In August 2020, more than 25 Pakistan-based websites were defaced by Indian-origin hackers, including those belonging to more than a dozen federal and provincial government departments. Though it is difficult to determine if this was a coordinated state-sponsored campaign or executed by independent mischievous actors, there were two noteworthy takeaways. First, the content posted by hackers on these defaced websites praised India’s Prime Minister Narendra Modi and advocated Ram Mandir, the controversial Hindu temple being constructed upon the site of demolished Babri Masjid in India. The rhetoric echoed narratives espoused by the fascist Bharatiya Janata Party (BJP). Second, all these defacements were publicly advertised by an influential ethical hacker-cum-social media commentator with close ties to the BJP.A few days later,live transmission of a renowned local news channel was subjected to “broadcast signal intrusion” that resulted in projection of the Indian flag. This particular form of Electronic Warfare, though not uncommon, was the first of its kind in South Asia. If anything else, the sophistication of this feat indicated it was beyond the ambit of non-state actors. Additionally, for the first time in Pakistan’s history, the military’s media wing reported multiple attempts by Indian intelligence agencies to spy on government and military targets through targeted hacking.
If we rewind a decade, in August 2010, reports emerged that the then Indian National Security Council under Prime Minister Manmohan Singh was considering the institutionalisation of cyber warfare for tactical and strategic advantages. The declared primary stakeholders in offensive cyber operations included the National Technical Research Organisation (NTRO), India’s premier technical intelligence agency and the Defence Intelligence Agency (DIA) which synergises Army, Air Force and Navy Intelligence.
In August 2010, reports emerged that the then Indian National Security Council under Prime Minister Manmohan Singh was considering the institutionalisation of cyber warfare for tactical and strategic advantages.
Under the supervision of the then National Security Adviser of India, Shivshankar Menon, the NTRO patronised the creation of a centralised pool of various cyber domain experts who would form the core of a National Security Database (NSD). Talented men and women were handpicked on the basis of their skillset and expertise. Specialists inducted to the NSD would eventually assist the government agencies to deal with cyber-related threats on a voluntary basis and many outstanding candidates possessing the right blend of technical and analytical expertise were inducted through lateral entry. Similarly, the DIA head-hunted for uniformed personnel trained on both the defensive and offensive aspects of cyberspace for deputation to the Defence Information Assurance and Research Agency, formerly named as the Defence Information Warfare Agency.
The last year of Manmohan Singh’s union government culminated with the passage of India’s first National Cyber Security Policy that provides a common roadmap to secure national interests in cyberspace in concert with all the stakeholders from academia, government, private sector, industries and health sector, to name a few. Upon assuming office, his successor Modi created a new seat of a National Cyber Security Coordinator within the Prime Minister’s Office and approved the establishment of a tri-service Defence Cyber Agency to coordinate with and utilise the “combined power potential” of all officially-held national cyber force expertise including NTRO and DIA.
The last year of Manmohan Singh’s union government culminated with the passage of India’s first National Cyber Security Policy that provides a common roadmap to secure national interests in cyberspace in concert with all the stakeholders from academia, government, private sector, industries and health sector, to name a few.
It takes years of planning to develop a national consensus on cyberspace. Political guidance by government trickles down to various stakeholders who work tirelessly, often in tandem, to achieve long-term objectives. In this context, the critical contributions of academia cannot be emphasised enough. The “‘vocationalisation” of Cyber Security as a course offering at B. Tech and M. Tech levels has long enabled students across India to pursue a more affordable and hands-on approach to knowledge in technical institutes as compared to theoretical degree programmes offered by universities which require hefty fees and little in terms of applied knowledge. Comparatively, only a handful of universities in Pakistan offer an optional course in Cyber Security. Even today, there is virtually not a single vocational institute in Pakistan that is able to groom ”cyber warriors” for tomorrow.
Presently, all publicised “cyber” initiatives in Pakistan are being executed in silos. The disconnect between the federation and provinces, and within the federation itself can be attributed to the lack of political will to prioritise Cyber Security through executive policymaking. An atmosphere of severe distrust prohibits the avenues for cooperation among government officials, parliamentarians, academia and private sector specialists.. The bureaucracy has expectedly resisted efforts to propose anything resourceful. At the public level, general disinterest in issues other than juicy political scandals further compounds the dilemma.
Presently, all publicised “cyber” initiatives in Pakistan are being executed in silos. The disconnect between the federation and provinces, and within the federation itself can be attributed to the lack of political will to prioritise Cyber Security through executive policymaking.
The absence of a visionary leadership since the dawn of the second millennium has kept Pakistan 20 to 30 years behind the developed world in matters pertaining to information and communication technologies. Apparently, no one is willing to pull everyone together. This attitude of collective ignorance will continue incurring heavy losses for Pakistan’s national interests in cyberspace.
It is high time that all the stakeholders sit together to develop a consensus on what those ”interests” are.