Comparative Analysis of India and China in Cyber-Defence: Cybertechtures and Cyberpowerdom
The two rising powers of China and India have assumed multi-faceted development paradigms as regards the inception of their emergence on the world stage to rival the world’s pre-eminent entity, the United States of America (USA).
Of the many facets being rigorously improved as on date, the central theme of cybersecurity has emerged to occupy a crucial position in the realm of the two countries’ national security apparatuses. It is estimated that with the humungous numbers of financial transactions taking place via the medium of the internet, cybercrime will offer a lucrative career option to bent and crooked minds from all walks of organized crime.
This article discusses the cybersecurity architectures, or ‘cybertechtures’ (such as an architecture that captures the very kernel of India’s cybersecurity and the encompassing infrastructural frameworks that form the backbone of India’s ventures into the cyber domain), of the two rising Asian behemoths, and humbly attempts to do a comparison between the present being of the billions of dollars’ worth of investments that have driven their rise as ‘cyberpowers’.
Understanding the Cyber Setups of India and China
The official structures of India and China are meant to deal with cybersecurity to strengthen the overall national security of the country. The cyber domain addresses the very fundamentals of a country’s technological and digital existence. Attacks on the consumer base of a country (and aimed at the national security establishment) involve phishing, theft via authentication gateways of passwords, PIN (Personal Identification Number) codes and even Unified Payment Interface (UPI) IDs to conduct scrupulous transactions, cross-site scripting, SQL injections, denial-of-service (DoS) and distributed-denial-of-service (DDoS), Man-in-the-Middle attacks, and malware/spyware (Source). The digital revolutions underway in India, China and the rest of the world, particularly since the advent of the internet and its proliferation in the early ‘90s and the evolved present-day interfaces of the internet such as the Internet of Things (IoT), cloud computing and artificial intelligence, requires to be bolstered through a robust security ‘backend’.
India has unleashed a digital revolution aptly named Digital India, under the auspices of the Narendra Modi government. The Digital India program aims at achieving a thorough penetration of the digital medium country-wide, including the utilization of the medium by the underprivileged so as foster a basic digital foundation even in the deepest corners of the country (Source: India’s internet user base, as per the NITI Aayog). On July 1, 2020, the Digital India initiative completed half a decade of its endeavours in enriching India’s digital spaces and commemorated the same with a webinar.
An integral feature of the Digital India program is the Cyber Swacchta Kendra (CSK, Botnet Cleaning and Malware Analysis Centre), established with the patronage of the Department of Electronics and Information Technology (DeitY) of the Government of India, which shares downloadable security tools as well as best practices for the end-users to utilize in their daily dealings with technology. The Indian Computer Emergency Response Team (CERT-In) has partnered with the CSK to respond to illegal incidents. The Ministry of Home Affairs’ (MHA) Cyber And Information Security (C&IS) Division is structured on four response-oriented ‘desks’.
India’s policymaking in the cyber domain results in the circulation of a National Cybersecurity Strategy (NCS), courtesy the DeitY. Since 2013, a new National Cybersecurity Strategy is yet to be published and a close source has insisted that an updated strategy will be released soon. The National Cybersecurity Policy of 2013 lays out the guiding principles of the country’s organizational approach to the threats prevalent in the cyber domain. The 2013 edition lists fourteen objectives of primary significance that India is pursuing towards the goal of comprehensive cybersecurity. A Cyber Crime Portal has been constituted for the general public to report acts of cyber terror. The complaints logged are duly addressed by concerned authorities, and this has resulted in a transparent system that vitally responds to the growing menace of the spurious use of the cyber domain.
The China Information Technology Security Evaluation Center (CITSEC) is a central institution responsible for quality-checks on Chinese cyber technologies, as well as their standardization. Cyber research is also undertaken at the CITSEC. This is supplemented by provincial IT security evaluation centres. In 2008, the Chinese constituted the Ministry of Industry and Information Technology (MIIT) within the national State Council to safeguard China’s information security. China’s cybersecurity setup is reported to the Chinese government’s Ministry of State Security (MSS). In 2016, the Office of the Central Cyberspace Affairs Commission published China’s inaugural National Cyberspace Security Strategy, which emphasized the word ‘sovereignty’ as concerning the Chinese cyber domain.
China is notorious for sustained cyber-espionage which adds yet another complex dimension in China’s cyber expeditions to the world. A decisive Chinese cyber strategy aims at not just strengthening its own cyber setups, but also at weakening and suppressing the cyber setups of rival countries such as the United States and India. Both countries’ official cyber setups are relatively nascent and have involved the formalization of central institutions which are responsible for the present-day governance of their respective cyber regimes. A multi-pronged approach by China as regards India has involved astonishing increases in Chinese attempts at hacking Indian systems especially during times of tension between the two countries, such as the recently-concluded Galwan Valley standoff in India’s northern union territory (UT) of Ladakh.
Threats in the Cyber Domain: Common and Mutual Challenges
The threats in the cyber domain for India and China constitute, chiefly, each other. India has been a rather disparaged recipient of attacks on its critical information technology infrastructure by Chinese hackers who have been found difficult to trace. Indian analysts have expressed concerns about the levels of coordination as regards the cyber domain within the Chinese hierarchy, with criticism laid at China’s disjointed cybersecurity architecture. A non-governmental agency – the National Computer Network Emergency Response Technical Team/Coordination Center of China, set up in August 2001, has attempted to ensure coordination in the cyber domain between operating agencies within the Chinese cyber framework. India, on the other hand, has formed a nodal agency to ensure centre-states coordination on matters cyber. The National Cyber Coordination Centre, under the auspices of the National Security Council Secretariat (NSCS), was established to facilitate intelligence gathering in the cyber domain.
Very recently, India announced a ban on Chinese apps such as the popular TikTok, and 59 other Chinese-origin apps, and has upped the ante regarding alertness in the cyber domain. In end-June 2020, India was subject to 40,000 attacks in five days. India also faces the specter of cyber-attacks from traditional rivals such as Russia, with a report stating that 400,000 attacks were registered cumulatively from the East Asian behemoths and security partners such as the US. It must also be mentioned that the two rising powers face threats from other spheres in the cyber universe. The phenomenon of ‘insider groups’ wreaking havoc on a country’s own organizations is not new to India and China. Often these suspect groups can prove to be more cumbersome in dealing with, than externally sponsored ones, and cause equally – if not more – potent damage.
2020 has been a watershed year for India with respect to cybersecurity, as appalling statistics have emerged in the mainstream media which highlight the country as a foremost target for cyber-hackers. The Business Insider reported a 37% increase in cyberterrorism in the year’s first quarter as per statistics from the Kaspersky Security Network. Attacks aimed at the Indian cyber universe have resulted in India being labelled as one of the worst countries in the world given its vulnerabilities to cyber terrorism by the British company Comparitech. India ranks worst even among the damages caused to mobile phones via illegitimate applications.
Conclusion: Competition between Cyberpowers in the Asian Century
A hypothetical future for Asia wherein Beijing and New Delhi may finally shun overarching American hegemony to christen themselves as ‘risen’ instead of the axiomatic ‘rising’ will most certainly – and it already does, to a certain extent – involve an incremental escalation in the use of the cyber medium that may effectively destroy billions of dollars’ worth of cyber-infrastructures. Investments in cybersecurity by the two burgeoning Asian giants may effectively be nullified by determined hackers, much to the utter dismay of their budding superpower-doms.
India’s democratic nature offers the world a friendly, open, and transparent outlook as regards the cyber domain. In contrast, China’s deceptive and shadowy evolution as a cyber power has been shrouded in secrecy, owing to the vagueness of its governing regime. The PRC has targeted an ‘impregnable cybersecurity system by 2025’, which puts it well on the road to emerging as a first-rate nation-state by 2049, a goal set by its visionaries.
The undeclared competition between the two Asian foes as concerning the cyber domain is apparent. To what extent the competition can emerge to be unrivalled (barring the world’s sole superpower in the United States and its vastly-advanced technological frameworks on which the world’s rising and major powers are dependent) with the Asian Century ending up not as a misnomer but as a fulfilled prophecy, remains to be seen.
