Cyber space operations should become an integral part of the IAF
Air Marshal Ramesh Rai (retd)
Cyber technology has made its impact in battle space, much as the technology of flight had a century ago, and evolved as a new domain. Cyber is now well acclaimed and established as the fifth domain of war and we can safely postulate that any future conflict will have a large component of cyber warfare. Whether cyber would bring about a paradigm shift or change the fundamental character of war will depend on how its doctrine and operational concepts get developed and integrated with the war fighting concepts of other domains.
Conceptually, each domain develops and prepares to operate independently and collectively to bear its prowess when called upon to do so and it is certain that the cyber domain would follow a similar contour.
Broadly speaking, cyber warfare is the use of technology to penetrate another nation’s/ enemy’s computers or networks for the purpose of causing damage or disruption (The Drew Papers- Air Power lessons for an air force cyber-power targeting theory by Lt Col. Steven J Anderson, USAF). Since a wide range of social, economic, political and military functionalities depend on computers, networks, internet, electronic technologies and the electro-magnetic spectrum i.e. the cyberspace, it is preordained that cyber warfare will be used to exploit this dependency to meet political and military objectives.
Computers and networks are embedded in every system of a nation, enabling administration, banking, business, industry, logistics, electric grids, communications, air traffic control, air space management, smart cities and much more. It is the vulnerability of this very actuality that the enemy will exploit through cyber warfare which a nation would have to guard against. The threat is real and a cyber-attack on a government’s IT network could bring an entire nation to its feet.
In April 2018, the small independent Caribbean nation of St Maarten faced a total public shutdown for an entire day when its IT network was hacked for the third time over a year (https://www.weforum.org/agenda/2018/06/how-organizations-should-prepare-for-cyber-attacks-noam-erez/ https://securityaffairs.co/wordpress/71236/hacking/sint-maarten-cyber-attack.html). Closer home, the Nuclear Power Corporation of India Limited confirmed a cyber-attack on the Kudankulam Nuclear Power Plant in Tamil Nadu, in September this year. The nuclear power plant’s administrative network was breached in the attack though it did not cause any critical damage (https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/). These examples highlight the extent and severity of a cyber-attack. It is imminent that cyber forces could operate around the globe and with a much wider connotation than the battlespace of the militaries, and would need to be addressed at the national level.
Cyber Space and Armed Forces
Since the armed forces will also be in the ambit of cyber space, the military element of cyber warfare will have to be culled out from within the national framework. Armed forces would have to protect not only their platforms, weapons, information, networks and capabilities but also conduct offensive cyber operations in respective domains. In the future, cyber space is likely to pervade every conventional war-fighting domain more and more as our armed forces get increasingly dependent on computers, networks and information technologies to enhance their efficacy. This will create new and ever-increasing vulnerabilities. Thus, the Indian armed forces will have to position themselves to develop cyber warfare capabilities to be employed independently or in support of their domain operations. This would entail developing both cyber defensive and offensive forces to counter enemy’s cyber capabilities.
Cyber as Part of Future Battlespace
A future war in our context will have a pronounced cyber threat from China as it consolidates on its new operational concept of fighting an informationalised war. In the last decade, China has made considerable progress in developing cyber warfare capabilities in terms of its policies, restructuring organisations, building human expertise, and raising new establishments. China and Pakistan are known to be developing cyber warfare capability to deter a physically and technologically superior military adversaries (https://usiofindia.org/publication/usi-journal/chinas-cyber-warfare-capabilities/).
Given the above, and the operational character of the battle space as it stands today, it is certain that a future two-front war will have a hybrid construct. The hybridity could be with a mix of regular forces using conventional weapons. This could be intermeshed with irregular forces using irregular tactics with support of terrorists, insurgents, cyber intrusions, and possibly some dimension of social and political warfare. While the cyber intrusions with political, economic and social connotations would need a national approach, the armed forces would have to tackle intrusions into their cyber space so that their operations are not constrained or inhibited.
Cyber and Air Force Operations
Cyber space is a physical phenomenon that serves to host the EM Spectrum, computers, networks, flow of digital data and information much in the same way as air hosts airborne systems (fighter aircraft, drones, missiles etc). Air forces rely heavily on cyber space since most of their operations are synchronised, co-ordinated and conducted through flow of information via computers, sensors, datalinks, information systems and information technology.
The Indian Air Force (IAF) will need to factor its cyber space uniqueness and control this domain to retain its freedom of action. This aspect assumes greater significance and relevance for the future, as its reliance on cyber space increases heavily when it transforms to a 5th generation force in the years to come. The IAF is at the threshold of configuring an operational data link (ODL) and translating to network centric operations. It already has a secure encrypted Air Force Network (AFNET) operational since 2010, facilitating enhanced communications and data transfer for the air defence setup. The Integrated Air Command and Control System (IACCS) connecting data of all ground-based radar sensors and AWACS rides on the AFNET.
With the ODL configured, all its 4.5 Gen (Mirage, Su-30, Tejas and Rafale), 5th Gen manned (AMCA) and unmanned (AURA) platforms, ISR systems, Surface Based Weapons systems would ride on the ODL to transfer data to and from the IAACS, between platforms and between C2 centres to complete all elements of the network centric set up. Networking primarily links all sensors, systems, weapon platforms and C2 centres for data to flow to create an enhanced situational awareness and then to bring to bear the most appropriate weapon on the target, enhancing efficacy and tempo of operations. The implication of becoming a fifth-generation air force is the vulnerability of the cyber space to intrusions by the enemy that could restrict, disrupt or inhibit air force operations. Hence, it would be imperative for the IAF to cultivate capabilities to defend or protect its cyber space.
Defensive Cyber Operations
Defensive cyber space operations are intended to preserve the ability to utilise own cyber space capabilities for projecting air power. A networked system is at risk owing to its construct and configuration, primarily at the points of interconnection and interaction with its clients. The IAF’s networked centric setup would comprise a very complex mix of an encrypted data link, software controlled systems, 5th generation manned and unmanned platforms, AWACS, space and airborne ISR, ground-based radars, Air Defence systems, Command and Control centres (C2), a host of mainframes to personal computers, modems, interfaces of local area networks to the IAF’s intranet, the world wide web, civilian and military communication systems, navigation systems, and radios in all frequency ranges. Any weakness even in a single system or its connect could disrupt the entire network, and the results would be catastrophic.
Cyber Defence – Layered Approach
Our cyber defence mechanism would need a layered approach. The first layer would be to ensure the integrity and security of the information environment from an Information Technology (IT) perspective to keep the physical and signal intrusions at bay. This layer would include designing, building, configuring, securing, operating and maintaining the information environment with IT security aspects fully in place i.e. physical security, password protection, password encryption, data protection, data encryption, firewalls, virus scanner, virus protection etc as discussed in the preceding paragraphs.
This would have to be done in a proactive manner across the entire IT spread of hardware, software, data, individual users, system administrators etc. without exception. The concept is to focus on the security from an IT perspective when configuring every part of the information sphere particularly the ODL, IACCS, AFNET, Data storage, LANs, L3 switches at our bases, Command and Air HQs with emphasis on security of data at rest and in motion within and across the IAF’s information environment. This layer can be thought of as an umbrella protection against an agnostic threat. Unfortunately, even a perfect IT security baseline would not provide complete security and another layer would be required to deal with threats that manage to slip through.
The next layer would be to create defensive forces to defeat cyber space intrusions as they occur. Defensive cyber space operations are active cyber space defence activity that would allow us to interdict an adversary after he penetrates the first layer (The Drew Papers- Air Power lessons for an air force cyber-power targeting theory by Lt Col. Steven J Anderson, USAF). This layer would involve creating abilities to detect, analyse, and mitigate threats that cross over. As opposed to the first layer which was threat agnostic, this layer would be threat specific against threats with malicious capability and intent that outsmarted the first layer. Since such out-manoeuvring of the outer layer could happen across the entire information sphere, defensive cyber operations would have to be prioritised to occur first at the most critical part of the environment so that our operations are not disrupted. In the air force jargon, these operations would be akin to defensive counter-air operations, wherein air power takes on intruding enemy forces with own defensive forces.
Evolving Defensive Cyber Force
In evolving a defensive cyber force, the IAF would have to identify key parts of the information environment that are vital for its operations. For example, if the IACCS system is essential for the defence of the nation, then perhaps this is the priority. Step two in this example would be to technically map the key elements from the sensor to shooter, the network and systems over which data would move and run the cyber ISR functions to detect and analyse any threat that may have intruded and work out the defensive measures.
Conceptually, it calls for a robust cyber ISR scan capability along with the capacity to create defensive cyber forces capable of mitigating the detected threat. This would be a tough call and the core aspect of cyber defence requiring cyber experts with knowledge on each individual system and component that makes up our cyber space. This capability will be the key determinant of our ability to provide freedom of manoeuvre in own cyber space.
Potential vulnerabilities are not limited to the network and its clients but would also include the entire ‘ecosystem’ of which the maintenance, engineering, logistics, spares management, fuel management, gases etc. would be an essential part. Measures to protect our Integrated Maintenance Management On Line System (IMMOLS), Electronic Maintenance Management System (e-MMS) are equally important. Beyond aircraft related systems there are systems at the airfield that rely on cyber space and the EM spectrum which directly support air operations i.e. Air Traffic Management, Meteorology, Command and Control etc. While cyber defence is the lynchpin to providing freedom of movement in cyber space, offensive cyber capability is where the cyber domain offers targeting payoffs for employment of air power. Developing offensive cyber forces would be equally important.
Offensive Cyber Forces
Discussion on offensive cyber operations is based on the premise that these operations would be combined with offensive air operations of the air force. In doctrinal terms, it calls for culling out a cyber-air targeting philosophy so that the two are adequately combined to meet mission objectives. Given the lack of warfare experience in the offensive cyber arena, adopting the air power targeting philosophy even for cyber, as a start point, is recommended. Thereafter, as experience is gained cyber could combine to the extent desired in neutralising the plethora of targets in the IAF’s cradle across the full range of operations i.e. from strategic to tactical and from conventional to irregular war. The aim at all levels would be to deny, disrupt, or degrade enemy capabilities, either directly or indirectly (through deception) either by cyber alone or in concert with air power.
At the strategic level, cyber could target the larger nodes of enemy systems whose disruption would provide an outsized leverage for coercion while at the tactical level, support local actions, depending on the demands of the situation. For example, a cyber-attack on an AD radar or SAM system on the ingress route of a strike package as part of Suppression of Enemy Air Defence (SEAD) operations would typically meet the air force’s tactical requirement in what could be termed as a localised issue. But at some point, a sound doctrine for targeting would have to be established based on the capability of cyber forces. It will have to take into account that the IAF is able to develop on the basis of technology and expertise available, employment philosophy and the experience gained.
Development of Full Spectrum Cyber Power
The IAF has an extensive cyber security policy in place since 2007 which was revised in 2012 and 2018. The policy covers the entire gamut of cyber activity including the AFNET, LAN, Internet and weapon systems. It lays down in detail the various procedures to be adopted in the IAF’s cyber space. This policy would form the first layer of security as discussed in this article.
Our cyber space would be a contested arena in any future war, as stated earlier, hence developing cyber defensive forces as the second layer of defence would be imperative. The action of cyber space defence is not only to obtain freedom to operate in one’s own cyber space but to protect the entire information environment in order to mitigate threats and vulnerabilities. The IAF ought not to be content in merely defending its cyber space and must also as a policy employ cyber offence to support its own operations by manipulating, degrading, disrupting and destroying enemy infrastructure and/or capabilities. It must recognise that cyber space attack, like all forms of attack, can be designed to generate effects in the physical domains.
The primary need for cyber space operations to be integrated with the IAF operations is to ensure freedom to manoeuvre in cyber space which would be imperative to win a future war. The air force has laid out security policy which serves well for being the first layer of defence. It could now look forward to developing the entire gamut of actions to exploit cyber power in its entirety. For this, creating cyber defensive and offensive forces along with a robust cyber ISR would be the key operational construct. A way forward has been discussed.
Cyber-air operations can create a powerful targeting synergy and there lies a huge benefit in combining existing air concepts with cyber as a starting point. The availability of trained and qualified manpower would be a challenge that will have to be overcome. While this article has focused on cyber space operations in support of air operations only, there is a broader implication of cyber security at the national level for which developing a policy, organisation and authority would be mandated to tie it all together. The armed forces play a key role in defending national security within their sphere and must, therefore, be prepared to defend it in all domains including cyber space. This implies creating situational awareness of cyber space, cyber forces and a mechanism to integrate cyber space operations within the national framework to accomplish the assigned missions. The IAF would do well to take the lead as its dependency on cyber space is absolute.