Last week at the Hindustan Times Leadership Summit, WikiLeaks founder Julian Assange said that China was ‘sucking out’ confidential emails of India’s premier investigative agency, the Central Bureau of Investigation (CBI). In December 2010, CBI’s website was hacked. Although the Pakistan Cyber Army claimed responsibility for the incident, the real identity of the attackers is yet to be ascertained. Moreover, we still don’t know if there is any linkage between these two events. But these attacks raise serious concerns over the security of the cyber infrastructure of one of the key agencies of the Indian government.
While these concerns are not new, such successful targeting of high-value targets by foreign organisations is a cause for concern. In fact, cyber espionage — at the government, corporate and individual levels — has increased dramatically over the last few years.
Over the past couple of years, Chinese agencies have been accused of trying to hack the Pentagon network, German and French government installations as well as hundreds of unreferenced attacks. Even a former National Security Adviser of India had mentioned that computers in the Prime Minister’s Office had come under Chinese cyber attacks. Google, too, warned of similar attacks on its networks in January 2010 and finally withdrew its search engine from China in March 2010. The cyberspace has become the latest domain of Chinese belligerence.
But the Chinese are not alone in this game and many other nations, either directly or through funded initiatives and hacking syndicates, have been lured into this domain of cyber espionage and surveillance. Apart from trying to cull out information on internet traffic and content usage, many are also trying to secure sensitive data. Even at the corporate level, such activities have increased. The primary target seems to be data and an access to monitor content.
Unfortunately, there is no defined arrangement under which such issues can be addressed globally. With the cyber infrastructure being owned by the private sector and content flow still remaining unregulated in most countries, attempts to push for some form of a structure to address global complaints is yet to fall in place.
The UN-appointed Internet Governance Forum was formed in 2006, but there has been no progress so far. In 2010, its term was extended by another five years to work out an effective mechanism. There have been some bilateral treaties but they are mostly to address cyber crimes.
While many nations have cyber laws today, they are just forming their rules for international engagement in cyberspace and one of the first well-defined models came out of the United States State department in May. However, there is a crying need for a cohesive global arrangement to address the emerging issues of cyberspace. The new arrangement will not only have to address these attempts at cyber espionage, but all other serious issues like blocking and censoring of content and the management of social networks and the contents therein. These issues can become roadblocks in international relations but there is a need to address them before it is too late.
While efforts have begun, they are yet to pick up pace, partly due to lack of understanding of the issues and its complexities, the reach of cyberspace and the divergence of views among nations on issues like internet freedom and human rights. Moreover, the fact that the medium can help to launch covert attacks with relative ease also comes in the way of decisive thinking to foster a global agreement on the subject.
( Subimal Bhattacharjee heads a multinational defence corporation and writes on issues of technology and security )
The views expressed by the author are personal