Newspapers all over the world went into a tizzy recently over reports that Pentagon’s $300 billion Joint Strike Fighter project had been hacked into and terabytes of sensitive data copied; and that these attempts had been traced back to Chinese networks. Similar hysteria also attended the recent attempts to hack into the US Air Force’s air traffic control systems and the US electric grid system. There was also the November 2007 breach of the Pentagon’s email system. While the Chinese have denied any links with these incidents, the matter won’t die down soon given the rising number of such attempted hackings whose trails lead back to Chinese networks.
It’s not just the US. The UK, Germany, France and Australia have also reported attempts to hack into their sensitive networks which, on probing, have been traced back to Chinese networks. Even India has reported Chinese cyber attacks, the most recent being the attempts to cripple the National Informatics Centre (NIC) servers in March this year, in which a few Indian missions were affected. Apparently, NIC servers have been attacked nearly 12 times in the last two years. That’s not all — more than 500 probing missions are reported on sensitive Indian networks like the DRDO almost daily.
The issue is — even if these attacks are from Chinese networks, are they really being directed by China, and if yes, what are the ways to deal with them? The fact is, as more and more content and critical functions shift to the Internet, such attempts will increase and nations will have to find a way to confront them.
Most of these attempts were in the form of infected innocuous-looking emails to sensitive networks and servers, probes into the networks of sensitive installations for strategic information, and distributed denials of service attacks. Moreover, the attacks are increasing in sophistication and frequency by the day.
But the question is, how much sensitive information is directly offered on the Internet? Already, with increasing fears of the insecurity of cyberspace, a few countries have put in place critical information protection policies and infrastructure. At best, only general information is available on the Internet, somewhat more critical information on the intranet and virtual private networks, and the most sensitive information sits on standalone computers.
One insinuation often made is that the attacks are definitely linked to China, and that the Chinese networks where they originate must have the support of the Chinese establishment, given how closely the government there monitors cyberspace. Some of the affected nations have already taken up the issue with the Chinese leadership but there has been no progress as China has flatly denied such happenings. India has not taken any major diplomatic efforts to address the issue although, within the establishment, there is the understanding that network security has to be geared up and looked at afresh. Recently, the Cabinet Secretary reiterated the need to bolster cyber security, which will hopefully result in some action on the ground.
While individual nations do what they can, there is need for a global strategy to address cyberspace crimes. US President Barack Obama has already appointed a committee to prepare a report and increase spending on cyber security. The US must take a lead in fostering a global arrangement to fight cyber crimes, especially cyber terrorism, where Indian can play a significant role. This will help kickstart the fight against the cyber criminals.
Subimal Bhattacharjee is India head of defence firm General Dynamics and writes on issues of cyber security. The views expressed are personal.