Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Some dumbified excerpts from my dispatches to the government:

Continue reading “Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains”

A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook

My second op-ed on the Kudankulam-ISRO hack for Outlook. The first piece for HT laid bare the challenges. This one proposes some parameters for cyber deterrence. Deterrence in cyberspace could be extremely bizarre and challenging: https://www.outlookindia.com/website/story/opinion-a-post-kudankulam-roadmap-for-indias-cyber-deterrence/342174.

Continue reading “A Post-Kudankulam Roadmap For India’s Cyber Deterrence – Outlook”

Why I should not be talking about an Indian cyber mercenary

Even ten years ago, as we bootstrapped cyber operations in the government, a subtle tension always brewed when it came to contractors.

I belonged to an archaic school of thought believing that such capabilities need to be internally fostered. As Dave Aitel rightly says: you build competencies [over generations] rather than tools. Continue reading “Why I should not be talking about an Indian cyber mercenary”