After the surgical strikes by the Indian army on Pakistan terrorist launch pads, there has been a series of attacks by physical terrorists in different parts of Kashmir. At the same time, it appears that there is a low intensity cyber terrorist attacks across the Cyber LOC.
Just as there is little difference between the physical terrorist attacks and a “War” when it comes to Pakistan (since they have adopted terrorism as a tool of war), the cyber attacks on IT firms in Hyderabad also are not different from a Cyber War.
It is a fine line of distinction between Cyber War and Cyber Terrorism. Cyber War is conducted by state actors and Cyber terrorism is conducted by non state attacks. Cyber War is mostly on military targets while Cyber terror strikes on soft public targets.
The convention for Cyber Wars is yet to be developed internationally and are therefore non existent in practical terms. (Tallin Manual is under development and could eventually become an international agreement on Cyber warfare).
The Hyderabad attack is reported to be a ransom ware attack on many finance companies. Though there has been a denial from the Hyderabad police sources, it is possible that there could at least be a “Defacement Attack” probably at the ISP level. There was also an earlier report of Indian hackers hacking into Pakistani Government websites and planting ransomware.
These mutual attacks have raised an important issue of the role of “Cyber Attacks” in national defense. Obviously, if the attacks are launched by the Government sources, it will be part of the military operations just like the “Surgical Strikes”. But such attacks need to be confined to military targets and not civil targets. When civil targets are hit, it is more akin to a terror attack than a military operation unless it can be justified as collateral damage. If such attacks are launched by non military personnel, there is every right for Pakistan to call it a Cyber Terror attack by Non State Actors in India.
In order to ensure that Indian hackers are not drawn into legal battles in international courts, it is necessary for the Government to define a proper policy for such cross border cyber attacks.
Firstly, the Government of India should develop (If they have not so far done), a Cyber Army which is part of the Military operations. This Cyber Army should focus on military targets. It is not necessary that this should be manned only by the current defense personnel. Other private teams can be used for the purpose. Along with it, if the Government wants to develop a supported non state actor group, it is the Government’s call. China already must be having such an outfit. It will be like the RAW in Cyber Space and part of the intelligence network.
As regards other private parties, it is necessary to classify them as “Non State Actors”. If therefore cyber attacks do take place by hackers on either side, they are open to international legal action and the Governments of each country may disown them if they are identified.
It is open to such hackers to take the risk if they so like but should not expect much support from the Government.
We understand that Mr Modi may have a Cyber Attack Collaboration agreement with Russia which should be the starting point for developing a Cyber Army in India. If this happens, we welcome the move.
We therefore watch the BRICS summit in Goa closely to see if an agreement is signed in this regard between India and Russia.
Naavi