The recent border clashes between India and China have led analysts, habituated to conventional warfare, to compare the relative strengths of the two adversaries in terms of the number of tanks, aircraft and other military paraphernalia.
It appears that Indian strategic discourse has yet again discounted cyber operations as an instrument of power projection, which could have offered a degree of flexibility when it comes to coercing, compelling and imposing costs on the contentious neighbour. This is unfortunate considering how much Indian think-tanks have glamourised the cyber domain.
In March 2020, Booz Allen Hamilton released a fascinating dossier analysing the cyber operations of GRU, the Russian military intelligence agency, spanning 15 years. The dossier ran the traditional cyber threat intelligence (CTI) tradecraft through an impressive analytic process, thus credibly gluing the cyber operations of GRU to the doctrinal framework and geopolitical imperatives of the Russian state.
I am having some strange epiphanies as I go knee-deep into SIEM engineering. While the MSSPs have existed in all flavors and sizes, there seems to be a broad consensus that they simply can’t mimic the capabilities of an in-house security operations function – especially when it comes to gaining context, visibility and speed.
In my recent
essay for the Centre for Internet & Society, I surmised that the
current initiatives to derive cyber norms within the ambit of international law
could be incongruous with the technical dynamics of cyber operations. I shed
light on the critical fissures in global attempts to establish normative
frameworks for cyberspace.
I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:
Some dumbified excerpts from my dispatches to the government: