What Microsoft needs to get right about cyber norms

In my recent essay for the Centre for Internet & Society, I surmised that the current initiatives to derive cyber norms within the ambit of international law could be incongruous with the technical dynamics of cyber operations. I shed light on the critical fissures in global attempts to establish normative frameworks for cyberspace.

Continue reading “What Microsoft needs to get right about cyber norms”

Cyber Deterrence Is Dirty & Illegal: Time to ‘Innovate’ Or ‘Die’ – The Quint

Published by The Quint: https://www.thequint.com/voices/opinion/cyber-deterrence-kudankulam-nuclear-plant-cyber-attack-lessons-for-india. Hacktivist personas and hack-and-leak operations aren’t new — if anyone remembers CyberCaliphate, CyberBerkut & Guardians of Peace, etc. This is relevant as major leaks hit Iran, Russia and China in November. India’s cyber adversaries would rather target its soft political underbelly. Coercion and deterrence may have purely cognitive parameters. They simply do not exist in the “disrupt, deny & degrade” dimension, as recent Iran operations by US Cyber Command have shown.

Continue reading “Cyber Deterrence Is Dirty & Illegal: Time to ‘Innovate’ Or ‘Die’ – The Quint”

Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Some dumbified excerpts from my dispatches to the government:

Continue reading “Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains”

Lessons from Kudankulam – I: Recreating the target context

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Continue reading “Lessons from Kudankulam – I: Recreating the target context”

Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society

In a guest post in relation to The Centre for Internet & Society’s recently held roundtable on “India’s cyber defense strategy,” Pukhraj Singh looks at the critical fissures – at the technical and policy levels – in global normative efforts to secure cyberspace. By charting out the key vectors and power asymmetries among key stakeholders – both leading state actors and private actors like Microsoft – Singh posits that there is much to be done before we circumscribe cyber operations within legal strictures: https://cis-india.org/internet-governance/blog/guest-post-before-cyber-norms-let2019s-talk-about-disanalogy-and-disintermediation.

Continue reading “Before cyber norms, let’s talk about disanalogy and disintermediation – The Centre for Internet & Society”

A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook

My second op-ed on the Kudankulam-ISRO hack for Outlook. The first piece for HT laid bare the challenges. This one proposes some parameters for cyber deterrence. Deterrence in cyberspace could be extremely bizarre and challenging: https://www.outlookindia.com/website/story/opinion-a-post-kudankulam-roadmap-for-indias-cyber-deterrence/342174.

Continue reading “A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook”

An act of war in the Indian cyberspace – Hindustan Times

My op-ed in the Hindustan Times, originally titled, “An act of war in the Indian cyberspace.” My every word is measured: https://m.hindustantimes.com/analysis/what-the-cyber-attacks-on-kudankulam-and-isro-show-analysis/story-OVlR5MO18yk7jQFrnRvTpM_amp.html.

On September 3, I notified the National Cyber Security Coordinator about network intrusions into the Kudankulam Nuclear Power Plant (KKNPP) and Indian Space Research Organisation (ISRO), after being tipped off by a third-party. It was right around the time of Chandrayaan-2’s final descent.

Continue reading “An act of war in the Indian cyberspace – Hindustan Times”