Security

    Digital Siachen: Why India’s War With Pakistan Could Begin on Your Smartphone

    Satyen K BordoloiBy No Comments7 Mins Read

    The first computer virus was created by two Pakistanis. As India initiates Operation Sindoor, which threatens to escalate into a war, securing our digital infrastructure must be an urgent national priority, writes Satyen K. Bordoloi.

    A few years ago, when a state official was asked what he was doing in response to digital breaches, he proudly announced that he had ordered the construction of higher perimeter walls. Then there are those officials who look up at the sky whenever the term ‘cloud computing’ comes up. We may find such anecdotes amusing, but these Freudian slips highlight a chronic problem India faces: a lack of awareness about cybersecurity.

    As the potential for an India-Pakistan war strengthens post the heinous Pahalgam attacks and India’s response via Operation Sindoor, such callous cluelessness and lack of preparation could prove catastrophic should a larger conflict erupt.

    Instance of an unattributed attack against entities in India using ISO images that Blackberry found (Image Courtesy)

    INDIA’S CYBERSECURITY LANDSCAPE

    India already faces one of the highest levels of cyberattacks in the world. Beyond domestic ones (recall Netflix’s “Jamtara” and my previous Sify article), Indians fall victim to sophisticated international schemes orchestrated from inside the borders of Cambodia, Myanmar, various Middle Eastern nations, and Africa, among others.

    Even corporate entities are not safe. According to a 2024 Thales Cloud Security Study, organisational cloud data breaches in India are alarmingly frequent: “Thirty-seven percent of organisations have experienced a cloud data breach, with 14% reporting incidents within the last 12 months. Human error and misconfiguration remain the primary causes (34%), followed by exploitation of previously unknown vulnerabilities (32%), known vulnerabilities (21%), and failure to implement Multi-Factor Authentication (11%).” In 2024, such breaches affected companies like Polycab, Motilal Oswal, Hyundai India, boAt India, Hathway, and WazirX, resulting in significant data and financial losses.

    The ransomware attack on AIIMS last year exposed India’s digital vulnerabilities (Image Courtesy: Wikipedia)

    Yet, the most alarming are the cyberattacks that target governmental digital infrastructure. In 2024 alone, the Telangana police suffered a data breach of their Hawk Eye app, resulting in the theft of sensitive information for over 200,000 citizens. Tamil Nadu police’s facial recognition software, as well as that of India’s National Disaster Management Authority (NDMA), BSNL, and the Uttar Pradesh Marriage Assistance Scheme, among others, fell prey to hackers. A devastating ransomware attack on AIIMS last December crippled operations at India’s premier medical institution.

    EclecticIQ, a Dutch cybersecurity firm, uncovered a cyber-espionage campaign against Indian government agencies and our energy sector that used a modified open-source information stealer to harvest browser credentials, cookies, and browsing histories. BlackBerry, another cybersecurity intelligence firm, documented a series of attacks on critical Indian government, defence, and aerospace sectors via phishing emails to infiltrate systems and deploy malicious payloads. And guess who’s alleged to be the perpetrators of these attacks: a Pakistani hacker collective known as Transparent Tribe.

    Such digital vulnerabilities are alarming during peacetime, but they could prove devastating in the middle of a war.

    Aadhaar’s systems have been hacked multiple times, exposing the data of Millions of Indians (Image Courtesy: Wikipedia)

    INDIA’S DIGITAL LANDSCAPE

    Driven by ambitious governmental initiatives and private sector innovations, India is a global success story in terms of digital growth. Despite implementation hiccups, the Digital India campaign, launched a decade ago, has been successful in multiple domains. One of its crowning achievements, as I’ve previously written about, has been the Unified Payments Interface (UPI), which revolutionised digital transactions. It has made India one of the world’s largest cashless economies. Yet, as I also wrote in that article, UPI continues to face significant challenges in peacetime, vulnerabilities that could make it a target for malicious actors during a war.

    The BharatNet project for rural broadband connectivity is another success story in India’s Digital India initiative. 5G deployment in India has also occurred at a rapid pace, proving to be an enabler for new technologies such as artificial intelligence and the Internet of Things.

    Together, our digital infrastructure is the backbone of our economy, governance, and defence. But its connected nature makes it a target for cyberattacks should hostilities escalate.

    Both the incidence and reporting of cybercrimes is going up exponentially in India.
    (Image Credit: Screenshot from the I4C press conference on January 3.)

    INDIA’S DIGITAL VULNERABILITY IN A WAR

    India’s military is undoubtedly stronger than Pakistan’s. But in the digital space, our neighbour could inflict disproportionate damage for two critical reasons. First, India’s larger and more developed digital landscape presents a broader attack surface with higher-value targets for malicious actors. But what is more concerning is China’s alignment with Pakistan.

    While intelligence agencies like the CIA and Mossad grab headlines, I think the most formidable spy agency in the world is China’s Ministry of State Security (MSS)—its foreign intelligence division. Unlike a traditional spy organisation focused primarily on military intelligence, the MSS has stolen technological secrets of developed nations for years. Doing this, they’ve built an extensive hacking infrastructure. Considering India’s generally casual approach to digital security (we still lack comprehensive cybersecurity legislation), we are dangerously exposed to experienced threat actors, especially those supported by the MSS who’ll favour Pakistan in a conflict.

    We must also realise that if the brutal terrorist attack in Pahalgam was indeed orchestrated or sponsored by Pakistan, such a nation could employ any means available during an open conflict. If all’s fair in war, every Indian citizen becomes a potential digital target for them. While our soldiers fight it out on the border, two of our most belligerent neighbours might use their hackers to target you and me.

    India has often been the target of Pakistani hackers

    STRENGTHENING INDIA’S CYBERSECURITY FRAMEWORK

    The Indian government crafted the National Cybersecurity Policy in 2013. It aimed to protect our information infrastructure and its associated risks, reduce vulnerabilities, and minimise damage from cyber incidents. Under it, many other agencies have been formed.

    The National Cyber Coordination Centre was formed to facilitate coordination among various agencies responding to cybersecurity threats. The Indian Computer Emergency Response Team (CERT-In) is our national agency for cybersecurity incident response. It issues advisories, conducts security audits, and coordinates responses to cyberattacks across the nation.

    The Cyber Swachhta Kendra (CSK) was created as a specialised botnet cleaning and malware analysis centre. It provides free tools to remove malicious programs and enhance cybersecurity hygiene. The Ministry of Home Affairs has also set up the Indian Cybercrime Coordination Centre (I4C) to address cybercrimes through a coordinated, multi-agency approach.

    The National Critical Information Infrastructure Protection Centre (NCIIPC) is the most important organisation during a national security threat. Its goal is to shield critical information infrastructure from cyberattacks. NCIIPC provides threat intelligence, situational awareness, and specialised resources to organisations designated as Critical Information Infrastructure (CII) to prevent cyberattacks and cyberterrorism.

    The private sector has also played a vital role in India’s cybersecurity ecosystem. IT giants like Tata Consultancy Services (TCS) and Infosys have developed AI-driven security solutions to detect and mitigate emerging cyber threats. Others have also deployed advanced machine learning models to identify anomalies and prevent cyberattacks. India also maintains a collaborative relationship with international cybersecurity agencies, including those in the United States and the European Union, to strengthen our collective cyber defences.

    However, as recent breaches demonstrate, we still have a considerable gap between policy and its implementation. The problem with defending critical infrastructure—physical or digital—is that defenders must be right every time, whereas attackers only need to succeed once. As India pursues offensive operations against Pakistan under Operation Sindoor, our cyber preparedness will face its most rigorous test yet. In a new era of hybrid warfare, military victories on the battlefield may prove pointless if we lose the silent war in cyberspace. While India focuses on the former, we must never lose sight of the latter.

    In case you missed:

    Satyen is an award-winning scriptwriter, journalist based in Mumbai. He loves to let his pen roam the intersection of artificial intelligence, consciousness, and quantum mechanics. His written words have appeared in many Indian and foreign publications.

    Leave A Reply

    Share.

    Latest Posts

    © Copyright Sify Technologies Ltd, 1998-2022. All rights reserved