Sunday, May 18, 2025
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us
No Result
View All Result
India Watch - A Digital Media
No Result
View All Result
Home India Unplugged

A Crying Need For a Central Cyber Command (or Ministry)

Dinesh Bareja by Dinesh Bareja
30/05/2017
in India Unplugged, Strategy & Policy
1

Cyberworld is touted to be the fifth dimension or the fifth theater of conflictand it is a domain without a Central Cyber Command. Every other day officials, experts, f’experts across nations and communities talk about cyberwar, weaponized documents, and other cyber weapons and Nations are discussing non-proliferation knowing well that this thinking will not proliferate! In the midst of all this the risk grows with time, as Cyber Command and Control is distributed among multiple organizations who are looking at it from their own perspective and confine it to their own area(s) of operation. National (rapid) response, containment, remediation, or strategic / operational understanding are (in my opinion and to my knowledge) dangerously absent.

An Organization Soup For Cyber Security

In India, a Tri-Services Command has been setup, then there is the NCSC and agencies like NTRO, CERT-In, NCIIPC and all of them (as well as about 20 more) working to keep the country safe. (These are old listing of cyber security organizations with each having their focus areas). Even if their reporting goes up to NSA, in times of crisis how will the intelligence banks be collated to provide predictive or response strategies.

Cyber Security Organizations (https://www.slideshare.net/bizsprite/governance-in-cybercrime-and-cybersecurity-orgns-final-distribution-organizations)
Cyber Security Organizations (https://www.slideshare.net/bizsprite/governance-in-cybercrime-and-cybersecurity-orgns-final-distribution-organizations)

In my opinion, what is missing is the understanding that the cyber ecosystem (or cyber world) cannot be governed by a Tri-Service Command or CERT-In or NTRO since each looks at the threat and risk from their own Point of View (PoV). For example DoD will envisage conflict or war scenarios and will always work to be prepared for offensive action or to defend the defence establishment. As trained defence personnel, their idea of cyber defence may not include civilian establishment, until called in by the C-in-C / Government to cover the same. The first line of protection of the civilian infrastructure is the responsibility of the Law Enforcement Agencies and the Para Military Forces. The primary responsibility of the Armed Forces is the protection of the nation.

Who Will Lead (Needed A Chief Of Cyber Staff)!

Cyber protection of the civil establishment is the prerogative of LEA, Para Military, NCIIPC or NTRO or MeITY or RBI /SEBI ?? Or who??

Consider this scenario – if the country faces an intrusion or conventional attack on civilian targets, the armed forces will be deployed / mobilized for protection, but, in the event of a cyber attack it seems that each sector is left to it’s own with CERT-In as the protective / responsive agency. The question which begs to be answered in such a case is – does CERT-In have the wherewithal (resources / capability / capacity / mandate) to respond, contain, recover, pursue and decimate.

Even if CERT-In establishes the attack was from an enemy nation state, can it “pursue” or “attack” the attacker infrastructure. Or will this call be taken by the tri-service machinery. And even if the tri-services is called in, what strategy will they follow? Even if we assume that NSA and MOD will take charge, will they order an engagement in the cyber arena – how? On directions by the NSA, Tri Service Command, PMO or the President (C-in-C of Armed Forces). Again should we assume they will order the activation / implosion of APTs and DDOS etc on the enemy. Will NTRO, Army, Navy, AirForce, NIA, or IB reveal their hand(s) and share their intel and APTs?

This will be very interesting – will each agency now see common “weapons” among the various agencies, and the embarrassment of having spent money with the same vendors through on the same target(s). Many a times it has happened that independent or state researchers have compromised botnet operations of Intelligence / Law Enforcement Agencies. And, many a times these agencies are working on the same targets seeing each other or sensing or messing up.

It’s like asking for everyone to bring their guns and cannons – and they all bring a Bofors to the table. Until the order in the face of an attack, each would have said they have the best cannon / gun but no one ever told the other which cannon / gun they had or who was the supplier. Now in a crisis it turns out that each does have a cannon / gun, but all have the same make, purchased (surreptitiously) from the same vendor.

Then the best part (hilariously) will be that each of them has trained their cannon on the same target (as directed by the same vendor)!

This is why a Central Cyber Command is needed

Or, at the very least, a separate Cyber Security Unit in MHA or MOD that is commanded by a professional cyber security professional. Additionally this commander should not be a “pure play” armed forces officer or bureaucrat, lest the tone-at-the-top is weak from the word go! The commander has to be a superman who is a business man, a warrior, a technologist, psychologist, politician and more.

In time to come, we are bound to see a convergence of cyberspace, space and a deeper incursion of technology in conventional weaponry systems as well as day-to-day life and related infrastructure. Cyber risk, threat and conflict (both overt and covert) will be the primary driver that will have to be addressed when needing to contain any infractions. It will be impossible for the office of the NSA to become the conductor of such an orchestra which will be made up of disparate agencies that will land up working at cross purposes.

A Central Agency or Command will establish the necessary governance structure that will nurture and build national strength for peace, growth and offensive measures.

Cyberspace is unique as it offers a theater of tremendous opportunity for growth and progress as well as dangerous conflict that has the power to bring the world, or nation to a standstill.

Cyberwar – the wrong word!

Finally, can we stop calling them cyber warriors, ninjas, or whatever. These guys are hackers, professionals, who know how things work. They are not trained in the art of Warfare or criminal investigation, national security etc. but, having said this, they can be trained into these domains and they must be FIRST trained before being taken up into the environment unconditionally.

Yes, my final word is about the term cyberwar! High time we also recognized that this is a misnomer. Wars are fought by nations and armies, lives are lost and heroes are born on battlefields – it is a dirty business. Cyber “war” is a wrong term so let us search for a newer one which will not dilute the seriousness and impact of a war per se. Let us not dilute the term “war” in which individuals stand up to fight for the country and offer their lives as the supreme sacrifice. Where they are given medals for their sacrifice and do not die, they become martyrs.

This is not War !

Website defacements, XSS, DDOS and the likes of such attacks are not “War” and should not be termed so. It is just adding to the FUD surrounding the malicious cyber ecosystem and only serves to (a) increase the TRP of the media company using such sensationalism, and, (b) denigrates the sacrifices of those who have lost their lives for the nation.

Conceptual Cyber Governance Model for the Nation:

Conceptual Governence Model (https://www.slideshare.net/bizsprite/governance-in-cybercrime-and-cybersecurity-orgns-final-distribution-organizations)

Endnote.. I had put forward a conceptual model for governance, many years back, and the presentation for Cyber Governance can be viewed here.

I shall be happy to discuss this anytime anywhere … and shall look forward to reader comments and interactions.

Tags: ARMYcentral cyber commandCyber commandcyber wargovernanceLEANational SecurityNCIIPCNTROpara militaryRBISEBIsecurity organizations
Previous Post

Wannabe News, Advisories, Reports

Next Post

From Policing to Police Custody .. in the netherworld of piracy takedowns

Dinesh Bareja

Dinesh Bareja

Cyber Security practitioner and evangelist working in cyber security in national and enterprise application. Contributor to national policy, awareness and development of capacity / capability. Keeps a critical eye on the past, present and future in the infosec domain, and firm believer in common sense. Uses practical thinking to demolish purveyors of cyber hype and snake-oil.

Next Post

From Policing to Police Custody .. in the netherworld of piracy takedowns

Comments 1

  1. Anil Chiplunkar says:
    8 years ago

    Nice article Dinesh and yes we surely need a ‘central agency’ to take care of the ‘cyber world’. As you rightly pointed out, the ‘multiple’ agencies with overlapping areas create a kind of chaos and is really difficult to identify a particular agency to handle a particular problem . Establishing the ‘central command’ will have its own challenges, as the ‘cyber world’ is really ‘border-less’ and with limitless possibilities of ‘adverse events’. The structure you depicted shows a good start to ‘plan for it’ but I feel there will be challenges in doing so – apart from addressing the ‘mindset of existing authorities’ (personnel in those respective command positions) it will also require to identify or define ‘areas’ in which ‘various of these second level / third level’ entities will work and the communication, information sharing / tasks sharing / transferring etc. and when the ‘supreme command’ should be approached. Definitely rounds of detailed discussions would be required, involving people of various expertise, to make the ‘plan’ for establishing this structure – and not to forget this will require approval from the ‘parliament’ (both houses) and there will be ‘amendments required in legal systems to establish such authorities’.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

1 × 2 =

  • Trending
  • Comments
  • Latest

Skeletons in my banks and national system

17/04/2018

Corporate Governance & Cyber Security Responsibility

18/11/2016

Chai pe Charcha – Delhi 11 June 2017

14/06/2017

Govt & Cops twiddle fingers waiting for the nation to burn…

26/08/2017
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

7

Cyber Swatchhta Kendra – A Good Start

6

Demonetisation – Cashless Economy – Urgent Need For Data Localisation

5

Why Are We A Strategically Deficient Nation ?

5
Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019

Recent News

Time to relook at Critical Information Infrastructure

Time to relook at Critical Information Infrastructure

20/09/2020
What the Government does… secure messaging

What the Government does… secure messaging

23/01/2020
They ran, we shot… and u better believe us!

They ran, we shot… and u better believe us!

06/12/2019
National Cyber Security Policy 2020 .. in anticipation

National Cyber Security Policy 2020 .. in anticipation

31/10/2019
  • Home
  • About
  • Contact
  • Maps of India

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

  • Home
  • IndiaWatching
    • India Unplugged
    • Maps of India
    • Strategy & Policy
  • Makers for India
    • Gallery & Expo
  • More
    • About Us
    • Contact Us

© 2018 IndiaWatch - All Rights Reserved. Website Design: Jemistry Info Solutions

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.