Washington: Senior US officials raised two alarms this week related to cyber warfare – one was about the possibility of a “cyber-Pearl Harbour” against America and the other about keeping Chinese telecom giants, Huawei and ZTE, out on national security grounds.
Both warnings are equally applicable to India given the rampant hacking of government computers traced in many cases to China and the rise of Huawei as a player in the Indian market. The company has already established itself in Bangladesh, Nepal and Sri Lanka.
But Washington is not putting out the welcome mat just yet. The intelligence committee of the US House of Representatives completed an 11-month investigation into the activities of Huawei and ZTE following many allegations of wrongdoing. Its report released on 8 October recommended that the US government and businesses stay away from equipment made by the two Chinese firms at least for sensitive work. The panel also asked the government to block mergers of US companies with the two Chinese firms.
The intelligence committee received “numerous allegations” from US companies that used Huawei equipment about data moving to computers in China. For example, a router would suddenly come alive in the middle of the night to do transfers to “home” computers. Why Huawei equipment would indulge in such spontaneous sharing with computers in China was never answered satisfactorily for the investigators.
Huawei chose not to come clean on its exact relationship with the Chinese government — apparently there is a communist party office in the Huawei headquarters in Shenzhen. Who are its shareholders? How will it act when under Chinese law, the Chinese government asks to use its equipment?
Huawei was founded by an engineer who earlier worked for the People’s Liberation Army and is believed to still be close to the authorities. Since opacity is China’s second name, the US has chosen to err on the side of caution.
India should also weigh the idea of opening up to Huawei. Its aggressive and attractive under pricing should be measured against the risk of handing over the telecom backbone to a company, which may have the power to cripple systems at the drop of a virus.
Equally significant was Defense Secretary Leon Panetta’s warning about the growing dangers in cyberspace. In a major speech last Thursday, he talked of “foreign cyber-actors probing America’s critical infrastructure networks” and targeting computer control systems. In many cases, the intruders have successfully gained access and could possibly attack the systems to cause panic and death.
A future nightmare scenario could be disabling of trains, financial networks and water supply in combination with a physical attack. “The collective result could be a cyber-Pearl Harbour, an attack that would cause physical destruction and loss of life…and create a profound new sense of vulnerability,” Panetta said.
It may sound like hyperbole but he cited the cyber invasion of Aramco, the Saudi Arabian state oil company, and Ras Gas of Qatar this summer as real life examples. A virus called “Shamoon” permanently disabled more than 30,000 Aramco computers. Or “killed” them in other words. A picture of a burning US flag replaced the files and labeled everything “Garbage.”
Some experts say it was Iran’s revenge for Stuxnet, a virus that the US and Israel apparently had unleashed at the Iranian nuclear site in Natanz. It came to light in 2010 when it leaked out and affected computers in many countries, including India. An estimated 80,000 Indian computers had been infected.
Stuxnet was followed by another devastating virus called Flame, which also created havoc in Iran’s government agencies.
It is a bit rich for the US to raise the pitch on cyber warfare, having used a virus to send Iranian centrifuges out of control. But be that as it may, the larger point about preparedness is valid.
Cyber warfare is already a reality with Russia, the US, China and an increasingly Iran raising digital warriors in the thousands. According to cyber security experts, China has a 30,000-strong cyber army with another 150,000 hackers who serve as a support group. Russia is said to have 7,000 cyber warriors.
The US created a Cyber Command in 2010, which is expected to be elevated to a fully unified command. Washington has set aside nearly $3 billion in the 2013 defense budget for cyber security operations. The “rules of engagement” are being finalised under which the Pentagon would be able to “defend” the private sector against an attack that may result in physical destruction.
Cyber security experts have warned that Stuxnet could be harnessed by independent troublemakers since it has spread so widely. And there are other cyber weapons. A major reason behind Panetta’s comments on cyber security was to send a signal that the US has both offensive and defensive capabilities.
A logical question: how secure are India’s cyber borders? Has the National Technical Research Organisation (NTRO) kept up with the threat and prepared a response?
Experts rate India’s cyber security poorly, especially those who have worked with the government to raise awareness. It seems even ordinary cyber attacks can succeed easily.
On the 50th anniversary of the Chinese attack, which caught India unprepared on its physical borders, it may be worth pondering if New Delhi will be found napping again. This time in cyberspace.