What Microsoft needs to get right about cyber norms

In my recent essay for the Centre for Internet & Society, I surmised that the current initiatives to derive cyber norms within the ambit of international law could be incongruous with the technical dynamics of cyber operations. I shed light on the critical fissures in global attempts to establish normative frameworks for cyberspace.

Continue reading “What Microsoft needs to get right about cyber norms”

Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Some dumbified excerpts from my dispatches to the government:

Continue reading “Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains”

Lessons from Kudankulam – I: Recreating the target context

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Continue reading “Lessons from Kudankulam – I: Recreating the target context”

Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society

In a guest post in relation to The Centre for Internet & Society’s recently held roundtable on “India’s cyber defense strategy,” Pukhraj Singh looks at the critical fissures – at the technical and policy levels – in global normative efforts to secure cyberspace. By charting out the key vectors and power asymmetries among key stakeholders – both leading state actors and private actors like Microsoft – Singh posits that there is much to be done before we circumscribe cyber operations within legal strictures: https://cis-india.org/internet-governance/blog/guest-post-before-cyber-norms-let2019s-talk-about-disanalogy-and-disintermediation.

Continue reading “Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society”

A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook

My second op-ed on the Kudankulam-ISRO hack for Outlook. The first piece for HT laid bare the challenges. This one proposes some parameters for cyber deterrence. Deterrence in cyberspace could be extremely bizarre and challenging: https://www.outlookindia.com/website/story/opinion-a-post-kudankulam-roadmap-for-indias-cyber-deterrence/342174.

Continue reading “A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook”

An act of war in the Indian cyberspace – Hindustan Times

My op-ed in the Hindustan Times, originally titled, “An act of war in the Indian cyberspace.” My every word is measured: https://m.hindustantimes.com/analysis/what-the-cyber-attacks-on-kudankulam-and-isro-show-analysis/story-OVlR5MO18yk7jQFrnRvTpM_amp.html.

On September 3, I notified the National Cyber Security Coordinator about network intrusions into the Kudankulam Nuclear Power Plant (KKNPP) and Indian Space Research Organisation (ISRO), after being tipped off by a third-party. It was right around the time of Chandrayaan-2’s final descent.

Continue reading “An act of war in the Indian cyberspace – Hindustan Times”