The battle for 5G has pitted the major Western powers against China. The United States’ ban on Huawei and the company claiming that it has been the recipient of 1 million cyberattacks per day indicates the extent of this bitter cyberspace rivalry.[1] In such a scenario, a seminar on ‘Global Cyberspace Stability and the New Order in Cyberspace Governance’, organised in September 2019 by the Fudan Institute of Cyberspace Strategy at Fudan University in Shanghai, was timely. It had participants from the U.S., Italy, Japan, India and China, among other countries: they consisted of representatives from think tanks, Chinese companies, and academics.
While this may seem like the fox is in the henhouse, the unstable and unstructured nature of cyberspace is making it crucial for nations to acquire both cyber offensive and cyber defensive capabilities individually and jointly establish globally-mandated protective mechanisms. The seminar reflected how nations are preoccupied with developing strategies to deal with such instability. Two themes that emerged from the discussions were: the strategy of persistent engagement and the problem of attribution.
Scholars from the U.S. spoke about the theory of persistent engagement, frequently mentioned by the U.S. Cyber Command. The purpose of this strategy is to be always present in enemy networks and preempt cyber attacks from within the opponent’s network. The Chinese scholars objected to this strategy on grounds that it will create uncertainty and a trust deficit in cyberspace.
Earlier this year, General Nakasone, the commander of the United States Cyber Command, had stated that having an aggressive cyber strategy is crucial for U.S. cyber defense.[2] General Nakasone had said, “Through persistent presence, persistent innovation, and persistent engagement, we can impose costs, neutralize adversary efforts, and change their decision calculus. In doing so we build resilience, defend forward, and contest adversary activities in cyberspace.”[3]
This is the first time that the U.S. officially declared a strategy to be present in enemy networks. It marks a shift from covertness to a more openly offensive approach. India, for its part, needs to tread cautiously on this issue of persistent engagement because though the U.S. is an ally, having a foreign player on its cyber terrain amounts to an infringement of cyber sovereignty.
The second theme that emerged from the discussions was the problem of attribution, or the difficulty in identifying the perpetrator in a cyber attack and cyber espionage. The experts who spoke said that though the problem of attributing a cyber attack is difficult, certain ‘indicators of compromise’[4]can be used to trace the origin of an attack. These indicators can be data from log files, unusual network behaviour and alien file systems. The catch, of course, is that companies, governments and the security industry almost never reveal these indicators of compromise as it is classified information, putting them at greater cyber risk, with malicious actors changing their tactics accordingly.
Scholars pointed out that attribution can be either technical or diplomatic. While technical attribution traces an attack to a server, network or computer grid, diplomatic attribution holds a nation-state, group or company responsible. Computer forensics can easily use indicators of compromise for technical attribution, but diplomatic attribution is complex because the nation responsible for an attack denies involvement.
The participants agreed that forming an International Attribution Council to pinpoint a perpetrator can be a way to resolve the issue of diplomatic attribution. The Atlantic Council and Microsoft suggested the establishment of such a council in the past, modelled along the lines of the International Atomic Energy Agency (IAEA), which serves as a regulatory body for nuclear disputes. An attribution council can serve a similar purpose, especially because experts from the U.S. observed that while the U.S. calls out countries involved in a cyber attack against them, most countries often do not blame the U.S. for its cyber offensive activities. This may be either out of fear of further repercussions by the U.S. or diplomatic strategy to not escalate matters with a superpower. Such a council can thus enable smaller nations to voice their concerns.
An international forum will make nation states indulging in nefarious cyber activities accountable. India will welcome such a body because of the constant cyber threats it receives from Pakistan and China. Currently, India is the target of 17% of cyber attacks globally, second only to the US.[5] It has a preparedness plan: the recently created Defense Cyber Agency, a tri-service command of the Indian armed forces, is set to be operational from November 2019.[6] It aims to deter adversaries and combat cyber security threats through both offensive and defensive strategies which will enhance national security.
India is yet to decide its stance on Huawei and 5G, a decision which can become the next critical factor in this battle for hegemony.
Sagnik Chakraborty is Researcher, Cybersecurity Studies, and Manager, Management Office, Gateway House.
This blog was exclusively written for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.
For interview requests with the author, or for permission to republish, please contact outreach@gatewayhouse.in
© Copyright 2019 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.
References
[1] Kyodo News, “Huawei hit by around 1 mil. cyberattacks a day: executive”, Kyodo News, 10 October 2019,
https://english.kyodonews.net/news/2019/10/3ee926754997-huawei-hit-by-around-1-mil-cyberattacks-a-day-executive.html
[2] National Defense University, “An Interview with Paul M. Nakasone”, Joint Force Quarterly, 2019
https://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-92/jfq-92_4-9_Nakasone-Interview.pdf
[3] Lopez, C. Todd, “Persistent Engagement, Partnerships, Top Cybercom’s Priorities”, U.S. Department of Defense, 14 May 2019,
[4] Lord, Nate, “A Definition of Indicators of Compromise”, Digital Guardian, 11 September 2018
https://digitalguardian.com/blog/what-are-indicators-compromise
[5] Norton by Symantec, 10 cyber security facts and statistics for 2018,
https://us.norton.com/internetsecurity-emerging-threats-10-facts-about-todays-cybersecurity-landscape-that-you-should-know.html
[6] Pandit, Rajat, “Agencies take shape for special operations, space, cyber war”, The Times of India, 16 May 2019,