TechnicalRecommendations5. IndigenousCyber Hardware. Absence ofelectronic manufacturing base and indigenous semi-conductor manufacturingcapability in the country are strategic deficiencies. These are absolutelyessential and fundamental pre-requisites for cyber security and need immediateattention at the highest level.
India announced her National Policy onElectronics (NPE) in 2012 with a view to establish an Electronic System Designand Manufacturing (ESDM) eco system and manufacture of semi-conductors andother electronics in the country. Unfortunately, the scheme did not take offinspite of the fact that it offered attractive financial and taxation terms.This scheme has now been given a push under the “Make in India” programme. Hence,India must now look at equipping all the critical information Infrastructurewith home-grown technologies and software to negate any supply chainVulnerabilities. Till the time the Indigenous capability is developed, thearmed forces should develop the capability for “high assurance testing” at thetime of equipment induction to check the hardware for “embedded malware,backdoors and hidden processes” that hackers could abuse.19.
IndigenousOS. Commercial OperatingSystems (OS) like Windows and Android etc are vulnerable to easy hacking as thecodes are universal. It is therefore important that “hardened indigenous OS” isdeveloped for extra security by indigenous experts from the defence forceswithout any help from the industry. Till such time, Indian OS like BOSS orLINUX OS should be used for cyber infrastructure inducted in Armed forces.20. SecureGPS. The Indian armed forcesshould shift their dependence from the GPS to the Indigenously developed IRNSS(NAVIC) at the earliest.
Latest encryption technology with high levels ofanti-jamming and cyber resiliency should be incorporated in the IRNSS dataexclusively used by the armed forces. The system should include a new militarycode, or M-code similar to US, that uses a different frequency than publicsignals and is more resistant to jamming.6. Encryptionof software. It is extremelyimportant in the current and future battlefield that any data that rides on anetwork is completely encrypted with complex algorithms to render stolen dataunusable in real time.
Data encryption technology that protects sensitive databut at the same time lets computations be performed on it all without the databeing decrypted needs to be incorporated in all Armed Forces Networks like theTactical C3I and the C4ISR as and when they become operational. It is proposedthat ‘Fully Homomorphic Encryption’ technology as is being researched by USDARPA showed be explored for our systems also. File level encryption, Accesscontrol at file level etc should be incorporated as part of Rights managementsystem.
4. PrivateIntranet – Social Media. The social networking sites can be exploitedby the cyber operators by infiltration and influencing the opinion wherefeasible. Cyber espionage has already became the cornerstone of some nations,where international cyber security agencies have reasons to believe, of statecomplicity in major hacking, denial of service attacks in the last couple ofyears. The social media can be effectively used by the CYBRID warriors fordisinformation or rumour mongering / propaganda.
Since social networks becomeeasy prey to such agencies, there is a need to increase awareness of defencepersonal about their vulnerabilities. Also Private Armed forces networks likethe RallyPoint should be developed for the military fraternity which helps themto connect with family members and friends in the services.11 Levelsof Protection. This may be identified considering the fwg aspects :-(a) Value of Info.
It implies the intrinsic value of the information itself.The pers detls of officers may require lower cl compared to say offn plans of afd fmn. (b) Access to Info. It implies the further access to information thatan intruder may get in case he becomes privy to certain information e.g.passwords, User ID etc.
This aspect is peculiar to network security anddeserves a great deal of attn..TacticalRecommendations77. Securityof Defence Networks. For defencenetworks, critical ones must be isolated & a “secure zone” should becreated. Large number of defence networks in the rear areas are engineered oncivil media/networks.
These are highly vulnerable to penetration attacks &act as backdoors to so called isolated defence networks. Also, electronic &physical security measures, particularly those at nodes, assume critical importance.The threat posed by malware concealed in chips/PCBs & equipment fromforeign / unprotected local sources has assumed very dangerous proportions.This needs to be plugged on an emergency basis. Nodiplomatic/economic/political considerations should be allowed to dilute orbypass these. Network equipment should be procured from reliable and indigenousoriginal equipment suppliers. 2. CyberShield for Aerial Platforms.
The current aerial platforms like the aircrafts, helicopters , UAVs etcare complex systems packed with processors, computers, networks, and datalinks, creating an interconnected digital environment that may expose war-fightersto cyber threats. An adversary can carry out a CYBRID attack on these platformswith a soft kill instead of hard kill by disrupting the data links etc.Therefore, the cyber defence capabilities to help aircraft detect and mitigatecyber attacks in real time have to be developed. The new capabilities —including system analysis, reverse engineering, and intrusion detection —should build upon the state-of-the-art threat management solutions and helpprotect aircraft from a variety of cyber threats. The new threat managementcapabilities should include automated vulnerability assessment, subsystemhardening, and malicious system behaviour identification etc. The versatilecyber defence technology may be implemented on existing threat warning systemsor as a stand-alone solution.4.
AnonymousSharing of big data. Security Forces cybercrime units and projectmanagers can use anonymity when sharing data externally. For example, theirdepartment may hold a dataset containing sensitive data in a particular datastore, and produce an anonymous version of the same dataset to be usedseparately by external bodies.
This reduces the risk of inadvertent datadisclosure and makes the data less attractive to cyber warfare gangs, who arelooking to grab their hands on data that is linked to a particular source.4. CyberShield for Aerial Platforms. The current aerial platforms like the aircrafts, helicopters , UAVs etcare complex systems packed with processors, computers, networks, and datalinks, creating an interconnected digital environment that may exposewarfighters to cyber threats. An adversary can carry out a CYBRID attack onthese platforms with a soft kill instead of hard kill by disrupting the datalinks etc. Therfroe the cyber defense capabilities to help aircraft detect andmitigate cyberattacks in real time have to be developed. The new capabilities —including system analysis, reverse engineering, and intrusion detection —should build upon the state-of-the-art threat management solutions and helpprotect aircraft from a variety of cyber threats.
The new threat managementcapabilities should include automated vulnerability assessment, subsystemhardening, and malicious system behavior identification etc. The versatilecyber defense technology may be implemented on existing threat warning systemsor as a stand-alone solution.