By: Hammaad Salik & Rao Qasim Zahid
Cyber war’s entire phenomenon is shrouded in such secrecy that it makes the Cold War look like a time of openness and transparency. Nations that have invented new weapons technologies and the tactics to use them, may find these technologies redundant if their militaries are caught up in the ways of the past; Overcome by inertia, overconfident in the weapons they have become dependent on, considered supreme especially if they accommodate the word ‘Nuclear’ in the title.
Some of the key takeaways from recent cyber war incidents tell us that the ‘Fifth Domain’ – cyber war, is real and will be enacted at the speed of photons. It is global in scope, and the stage will not be the traditional battlefield. The ultimate impetus to have a conversation, and more, on cyber war is the fact that it has already begun. There is every reason to believe that most future kinetic wars will incorporate a major element of cyber, and that all other cyber wars will be conducted as ‘stand-alone’ activities, absent of infantry, airpower, and battleships. However, there has not yet been a full-scale cyber war, i.e. a war in which leading nations employ their most sophisticated arsenal of cyber weapons.
From a neutral standpoint, Pakistan need to work not only to improve cyber defense capabilities but also conventional cyber laws and regulations. GDPR of the EU and several PPDs (Presidential Policy Directives) of the USA are prime examples of how world powers accept cyber security as a critical player when it comes to the economy and sovereignty of their country along with the autonomy, integrity, freedom and security of its population’s information. In 2016, Pakistan drafted a cyber-act: Prevention of Electronic Crimes Act, aka PECA. This ACT operates under a limited scope and serves only for the prevention of electronic crimes. Concurrently, other countries are focused on regulating the cyber autonomy and governance of federal, state, and local governments and commercial sectors holding PII data of the general population as ‘customers.’ Over the past few UN GGE events, Pakistan’s stance has been that cyber warfare is a threat not to be frowned upon.
The recent show of aggression by India, revoking the special status of Kashmir, struck a string of tensions between the two countries that made the Feb 2019 failed Indian air strikes and Pakistan’s reply operation ‘Swift Retort’ look like a friendly interaction between the neighbors. In an attempt to gain military advantage, India formed the Defense Cyber Agency on September 28, 2018. The DCA is headquartered in New Delhi as a tri-service command of the Indian armed forces. On paper, the agency is tasked with handling cyber security threats. However, it is an outfit for ‘Offensive’ Cyber Warfare operations. Given the current state of affairs between Pakistan and India, responding to this cyber threat is essential to Pakistan’s security.
Furthermore, compromising major ICS (industrial control systems) sectors of the enemy is now a standard practice, tilting the medium of warfare from conventional to cyber. Take September 6th, 2007 for example. An unparalleled attack was conducted along the Euphrates, 75 miles from the Turkish border down in Syria when Israeli air strike formations consisting of F-15 Eagles and F-16 Falcons bombed a complex built by North Korea. The facility was later labeled by international media as a North Korean designed nuclear weapons development plant. The attack is intriguing because Syria had spent billions of dollars on state of the art Russian air defense systems. The system incorporates sophisticated radars that would have lit up like fireworks in response to any hostile movement. However, on the night of the attack, nothing
appeared on the screens of Syrian radar operators. In the aftermath Syrians slowly, reluctantly, and painfully accepted that they had been ‘pwned’ by Israeli cyber units.
As U.S. Operation Desert Storm unfolded, Chinese PLA military planners made a stark realization. They referred to the Gulf War as ‘zhongda biange‘, the great transformation. China’s strategy back then was to increase its military in size for maximum impact. Bear in mind that, at that point, Saddam Hussein’s army was the fourth largest in the world. His weapons arsenal was primarily Soviet make and design, similar to what the Chinese employed. Saddam’s weaponry was mostly destroyed from the air before it could ever be used. Chinese military planners revisited their strategy, downsized their military, and invested in new technologies to align themselves with the requirements of the future battle space. One of those technologies was ‘wangluo-hua’ or networkization to deal with the modern battlefield of computers. The new Chinese strategy focuses on ‘zhixinxiquan’ or information dominance.
It is no secret that Pakistan is a major strategic player in international politics, militarily and geographically. Sharing borders with China, India, and Afghanistan, and nurturing vested interests of major powers like China, Russia, USA, and NATO. Most of these countries have already taken the steps in establishing national cyber commands – USCC for the USA, PLA unit 61398 for China, CDC for Iran’s R.G., DCA for India, and GRU 85 for Russia. Therefore, we can establish that it is high time for Pakistan to step in the race for cyber dominance. Pakistan needs to establish a cyber-command before enacting conventional cyber laws.
For everyone’s interest sake – Let us probe the idea that Pakistan decides to take active steps in forming a National Cyber Command. Like every other hot issue in Pakistan, the immediate concern that comes to mind is who will be responsible for conducting cyberspace operations within the cyber command (government or military)? The constitutional structure of Pakistan establishes that the government holds the power to oversee and regulate. At the same time, all operational execution responsibility should be administered and conducted by the military. The Cyber Command should be established, regulated, and administered along these same lines. Cyber, by all means, is a term used for military space.
The National Cyber Command can be structured in a way that will accommodate cyberspace for the tri-forces under one umbrella i.e. the formation of individual naval, air force, and army cyber command under the same roof with the budget, regulations, policies, and administrative capacity demonstrated by the Ministry of Defense, a civilian body. In simplistic terms, orders to be given out by the Prime Minister House or Ministry of Defense to the National Cyber Command, and the execution to be then allocated to the relevant military actor according to the order i.e. naval, air, or army. At the same time, the Cyber Command’s information will be administered by the intelligence agencies of Pakistan, establishing a collaborative effort between military, government, and intelligence departments.
Information warfare (IW), a taboo, is often managed by a country’s military intelligence agency. To protect the autonomy and confidentiality of IW, National Cyber Command should be housed in the premises of ISI HQ, with DG ISI on a dual role: One being head of Inter-Services Intelligence and second as Director National Cyber Command. This approach will prove to be a fundamental step in improving Pakistan’s cyber defense capabilities.
Cyberspace is often taken as a very complex and sensitive matter, left only to the most technically inclined to worry their uncombed or bald heads over. Pakistan has always been a strategic role player in the world. With the shift in the battlefield towards the Fifth Domain, establishing a cyber-command will embed Pakistan’s footprint in the race for cyber dominance. The cyber command will unify the direction of Pakistan’s cyberspace operations, promote and harden military cyberspace capabilities, and integrate and bolster the military’s cyber expertise. It will improve the military’s skills to operate resilient and reliable information and communication networks, counter cyberspace threats, especially those originating from other nation-states, and assure safe access to the national cyberspace.
The views expressed in this article are the author’s own and do not necessarily reflect The Dayspring’s editorial stance.
The writer (Hammad) is an entrepreneur and member advisory Strategic Warfare Group. He aims to provide accurate and transparent cyber information to the general public. His expertise are Cyber Warfare Operations, SIGINT and Kinetic Warfare. He can be reached at [email protected]
The writer (Qasim) is pursuing LLM at Macquarie University Australia, majoring in Criminology and Cybersecurity Law. He aims to increase research into Cyberspace and Cyber Policy in the context of Pakistan. He can be reached at: [email protected]