When Code Is Law – The Indian Express

Published by The Indian Express: http://indianexpress.com/article/opinion/columns/when-code-is-law-digitised-data-leak-5168760/.

With the debate spurred by the revelations of Cambridge Analytica’s dealings with Facebook — and, closer to home, by Aadhaar — we may have to revisit the very foundations of the individual’s social contract with the state when it comes to privacy. Those familiar with the hacker counter-culture of the Nineties knew one thing — the most potent weapon of information warfare is availability.

Continue reading “When Code Is Law – The Indian Express”

The next war in cybersecurity would be between CapEx and OpEx – LinkedIn

Published on LinkedIn: https://www.linkedin.com/pulse/next-war-cybersecurity-between-capex-opex-pukhraj-singh/.

Anton Chuvakin, formerly a log ninja and currently a VP at Gartner, has been whipping up some emphatic commentary on the SIEMs. You know, those ugly, inflexible monoliths which have dominated the decision layer of security since a decade, just refusing to go away.

He has driven home a couple of points on the absolute operational fragmentation of the security architecture. Like, there are more security boxes within an enterprise than there are people to manage them [1]. Or the fact that there could actually be a thing called “SaaS SIEM” – though I vehemently disagree with that term (more on that later) [2].

Continue reading “The next war in cybersecurity would be between CapEx and OpEx – LinkedIn”

For Enterprises Giving Up on Cybersecurity Vendors: Abstraction Is the Future – LinkedIn

Published on LinkedIn: https://www.linkedin.com/pulse/enterprises-giving-up-cybersecurity-vendors-future-pukhraj-singh/.

An interesting development marked the conclusion of the Borderless Cyber USA 2017 conference last week. A representative from the National Security Agency (NSA) announced the launch of OpenC2 – a “standardised computer language” that creates a layer of abstraction to facilitate cyber response across product and organisational boundaries at machine speed.

The future of cyber, and homeland security in general, would be these layers of abstraction which introduce machine-to-machine inter-operability and seamlessness in a highly fragmented ecosystem. This is probably the second such strategic initiative that is not driven by vendors, but standardisation bodies. The first layer of abstraction which paved the way for OpenC2 was STIX-TAXII.

Continue reading “For Enterprises Giving Up on Cybersecurity Vendors: Abstraction Is the Future – LinkedIn”

Fifty Shades of Offensive Defence – LinkedIn

Published on LinkedIn: https://www.linkedin.com/pulse/fifty-shades-offensive-defence-pukhraj-singh/.

I see a strange paradox in front of me. The world has never been this safe – the end of the Cold War brought forth a global resolve to taper conventional arms and weapons of mass destruction. Yet, there exists a threat so looming and persistent that it is fundamentally altering the international economic order at light speed.

That paradox is starkly evident in India more than it is elsewhere. Breaking away from the shackles of socialism, the heady growth over the past 25 years rests on the laurels of the private enterprise. While India has dithered from being completely laissez-faire – which calls for strict non-interference of the government – the autonomy of the private enterprise has inadvertently become the biggest national security risk.

Continue reading “Fifty Shades of Offensive Defence – LinkedIn”

Hurdles to Military-Grade Cyber Attribution – The Quint

Published by The Quint: https://www.thequint.com/voices/blogs/achieving-military-grade-cyber-attribution.

I have been pondering over this for months now.

In the wars of the future, how would the armed forces of a nation decide that reasonable thresholds have been crossed and that an offensive or retaliatory action is merited? What if the incursions or transgressions of the adversary only happen within our sovereign information space, which is as sacrosanct as our real border?

What if we underestimate the damage a saboteur or subversive could cause with a cyber operation, which, in turn, may require a physical or kinetic response? How and with what certainty would we eventually lock in on the targets with mathematical precision if the perpetrators hide behind layers of anonymity or deniability?

To put it simply – how much money and what resources would be needed to create a global, military-grade attribution capability?

Continue reading “Hurdles to Military-Grade Cyber Attribution – The Quint”

Cyberspace as A Theatre of ‘Non-Linear War’ – DEFCOM, a journal of the Indian Army

A paper for DEFCOM India, a prestigious journal of the Indian Army, edited by the Corps of Signals.

Vol 3 No 1 2017

Abstract – This paper explores the hypothesis that any modern information operations (INFOOPS) framework must understand the symbiotic, reflexive and inter-disciplinary arrangement between offence and defence. It postulates that information or intelligence, by its very technical nature, is of dual use and the key to an effective paradigm of strategic depth in cyberspace is to minutely understand the transitional nature of the domain. By citing emerging doctrinal approaches of other military powers, this paper highlights the problems that hinder seamless situational awareness across highly fluid informational spaces and cyber-geopolitical boundaries.

Continue reading “Cyberspace as A Theatre of ‘Non-Linear War’ – DEFCOM, a journal of the Indian Army”

India: Cyber-Readiness at a Glance – Potomac Institute


Melissa Hathaway led a task force on cyber in the Bush administration and was a member of Obama’s National Security Council.

I have particularly followed her writings since 2009, while she was a contributor to Project Minerva — a US Department of Defense funded initiative to create a new geopolitical taxonomy for cyber.

Hosted at Harvard and the MIT, it made path-breaking contributions to the strategic discourse, touching upon the inter-disciplinary impact of cyberspace on foreign policy, international relations, military doctrine and the nature of conflict.

Continue reading “India: Cyber-Readiness at a Glance – Potomac Institute”