(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens

To me, the SolarWinds hack is remarkable because it (momentarily) managed to upend one kind of strategy with the other. A broader strategic calculus is palpable from the operational choices made in this intrusion — from the Concept of Operations which underpins it.

Continue reading “(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens”

Deconstructing Ciaran Martin’s speech in 18 tweets

Ciaran Martin was the founder of the UK’s National Cyber Security Center and the former head of cyber operations at GCHQ. He gave a thought-provoking speech busting many myths around cyber power and cyber operations (text and video ).

I try to deconstruct it in 18 tweets. Click on the tweet to follow the thread:

On China, it’s time to consider cyber operations – Hindustan Times

My opinion piece for Hindustan Times: https://www.hindustantimes.com/analysis/on-china-it-s-time-to-consider-cyber-operations/story-crMraUyDc64taDRHMhEnhP.html.

The recent border clashes between India and China have led analysts, habituated to conventional warfare, to compare the relative strengths of the two adversaries in terms of the number of tanks, aircraft and other military paraphernalia.

It appears that Indian strategic discourse has yet again discounted cyber operations as an instrument of power projection, which could have offered a degree of flexibility when it comes to coercing, compelling and imposing costs on the contentious neighbour. This is unfortunate considering how much Indian think-tanks have glamourised the cyber domain.

Continue reading “On China, it’s time to consider cyber operations – Hindustan Times”

“In cyber, the generals should lead from behind” – College of Air Warfare

My talk at College of Air Warfare, Secunderabad, delivered on 17th Dec, 2019. Exquisitely titled, “In cyber, the generals should lead from behind.”

Continue reading ““In cyber, the generals should lead from behind” – College of Air Warfare”

Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains

I may (or may not) do a series of quick posts highlighting the strategic challenges encountered while investigating a cyberattack like Kudankulam. They would be filed under the ‘lessons-from-kudankulam‘ tag. Since our agencies were literally caught napping, this is a good primer for understanding what nation-state-level cyber capabilities entail:

Some dumbified excerpts from my dispatches to the government:

Continue reading “Lessons from Kudankulam – Part II: Targeting, jointness & offensive toolchains”