to trading shares on stock exchanges, more and more people inhabit cyberspace with the aid of a computer. Science fiction writer William Gibson coined this term, which indicated his vision of a global computer network linking people, machines and sources of information throughout the world. Anyone could navigate through this virtual space and use this facility freely for learning, sending and receiving messages and photos and other visual materials.
Large computer systems connected to internet and local intranets have also become indispensable in defence services, atomic energy establishments or space research organisations such as ISRO for launching satellites or rockets or in other similar sensitive areas. These organisations connect through complicated computer systems called servers and specialised, sophisticated software for operational processes that need utmost security for safe keeping and analysis of data and computer operations.
Satellites, whether meteorological or scientific, are launched and maintained by advanced computer programming. Data received from them also need sophisticated handling for analysis and dissemination. Because of these universal applications of computers and their control systems and servers, a new danger lurks behind these large computer systems.
Serious threat exists when military, scientific or bank servers are hacked by so called computer viruses also called malicious software or malware. This term signifies the penetration of individual or institutional computer systems by viruses with malicious intent. Here the entire operations of these organisations whose servers have been hacked are at risk. Sometimes the danger is more acute as the systems are completely disturbed or destroyed.
The targets of malware on computer systems can be civil or military. Civilian targets could be gas or oil refineries, disruption of banking and stock exchange operations, jamming communication networks such as telephones, disabling websites and disruption of online reservation systems of air and rail.
The penetration of malaware into military or defence systems has a very sinister design. By means of hacking military or service servers, a terrorist organisation can wage war or destroy the military operations of a target of their choice. Several terrorist operations can be undertaken by this means. It could mean steering computer controlled helicopters to a different destinations, destruction of military or weather satellites, penetration of nuclear facilities with an intent to dame, dislocation of military operations.
Military warfare hacking computers and introduction of malware is often called cyberwar. Modern warfare is heavily dependent on remaining in contact between the commander of a military operation and the soldiers and officers in the forward lines as well as stationed elsewhere. The commander collects information from the forward and other lines, analyses it and then gives appropriate directions to all the military personnel in that operation. Collecting, sharing information, and giving directions is done through internet and intranet networks. If this system is hacked the military force becomes lost or goes blind. It does not know what to do and how to act. The aerial layers of the military command – helicopters, warplanes also become dysfunctional and confused. Thus when the military command’s network is hacked, the whole capability of a military unit is reduced if not totally destroyed.
What would be the impact of a cyberwar? According to Richard Clarke in charge of counter terrorism and cyber security in USA, this would lead to a catastrophic breakdown of systems that we swear by within a very short period of time with damage to of oil refineries, air traffic control systems, derailing of mass rapid transport systems, orbiting satellites spinning out of control, among others. These events would lead further to other breakdowns of transportation of food supplies and other essential commodities. The impact could be as devastating as that of a nuclear war.
A recent case of a software bomb called Stuxnet was reported in the Times of India, designed to penetrate Iran’s nuclear facilities in order to sabotage them. This has been achieved by producing a malware that is able to recognise a specific nuclear facility’s control network in order to destroy or paralyse it. The same newspaper reported on 27th September that Iran admitted to 30,000 computers having been affected by Stuxnet but denied that their first nuclear plant at Bushehr was affected. Iran maintained that the main systems at this power plant were not affected and computer programmes were running normally.
Guarding against cyber terrorism
Terrorists can pose serious dangers by resorting to cyber war tools. Modern countries must guard against these hazards. Whether or not an actual terrorist organisation engages in cyber terrorism, we must protect ourselves from its potential danger. Countries like USA, Russia, UK and others are aware of these dangers. They have set up various command posts to remain alert and take precautionary steps to prevent these types of risks and if something actually happens how to take prompt remedial action.
What can India do to ward off similar cyber attacks on its critical computer systems belonging to military, space research, nuclear facilities etc?
This is a complicated and a very sensitive area where not too much information is available.
However some of the basic steps that are needed to protect the country from this type of cyber attack are briefly presented below:
1. Recognition of the dangers of cyber attacks.
2. Design of computer security architecture to prevent infection of computer systems from malware viruses.
3. Training of relevant computer and military experts.
4. Setting up of a joint command directly under the Prime Minister or the National Security Agency.
The system of prevention of neutralisation or destruction or military computer systems and network is a very complex, sensitive and secret operation. But it is important to realise the inherent danger of cyberwars and take whatever preventive steps possible.