My opinion piece for Hindustan Times: https://www.hindustantimes.com/analysis/on-china-it-s-time-to-consider-cyber-operations/story-crMraUyDc64taDRHMhEnhP.html.
The recent border clashes between India and China have led analysts, habituated to conventional warfare, to compare the relative strengths of the two adversaries in terms of the number of tanks, aircraft and other military paraphernalia.
It appears that Indian strategic discourse has yet again discounted cyber operations as an instrument of power projection, which could have offered a degree of flexibility when it comes to coercing, compelling and imposing costs on the contentious neighbour. This is unfortunate considering how much Indian think-tanks have glamourised the cyber domain.
Unlike conventional means, cyber power projection exploits the delicate interfaces between society and technology. Such operations are best suited to create a mix of effect and perception.
The Australian prime minister’s dramatic public disclosure of an ongoing State-sponsored cyber-attack highlights accurately the perception factor. And, as was evident during the hostilities between Russia and Ukraine, switching off a power grid may lead to more panic than an actual loss of productivity, thus demoralising the adversary.
Cyber operations broadly fit into the template of a hybrid, multi-dimensional offensive waged by militaries wary of breaching acknowledged redlines. This is exactly the case with India and China.
From influencing narratives, disrupting missile launches to breaking nuclear deterrence, the malleability of the cyber option makes it very potent. It relieves the defending military of the burden of maintaining a comparable capability that is driven by a strict numbers-based assessment.
The cyber vulnerabilities of each nation are unique, asymmetrical and closely tied to its body politic. The rigid socio-political hierarchies of the Chinese State make it increasingly susceptible to information warfare.
After the damning hack of a sensitive database storing the background checks of government employees, the United States (US) had plans of temporarily disrupting Chinese Internet censors such as the “Great Firewall” as a mode of retaliation. The totalitarian regime of the Communist Party of China would have considered such a manoeuvre as a severely existential threat.
The simple act of making hitherto forbidden information available to the masses, already unsettled by the coronavirus pandemic, would have struck at the heart of the adversary. Yet, it would have carefully skirted the quantifiable, time-tested thresholds of war.
The stark absence of the cyber option in the Indian discourse does not come as a surprise. Even during the Balakot escalation, this was an element which was conspicuously ignored.
On the other hand, China’s People’s Liberation Army (PLA) has employed cutting edge cyber operations, endorsing these as the strategic pivot of an “informationalised” battle space.
The last two decades have witnessed the breathtaking formalisation of how power is accumulated and projected in cyberspace. The Indian cyber apparatus seemed to have squandered that opportunity, thanks to inertia and a lack of organisation.
Contrary to popular belief, the cyber option cannot be exercised as an afterthought. You cannot whip up a team of hackers to respond in kind. Subversive or punitive actions require years of covert pre-positioning into adversarial networks and societal structures.
That is exactly why a substantive element of cyber power is still driven by access. It is for not for nothing that the Huaweis of the world are risking life and limb to consolidate access to the nodal constructs of digital infrastructure such as 5G, in the process sparking the most bitter global trade war.
There is only one parameter of effectiveness for cyber operations — cohesiveness, or jointness in military terms. The cyber option requires a sharp convergence of awareness around the political, diplomatic and military organs, more so than the conventional ones whose effects are qualified and known.
The US Naval War College made a crucial observation on “the importance of Presidential personalities in determining cyber operations in crises”, following wargames conducted over a period of seven years. Cyber operations require a seamless, fluid command structure right from the head of state.
It is fine to struggle with the technical intricacies of the domain, but its potential and expendability must be carefully drawn up as a doctrine. The Indian cyber doctrine, which was slated to be released early this year, has still not seen the light of day.
While China may profess hegemony in access-based operations with its broad commercial reach, India can still muster up formidable capability with expeditionary cyber manoeuvring.
However, expeditionary cyber operations are volatile and intense, requiring a degree of risk appetite, rigour and hardiness. And most important, a slight misstep or an overreaction could lead to a spiralling escalation, which may result in a ruthless cyber retaliation by China.
As such, the Indian doctrine must spell out its escalatory and declaratory thresholds very clearly so as to moderate the reactions of the adversary, which could be tempted to behave irrationally. Unlike nuclear deterrence, there is no science available to deduce such thresholds. They need to be calibrated with experience.
India’s institutional memory of cyber operations is literally non-existent. And institutional memory is institutional capability in this knowledge-driven domain. General James Cartwright, the earliest cyber commander, had bet that cyber operations could “reset diplomacy”. It is time that India puts that option on the negotiating table.