By Sher Bano*
For decades espionage has been used by the states to gather confidential or secret information regarding their adversaries but in the past few decades, the states have entered into a new realm of spying called cyber espionage. Cyber espionage is an attempt to steal confidential information by penetrating through the computer systems or networks or by transiting through these networks and systems. This newly emerged form of espionage has not only affected the political and security relations among the states but has also changed the shape of modern warfare. For the past few years, Pakistan has been the prime target of India’s cyber-espionage as various Indian cyber-espionage groups have attempted a number of cyber-attacks on the official websites of various government institutions. Hence, cyberspace has emerged as one of the key security challenges for Pakistan in recent times. Specifically, this becomes more significant given the fact that the digital infrastructure of any state is vulnerable to cyber-attacks and disruptions which can be easily organized but are difficult to trace because of their asymmetric nature.
India has been expanding its cyber capabilities by building various hacking groups to commit cyber espionage. Even every other day there comes news that Indian hackers attempted to deface Pakistani websites and then there is retaliation from Pakistan’s side. The most recent example is the cyber-attacks conducted by India to halt the investigation of Lahore’s Johar Town blast. While conducting the press conference on 4th July 2021, the National Security Advisor Dr. Moeed Yusuf disclosed that it was quite evident that the Indian state was behind the incident. Moreover, on the day the blast took place, surprisingly, there were thousands of cyber-attacks on the ‘investigation infrastructure’ of Pakistan. The purpose was to divert attention so that the country fails to identify the Indian networks. Likewise, they also wanted to provide the terrorists sufficient time to disperse. However due to the timely action by Pakistan’s intelligence and security agencies and strong cyber security measures they were successful in unearthing the entire network. Dr. Yusuf further added that there is no doubt in the fact that the cyber-attacks and the Johar Town incident were inter-linked. The cyber-attacks of such magnitude make it obvious that there is state involvement.
The above incident is not unique, similar incidents of cyber espionage conducted by the Indian state were reported last year. In a statement issued by the ISPR, it was intimated that the country’s intelligence apparatus has identified a major cyber-attack conducted by the Indian intelligence agencies. The attack involved the hacking of gadgets and mobile phones of military personnel and government officials. The purpose of the attack was a deceitful fabrication. Even though it was timely intercepted, it has increased the risk of the Indian propaganda war against Pakistan through digital sabotage. Similarly, there was an incident back in 2019 when the mobile phones of two dozen senior intelligence and defence officials were compromised using the spyware called Pegasus. A very alarming fact is that the Pegasus was made by an Israeli spyware company called the NSO group. India has been enhancing its cooperation with Israel in the cyber field as Israel is among the countries with enhanced cyber warfare capabilities. Hence India aspires to gain a lot from Israel’s advanced cyber capabilities.
India’s further enhancement of cyber capabilities through the acquisition of more sophisticated and advanced cyber tools from its strategic partners would further challenge Pakistan’s cyber security and ultimately the national security. In order to counter this emerging cyber threat from India Pakistan needs to have a broader counter measure. In this regard, the cyber departments of the state agencies need to have a national-level cyber command or comprehensive cyber warfare doctrine so that they can pre-empt or defend the country’s cyberspace frontiers.
It is difficult to manage risks at both national and international levels due to the absence of regulations and limitations in cyberspace. Hence what could be done is to rethink the government’s role in policy formulation and legislation regarding the digital infrastructure and security of cyberspace in Pakistan. As part of this initiative, the Ministry of Information Technology and Telecommunication has also drafted a ‘National Cyber-Security Policy 2021’. The guiding principle of this policy is to regard any sort of cyber-attack as an act of aggression towards the national sovereignty of the country. The draft of the policy also proposes the development of resilient and secure cyber networks and systems for national cyber security response. Even though the implementation mechanism of this policy would require some time to become fully operational, it is a great initiative towards having a stringent cyber security mechanism. Moreover, Pakistan also needs to secure the country’s cyber environment by making significant efforts towards innovation.
The writer is working as a Research Affiliate at the Strategic Vision Institute (SVI), a non-partisan think-tank based out of Islamabad, Pakistan