INDIAN ARMED FORCES CHIEFS ON
OUR RELENTLESS AND FOCUSED PUBLISHING EFFORTS

 
SP Guide Publications puts forth a well compiled articulation of issues, pursuits and accomplishments of the Indian Army, over the years

— General Manoj Pande, Indian Army Chief

 
 
I am confident that SP Guide Publications would continue to inform, inspire and influence.

— Admiral R. Hari Kumar, Indian Navy Chief

My compliments to SP Guide Publications for informative and credible reportage on contemporary aerospace issues over the past six decades.

— Air Chief Marshal V.R. Chaudhari, Indian Air Force Chief
       

Cyber Laws and Regulations in India — Military Challenges

The recent attacks on Indian institutions, including the military establishment, call for comprehensive cyber policies which back the many dimensions of national security. In a new scathing report on coordinated cyberattacks on India, researchers have uncovered a new espionage campaign targeting Indian government agencies. What is needed?

Issue: 05-2024By Manish Kumar JhaIllustration(s): By SP’s Team
CYBERSPACE IS RECOGNISED AS THE FIFTH DOMAIN OF WARFARE, EQUALLY CRITICAL TO MILITARY OPERATIONS AS LAND, SEA, AIR, AND SPACE. WITHIN THE ASIA PACIFIC REGION, INDIA IS THE SECOND MOST TARGETED NATION FOR CYBERATTACKS.

In 2023, India received 2,138 weekly cyberattacks per organisation. Even within the Asia Pacific region, India is the second most targeted nation, trailing only behind Taiwan’s 3,050 incidents. There was a 15 per cent surge since 2022 which was again the second highest, following Korea’s 21 per cent increase since 2022.

Cyberspace is today recognised as the fifth domain of warfare, equally critical to military operations as land, sea, air, and space. The defence industry is responsible for developing and maintaining critical military systems, infrastructure, and communication networks. Any breach in such systems can pose devastating consequences for national security. In the world of the military, it is all about security breaches through espionage, sabotage, or theft of sensitive military information. With the advancement in artificial intelligence, IoT, and autonomous systems, the attack surface for cyber threats also expanding in its scope and scale.

According to a recent report, released by The IBM Security Data Breach Report of 2022, the average data breach costs in India have reached a record high of ₹17.5 crores, or around $2.2 million for the fiscal year of 2022. The cyberattacks have increased with a massive surge of 6.6 per cent from 2021, and the cost is turning a staggering 25 per cent increase from the average cost of ₹14 crores in 2020.

India needs about seven lakh cybersecurity forces, highlighting the urgent need to address cybersecurity skills and workforce development.

Mostly, cybersecurity breaches in India are about unauthorised access to personal and institutional data which leads to the misuse of personal data. Take a look at the recent case of data-theft of Air India, where the data files from more than 4.5 million customers were leaked in a cyber-attack. In a new scathing report on coordinated cyberattacks on India, Researchers have uncovered a new espionage campaign targeting Indian government agencies and the country’s energy industry with a modified version of an open-source information stealer called HackBrowserData that can collect browser login credentials, cookies, and history. It was discovered by researchers at Dutch cybersecurity company EclecticIQ in March. While they did not mention specific points of attack, the hackers exfiltrated 8.81 GB of data. In fact, according to the report, the data breach could lead to an attack into the Indian government’s infrastructure as per the reports.

Rapidly shifting digital transformation, archaic cybersecurity laws, and the lack of clear, comprehensive data privacy laws, have led the Indian government to begin to reevaluate how it regulates cybersecurity and cybercrime.

CYBER-GAPS

However, the gaps keep surfacing. With such rapidly shifting digital transformation, the complexity poses serious threats across e-governance, e-banking, e-commerce, and private sectors among others. Look at Microsoft’s warning for India regarding China’s potential use of artificial intelligence to disrupt elections, further targeting national security.

There are areas which focus on specific threats but largely, there are challenges in bringing a comprehensive policy draft. The complexity is so vast that summing up a policy draft on key elements of cyber security — digital intelligence solutions, security solutions for Government and Private enterprises, identity Security solutions, IOT, Industrial networks and Critical Infrastructure and Risk-based management platforms—will be a humongous task. But most importantly, the area to address is cybersecurity skills as India needs about seven lakh such forces.

CYBER LAWS AND REGULATIONS

India has some of most robust regulations and laws beginning with the National Cyber Security Policy (NCSP) 2013. Beginning with the NCSP, the Ministry of Electronics and Information Technology came up with the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules 2021. The IT Guidelines replaced IT Rules, 2011 which failed to address emerging areas and threats.

How the policy framework evolved is again based on the emerging threats in the areas. It came upon the challenges posed in addressing data protection led by the Indian Computer Emergency Response Team (CERT-In). Broadly, the CERT-in emerges as a principal guiding force in building a framework for Indian cybersecurity legislation. Moreover, it aims to drive institute data protection policies and protects e-governance, e-banking, e-commerce, and the private sector, among many others.

NATIONAL CYBER SECURITY STRATEGY 2020

The Indian government’s eagerly anticipated follow-up plan to strengthen cybersecurity efforts was unveiled in 2020 as the National Cyber Security Strategy. The major objective of the strategy, which is currently being developed and awaiting National Security Council Secretariat assessment, is to act as the official guide for stakeholders, decisionmakers, and business executives in preventing cyber incidents, cyberterrorism, and cyberespionage in cyberspace.

THE DIGITAL PERSONAL DATA PROTECTION ACT OF 2023 (DPDP) 2023

Finally, the Government passed its long-awaited Digital Personal Data Protection Act (DPDP). While the act borrows its broad definition of personal data from the EU’s General Data Protection Regulation (GDPR), it broadly addresses the key data principles. The DPDP targets the protection of data principals while limiting the activities of data fiduciaries.

WHAT IS REQUIRED?

The crucial aspect here is to continue building a framework as per the widely accepted cybersecurity standards.

The way to address this is to build a comprehensive and informative cybersecurity law in India. The government must continue to work around regulations and reforms to develop a better cybersecurity framework and data protection legislation.

To prevent attacks and limit their spread, a strong authentication process, efficient anomaly-detection systems, and network segmentation should be deployed as the primary lines of defence. Using generative AI, this partnership enhances detection and response capabilities against sophisticated attacks on OT assets for industrial customers, managed security service providers (MSSPs), and managed detection and response (MDR) providers. The collaboration also addresses challenges such as securing OT networks against evolving attacks, while also ensuring smoother deployment and operation.

DEFENCE SPACE AGENCY (DSA)

The DSA will have the responsibility of developing a space warfare strategy and working in close collaboration with the Defence Space Research Agency.

The DSA works under the command of the Integrated Defence Staff and is led by military experts from all three branches of the Indian Armed Forces. As is with other nations, the DSA is an extension of the Indian Air Force and comprises agencies which would deal with the development and operation of various equipment like satellites, radars, missiles, lasers, and other weapons.

THE NEED IS TO BUILD A COMPREHENSIVE AND INFORMATIVE CYBERSECURITY LAW IN INDIA. THE GOVERNMENT MUST CONTINUE TO DEVELOP A BETTER CYBERSECURITY FRAMEWORK AND DATA PROTECTION LEGISLATION.

The overall aim is to align with several nodes within the military. So, the DSA has a primary Coordination Cell. It is important to mention that the DSA not only collects and coordinates with the Indian Space Research Organisation (ISRO) and the Defence Research and Development Organisation (DRDO), it stands as the leading military agency on space as a domain of warfare. This cell is in close coordination with the Integrated Space Cell which is the nodal agency within the Government of India which oversees the security of its space-based military and civilian hardware systems. In fact, for the same reason, the Defence Imagery Processing and Analysis Centre which is responsible for the acquisition and analysis of the satellitebased images has been merged with the DSA.

Weapons Division. This department of the DSA controls the placing and availability of various missile systems and other weapons like lasers and kinetic bombs across the country on the ground and in outer space. This division can be further subdivided into the following:

  • Ground to Space Section: This section will be responsible for all missiles, lasers and projectiles being employed from ground stations to target objects in outer space.
  • Space to Space Section: This section will control all missiles and lasers placed on satellites and launch stations in outer space and will target other objects in space.
  • Space to Ground Section: This section will be responsible for all missiles, lasers and projectiles being launched from space stations and satellites to target objects on the surface of the Earth.

Radar Division. As and when the space traffic increases, more and more radars and control stations will be required to be established in suitable locations all over the country. The role also extends to monitoring adversaries’ assets. Military experts under a committee have recommended another division department for controlling all radar stations and conveying timely and accurate information to all concerned.

Electronic Warfare Division. Focuses on satellite and electronics technology in space and operability. Until now, in terms of military warfare in space, the main objective remains to neutralise the satellite-based surveillance, communications, and positioning systems. It is basically about counter-mechanism to gain tactical advantages. The offensive military tactics are mostly confined and programmed to jam, sabotage, and outright destroy enemy satellites. At the same time, it has a mandate to protect satellites.

INDIA TO AUGMENT SPACE CAPABILITIES

As of now, India has more than a dozen military satellites. The Indian military too employs an assortment of commercial satellites and those run by inviting outside countries in its operations.

It is significant to forcefully make strides in resistance space capabilities as a portion of the “militarisation of space” as India works to decrease guard investing and accomplish self-reliance in the field. This incorporates propelling more satellites into a circle, obtaining superior sensors, high-speed communication, and commonsense and reusable ones, along with the associated framework. Also, India must buy advanced jammers for rebel satellites and protect its shuttle from electronic assaults.

The nation is working to increment its military capabilities in space to attest itself as a strong territorial control in the future. This is because India concentrates on building up self-reliance in guarding, and creating discouragement against China’s developing space resources.


Manish Kumar Jha is a Consulting & Contributing Defence Editor for SP’s Aviation, SP’s Land Forces and SP’s Naval Forces and a security expert. He writes on national security, military technology, strategic affairs & policies.