What Microsoft needs to get right about cyber norms

In my recent essay for the Centre for Internet & Society, I surmised that the current initiatives to derive cyber norms within the ambit of international law could be incongruous with the technical dynamics of cyber operations. I shed light on the critical fissures in global attempts to establish normative frameworks for cyberspace.

Continue reading “What Microsoft needs to get right about cyber norms”

Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Some dumbified excerpts from my dispatches to the government:

Continue reading “Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains”

Lessons from Kudankulam – I: Recreating the target context

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Continue reading “Lessons from Kudankulam – I: Recreating the target context”

A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook

My second op-ed on the Kudankulam-ISRO hack for Outlook. The first piece for HT laid bare the challenges. This one proposes some parameters for cyber deterrence. Deterrence in cyberspace could be extremely bizarre and challenging: https://www.outlookindia.com/website/story/opinion-a-post-kudankulam-roadmap-for-indias-cyber-deterrence/342174.

Continue reading “A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook”

An act of war in the Indian cyberspace – Hindustan Times

My op-ed in the Hindustan Times, originally titled, “An act of war in the Indian cyberspace.” My every word is measured: https://m.hindustantimes.com/analysis/what-the-cyber-attacks-on-kudankulam-and-isro-show-analysis/story-OVlR5MO18yk7jQFrnRvTpM_amp.html.

On September 3, I notified the National Cyber Security Coordinator about network intrusions into the Kudankulam Nuclear Power Plant (KKNPP) and Indian Space Research Organisation (ISRO), after being tipped off by a third-party. It was right around the time of Chandrayaan-2’s final descent.

Continue reading “An act of war in the Indian cyberspace – Hindustan Times”

On China, it’s time to consider cyber operations – Hindustan Times

My opinion piece for Hindustan Times: https://www.hindustantimes.com/analysis/on-china-it-s-time-to-consider-cyber-operations/story-crMraUyDc64taDRHMhEnhP.html.

The recent border clashes between India and China have led analysts, habituated to conventional warfare, to compare the relative strengths of the two adversaries in terms of the number of tanks, aircraft and other military paraphernalia.

It appears that Indian strategic discourse has yet again discounted cyber operations as an instrument of power projection, which could have offered a degree of flexibility when it comes to coercing, compelling and imposing costs on the contentious neighbour. This is unfortunate considering how much Indian think-tanks have glamourised the cyber domain.

Continue reading “On China, it’s time to consider cyber operations – Hindustan Times”

Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society

In a guest post in relation to The Centre for Internet & Society’s recently held roundtable on “India’s cyber defense strategy,” Pukhraj Singh looks at the critical fissures – at the technical and policy levels – in global normative efforts to secure cyberspace. By charting out the key vectors and power asymmetries among key stakeholders – both leading state actors and private actors like Microsoft – Singh posits that there is much to be done before we circumscribe cyber operations within legal strictures: https://cis-india.org/internet-governance/blog/guest-post-before-cyber-norms-let2019s-talk-about-disanalogy-and-disintermediation.

Continue reading “Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society”