This webcast organised by the Gateway House-FLAME Policy Lab presented a synopsis of a database of incidents of cyberattacks worldwide. The database has collated cyberattacks targeting government agencies, businesses, critical national infrastructure, financial institutions and digital payment systems from 2010 to 2021. It covers two broad categories: major incidents of cyberattacks worldwide and attacks targeting Indian computer networks.
A webcast on ‘Geopolitical Contestations in Cyberspace’ discussed the findings of this database, jointly researched by Dr. Aditya Bhan (FLAME University) and Sameer Patil (Gateway House). The database was prepared by FLAME University students – Palak Jain, Khushi Rajpuria and Diviyaj Patel – as part of their internship in the Gateway House-FLAME Policy Lab.
Cyberspace has become the newest and the most prominent arena for geopolitical contestation. Nation-states are exploiting each other’s dependence on information, communication and digital technologies to breach computer networks, harvest sensitive data and proprietary information and disrupt critical national infrastructure operations. From India to Estonia, such attacks have become the new normal in cyberspace. The problem of attribution – difficulty in determining who perpetrated the attack – has acted as a critical enabler for many of these attacks.
State actors have also relied on non-state actors – hacktivists, hacking groups, and organised cyber criminals – to launch offensive cyber operations. This has blurred the distinction between state and non-state actors, thereby making cyber warfare the most significant new threat to international security. Businesses too are getting caught up in this cyber warfare, sometimes as the target but mostly as collateral damage or targets of opportunity. For instance, in 2018, India’s Cosmos Bank lost Rs. 94 crores in a cyber heist by North Korea-backed Lazarus Group, which has gained notoriety for targeting Western financial institutions.
Geopolitical rivalries in cyberspace
- There is an emerging global digital divide between developing and developed countries. Certain developed countries have ‘cyberweapons,’ but some still struggle to ensure basic internet access. Cyberspace today is divided into the western camp comprising the U.S., its allies, and European countries, and the eastern camp led by China and Russia. Countries like Iran and Cuba are aligning with the eastern camp. These camps’ stubborn positions have exacerbated polarisation on cyber issues.
- We are experiencing a ‘Schrodinger’s cyberwar’—it is everywhere and nowhere, as there is opacity about cyberattacks. In addition, states cannot distinguish with certainty between cybercrime and cyberattack. This complicates the legal responses to cyberattacks.
- Attribution remains a challenge as defending states cannot attribute the source of cyberattacks. While Western countries have attributed many attacks to China or Chinese hackers (as well as Russia and Russian hackers), it is difficult for India to do such attribution due to a live border dispute with China.
Cybersecurity challenges for governments and businesses
- Most of the cyberattacks today are sector and target-specific. Customised malware and ransomware have been developed to launch cyberattacks. The ‘ransomware-as-a-service’ industry has also grown. Responding to ransomware attacks poses a challenge because international law does not consider economic coercion as coercion.
- Governments and enterprises are reluctant to reveal their vulnerabilities to cyberattacks for fear of financial and reputational costs. Some businesses have overtly or covertly made payments for ransomware attacks. The COVID-19 pandemic complicated the situation for businesses. They were not adequately prepared cybersecurity-wise for a shift from office to the ‘Work-from-Home’ model, opening a significant gap for hackers to exploit.
- Enterprises and businesses have a capacity problem when it comes to cybersecurity.
- 1. They lack human resources to manage incident response and forensics to investigate cyberattacks.
- 2. Awareness of cybersecurity issues is still deficient at the board level, which leads to less than adequate investments in cybersecurity.
- 3. They are left alone to defend themselves from malicious activities on the darknet.
Creation of global cyber norms
- Polarisation between major powers has impeded global efforts for norms creation, despite several inter-governmental platforms like United Nations’ Group of Governmental Experts (UNGGE), High-level Panel on Digital Cooperation and Open-Ended Working Group (OEWG), and non-governmental initiatives like Internet Governance Forum and Global Commission on the Stability of Cyberspace (GCSC).
- The possibility of a global cyber agreement remains—primarily sector-specific agreements like ones focusing on the financial sector. But this may not happen quickly. For instance, with the atomic bomb and nuclear proliferation, it took about 25-30 years before the formal regulations were framed. A similar outcome is likely for cyberspace. For an agreement to materialise, dialogue should remain open between major powers.
- There is a gradual convergence of India’s stated priorities on the international level with its domestic cyber policy priorities. It is an active participant in the global cyber norms creation process, including the UNGGE, OEWG, and GCSC. India is not a party to initiatives like the Paris Call for Trust and Security in Cyberspace, but many stakeholders within India are party to it.