India in the Cusp of Emerging Nuclear-Cyber-Threats
A largely futuristic, yet so plausible threat now seems to be necessitating India’s attention. Cyberspace has revolutionised the idea of traditional national security, cashing on its ability to be ubiquitous. Cyberthreats are the new normal in the contemporary security environment that has been testing the defence of countries as well as their offensive capabilities. The threat of cyber-attacks has now percolated to the nuclear domain in India. Though countries like the United States, Iran and Japan have encountered these threats since the break of the century, India’s tryst with a minor, yet startling cyber-attack took place for the first time in 2019 at the Kudankulam Nuclear Power Plant in the Indian state of Tamil Nadu.
Incidentally, the attack on a non-critical, administrative computer in the power plant shook the mood of the regional political parties and activist groups, leading to protests against the power plant’s operation. With India’s soaring dependence on energy resources, nuclear energy figures in as a feasible constituent of energy diversification. Hence, the imperative for the cybersecurity of such critical information infrastructure will persist as these plants operate through a network of networks to bridge information between their integral units.
The advances in cyber technology have paved way to the development of cyberweapons that can enter into the computer systems of the nuclear power plants and reconfigure it in a way to be able to cause malfunctioning leading to the disruption of the functioning of the plant. This can precipitate into a spectrum of dangerous events ranging from just crippling the power plant because of worn-out centrifuges, like in the case of the Stuxnet worm attack on an Iranian enrichment facility, to causing catastrophic disasters like a nuclear meltdown that can deteriorate the health of the target country.
More so, the ramifications need not be just physical but can also be heavily psychological. The Three Mile Island nuclear incident that occurred in 1979 in the United States put an end to the establishment of new nuclear power plants in the country because of protests from the civil society and the citizens. The 22 nuclear power plants currently functional in India could be subjected to these threats and thus, ought to be secured.
The ambit of cybersecurity is also very much inter-related to a country’s nuclear arsenal. The command and control systems of the nuclear force heavily rely on computer networks. From early warning systems to launch authorisation, the operation of nuclear arsenals is being increasingly built upon cyberspace. These command and control systems are prone to be spoofed or be jammed, causing an inadvertent nuclear launch or rendering the entire nuclear force ineffective when a launch is actually intended. An act of sabotage or espionage could also be major motivations for such attacks. The consequences of a nuclear war are inevitable. There is death and destruction. The concept of nuclear deterrence will lose its credibility because of the sort of distortion that cyber-attacks inflict on nuclear stability.
Breaking the myths
Contrary to common sense, network interconnectedness has rendered the critical infrastructure more sophisticatedly vulnerable. The United States has been conducting simulation tests to gauge the resistance level of weapons to cyber-attacks. The Government Accountability Office that produced the report concluded that with the use of basic cyber weapons, the cyber-attacks had gone largely undetected and the systems could be penetrated with relative ease, iterating the alarming situation of weapon cyber vulnerabilities. The inventory could also include nuclear weapons and the threat is a lingering concern to every nuclear-armed state. It is proven by experts that the computer systems in the nuclear power plants or nuclear command and control systems cannot always be ‘air-gapped’ and air gapping is not fool-proof. Air-gapping is the process by which the command and control systems are walled-off from external internet networks to prevent being penetrated by alien agents. Such absolute isolation is not possible because of the requirement of this computer software to be regularly updated which would involve an external connection to be inserted to the system.
In the era of information warfare, cyber technologies open avenues for both acquisition of immense information, hence achieving domination or possible destruction and distortion of information. For India, threats from such cyber-attacks can be perceived both from state and violent non-state actors. The trans-boundary nature of cyber-attacks has made it a preferred mode for entities to target their enemies as the origin of the attack could be unidentified to a large extent. Owing to the inevitability of the dual-use nature of cyberspace, it is in India’s national security interest to establish certain preventive measures through policy pronunciations.
Building blocks for a vibrant policy
- The National Cyber Security Policy should particularly include provisions for the cybersecurity of nuclear facilities and provide for infrastructure to execute the same.
- The Atomic Energy Regulatory Board should chart out an in-depth ‘Planning and Response to Cyber Emergencies’ document that frames inspection and response mechanisms including the formation of a Cyber Risk Reduction Response Team (CR3T) to oversee the cyber health of the command and control systems.
- The policy should enable the nuclear facilities to further equip the cyber deterrence through state-of-the-art cyber defence mechanisms and a much vibrant and transparent Personnel Reliability Program.
- Collaborating with countries like Israel and the United States to share robust cyber technologies and to undertake the training of personnel to protect the nuclear-cyber infrastructure and to share good practices is the need of the hour.
India is a fast-developing country with diverse demography that has the potential to drive the economy. The various critical infrastructures of the nation have been fuelling its growth and development. It is imperative to protect the infrastructure. This holds good to the civil and military nuclear facilities. Every form of threat, especially that comes from the cyber realm, has to be prudently eluded. This has to be considered and treated as a high priority because of the involvement of high-risk targets and highly-sophisticated weapons that could potentially affect India’s national security and ambition to be a rising power in the 21st century.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of The Kootneeti Team