Amazing, wasn't it, how much attention the FIFA World Cup got in India? Given
that we're nowhere near even thinking of qualifying in the forseeable future.
(Could we have bribed Paul the Octopus...?)
And then we heard that India had “beaten all other countries to top the
Secureworks Information Security world cup.” I had a journalists asking me: Is
this good? Well. I had mixed feelings.
First, the data. This research says that India was the origin of the lowest
number of cyber attacks (52 attacks per 1,000 PCs) among the countries surveyed,
and thus topped the list. The worst was the USA, with 1,660 attacks per 1,000
PCs, and South Korea was ahead of the USA. China was #10, as the origin of 201
cyber attacks per 1,000 PCs (see ld2.in/ia).
So we're the good guys in the cyber-attack world. We don't do that sort of
thing. But the good guys don't always win wars.
We have little practical knowledge, as a country, on cyber attacks, or about
protecting ourselves against them.
China is so very proficient in this arena. They don't want to be the good
guys. They want to win the war. Whether it's a cyber war, which is not
infrequent in limited doses, or a conventional war, which will be actively
enabled by the cyber world. Think of a cyber attack that disables targeting
systems. Imagine if fighter aircraft had their IFF (“identify friend or foe”)
capability messed around with?
One reason for our low position in attack origins is our low PC/Internet
penetration in the general population: most PCs are institutional, enterprise,
government, or military. And none of these are likely to originate cyber
attacks. Not in India.
Contrast that with China. Again, the PC/Internet penetration is not very much
higher than India, in the general population. But there is a concerted military
doctrine of cyber dominance. And they practise it like religion. The flood of
cyber attacks that originate from China are often from military areas. Add to
that China's vast population of freelance "hackers" (encouraged by the
establishment) and you can understand why that country is so high up there in
the cyber-attack origins list (or low on this list).
The US is of course way on top of that list. Followed by South Korea, which
has very high broadband population. Going by India and China's low PC/Internet
penetration in the population, you'd expect both to be very low on the
cyber-attack origin list and thus high on this list. India lives up to that
expectation. But China makes up for that with its strong doctrine of
cyberwarfare. As I have covered in a column earlier which got picked up by
hundreds of websites and blogs.
So we need to get savvy on the cyber-attack front. It isn't good enough
working on an analysis and defense system, as the Indian Department of
Infotech's CERT is doing. We need attack capability.
Our military isn't doing it. And as with nuclear weapons, you can't develop
these capabilities without testing them. And the data shows--there isn't enough
testing happening from India. Which leaves it to us to draw inspiration from
another part of the China model, of encouraging a shady group of freelance
hackers to proliferate. But we're still left disadvantaged-against our
neighbor's military doctrine of aggressive cyber dominance.
Prasanto K Roy is chief editor (ICT) at CyberMedia. You can follow him
at twitter.com/prasanto or on his blog at www.pkr.in