CIHS – Centre for Integrated and Holistic Studies

Date/Time:

Blog Post

CIHS – Centre for Integrated and Holistic Studies > Cyber Security
Beijing’s Silent Cyber Siege on America
China Security
0
458

Beijing’s Silent Cyber Siege on America

Throughout 2024, Chinese state-sponsored hacker groups like Volt Typhoon and Salt Typhoon orchestrated a series of cyber offensives, targeting everything from U.S. telecommunications to Guam’s critical infrastructure. Rahul Pawa On a December morning in 2024, a silent invasion unfolded—unseen, unheard, yet profoundly destabilising. The U.S. Treasury Department, the nerve center of American economic power, fell victim to a meticulously planned cyberattack attributed to the Chinese Communist Party (CCP). This was no ordinary breach. It was a calculated strike targeting the Office of Foreign Assets Control (OFAC) and the Office of the Treasury Secretary—both critical enforcers of sanctions against Chinese entities embroiled in cyber operations and arms deals with Russia. As the sun rose over Washington, D.C., officials scrambled to assess the damage. Anne Neuberger, the U.S. Deputy National Security Advisor for Cyber and Emerging Technologies, stood before the press, her tone somber but resolute. “This was not just espionage. This is part of a broader strategy to undermine our critical infrastructure and economic sovereignty,” she declared. Behind her words lay months of escalating cyber conflict, a crescendo that had been building since the CCP’s hybrid tactics first gained traction. The December breach was merely the tip of the iceberg. Throughout 2024, Chinese state-sponsored hacker groups like Volt Typhoon and Salt Typhoon orchestrated a series of cyber offensives, targeting everything from U.S. telecommunications to Guam’s critical infrastructure. Volt Typhoon, dismantled in January, had covertly commandeered hundreds of routers across the United States, laying the groundwork for attacks on water treatment facilities, electrical grids, and transportation systems. Meanwhile, Salt Typhoon focused on high-profile targets, infiltrating devices used by key political figures, including Donald Trump and his running mate, Senator J.D. Vance. Salt Typhoon’s activities, described by Neuberger as “an unparalleled espionage operation,” breached nine major U.S. telecom providers, stealing sensitive data and leaving behind dormant malware—a ticking time bomb designed to cripple American defences at a critical juncture. “This is not about immediate damage,” explained Rob Joyce, the National Security Agency’s cybersecurity director. “It’s a long game—preparing to paralyse us when we’re most vulnerable, perhaps during a conflict over Taiwan.” While the United States grapples with the looming specter of a cyber Armageddon, Taiwan stands as the front line of Beijing’s digital onslaught. In 2024, Taiwan’s National Security Bureau reported an average of 2.4 million cyberattacks daily, a staggering escalation from the 1.2 million daily incidents the previous year. These attacks targeted military systems, government networks, and critical infrastructure, all under the shadow of Taiwan’s January elections. Beijing’s strategy is clear: to undermine Taiwan’s democratic process and weaken its defences ahead of a potential invasion. The CCP’s disinformation campaigns, deployed in tandem with cyberattacks, sought to erode trust in Taiwan’s institutions. Yet, as Taiwanese President Tsai Ing-wen reaffirmed her nation’s commitment to sovereignty, the island’s resilience became a rallying cry for democracies worldwide. Compounding the threat is China’s deepening partnership with Russia in cyber and information operations. Ukrainian intelligence reports from 2022 revealed CCP-linked spyware embedded in over 600 Ukrainian defense ministry websites—an ominous precursor to Moscow’s invasion. By 2024, this synergy had expanded to include the exchange of malware and tactics, raising alarms in Washington about the potential for coordinated cyberattacks on the U.S. homeland. “Imagine a cyber Pearl Harbor, but orchestrated by two of our greatest adversaries,” warned Senator Mark Warner, Chair of the Senate Intelligence Committee. His words echoed the growing fears in Washington: that Beijing and Moscow’s digital axis could escalate from sabotage to all-out cyber warfare. The battle isn’t confined to cyberspace. In January 2024, Taiwan’s northern coast faced an economic lifeline’s severance when the Shunxin 39, a vessel with ties to Hong Kong-based Chinese interests, allegedly damaged a vital undersea telecom cable. Weeks later, the Yi Peng 3, a Chinese-flagged vessel, severed cables in the Baltic Sea, raising suspicions of deliberate sabotage. Beijing denies these incidents are acts of war, dismissing them as accidents. However, the frequency and precision of these events suggest otherwise. For Taiwan, already reeling from cyberattacks, these disruptions are a chilling reminder of its vulnerability. As the CCP’s cyber arsenal grows, the United States finds itself in an uncomfortable reality: unprepared for the scale and sophistication of Beijing’s hybrid tactics. The December Treasury hack, focused on intelligence gathering, underscores the need for a robust cyber defense strategy. OFAC, a linchpin in the U.S. sanctions regime, had sanctioned multiple Chinese firms in 2024 for their role in supplying arms to Russia and conducting cyberattacks. By breaching OFAC, Beijing sought to anticipate and counter future sanctions. The broader implications are stark. Guam, home to vital U.S. military installations, has emerged as a prime target. The island’s infrastructure was repeatedly probed in 2024, likely as a rehearsal for disrupting American operations in the Pacific. “Guam is the canary in the coal mine,” Joyce remarked. “If we can’t protect it, how can we hope to defend Taiwan?” As President-elect Trump, takes office, he has vowed to “bring the fight to Beijing.” Yet, the path forward is fraught with challenges. Building a resilient cyber defense infrastructure, forging alliances, and holding adversaries accountable will require a Herculean effort. The Treasury breach is a sobering reminder of what’s at stake. It’s not just about stolen data or disrupted systems; it’s about the erosion of trust in institutions, the weakening of defences, and the existential threat to democratic governance. As Anne Neuberger aptly put it, “Cybersecurity isn’t just a technical issue—it’s a national security imperative. And in this battle, complacency is not an option.” (Author is Research Director at Centre for Integrated and Holistic Studies, New Delhi based non-partisan think-tank)

Read More
Technology World
0
507

Crude critical, data for development

G-20 can develop a global framework to deal with data to ensure inclusiveness, spread prosperity and contain rouge states K.A.Badarinath Data is the new oil for humanity in near future. There’s no escaping from this reality. As a consequence, data security, management and governance are the new focus areas for both governments and private enterprises globally apart from actual consumers. Data supremacy will determine the global leadership in short to medium term. Of late, this reality may have been camouflaged with huge talk on oil, natural gas assets, their ownership, pricing and access to these hydrocarbon energy products. On-going Ukraine – Russia conflict has brought hydrocarbons to centre stage. And, energy markets have gone through a churn and continue to give sleepless nights to governments, suppliers and consumers in Europe given the price embargo slapped by 27-nations EU and the powerful G-7. For countries like India that continue to be on high economic growth trajectory and spurt in energy needs, oil has become a key factor. China being in the dumps owing to recent surge in Covid 19 cases and not being able to track asymptomatic cases has not altered the conversation beyond energy. With a million barrels oil being imported each day and spending $ 100 billion annually, India has unsaturated demand for hydrocarbons to fuel its economy on course to catapult to $ 5 trillion in few years. But, this transient surge in demand for hydrocarbons should not take the emphasis away from data that’s key to economic expansion and holistic development in India. Data market in India is valued as a multi-billion industry and growing at a fast pace. This market is expected to grow manifold. For example, data centres alone that store and manage data in India have been projected to grow 15 per cent annually to US $ 10.9 billion in five years i.e. by 2027. Data analytics is big business in India expanding over 26.5 per cent annually and touched $ 40.22 billion this fiscal. Amidst deep dive digitization in several sectors including security establishments, huge investments are being made on data generation, storage, data engineering, big data, hyper-personalisation etc. Arguably, advances in internet of things, machine learning, big data analytics is driving the digital transformation process in firms, companies and services providers apart from governments as well as public offices. Data continues to be the centre piece of global negotiations and India is no exception to this irreversible phenomenon of data-centric world. Explosive amount of data worth 1.2 trillion to 59 trillion giga bites generated over last ten years makes data management a huge challenge given the implications for India’s defensive and offensive interests on socio-economic and strategic fronts. For instance, RBI governor Shaktikanta Das in a closed door meeting with select chief executives of financial technology companies pushed hard on data security and management as a big focal area. This is no pep talk as financial and business data along with consumer behaviour analysis determines market leaders for products and services. Unsolicited online Chinese loan frauds, online breaches reflect the data vulnerability India faces especially in financial services sector that’s on a big boom and expansion drive internationally. Over a fortnight long data-breach at All India Institute of Medical Sciences targeting its 100-odd servers seeking Rs 200 crore ransom in crypto currency by Chinese hackers backed by People’s Liberation Army is a case in point. This also highlights data security as a key element in India’s strategic and economic affairs. India’s financial capital Mumbai’s electricity systems and their data centres were targeted leading to massive outages in October 2020. Most intelligence reports pointed to PLA backed Chinese online hackers for this outage.  In May this year, Chinese PLA arm reportedly led the Threat Activity Group 38 (TAG – 38) to bring down seven state load despatch centres in northern region this May with virtual squatting on the country’s power data centres is a grim reminder of data politics evolving internationally to settle scores. There are several such instances in last few years where India’s data has been targeted in key areas. On the other hand, data diplomacy plays a significant role in global engagement. India that recently assumed the Presidency of two powerful groups, G-20 and Shanghai Cooperation Organization for 2023 apart from 13-member United Nations Security Council (UNSC) has made “Data for Development” in this decade a key priority. Healthcare, education, food security and digital financial inclusion will be centre piece of India’s global engagement on data. Once this is achieved based on experiences in countries like India especially during and in the aftermath of Covid 19 pandemic, one can expect to achieve sustainable development goals (SDGs) much earlier. National Data and Analytics Platform set up by India can be leveraged to evolve a mechanism for data management globally. In this context, World Economic Forum (WEF) estimates of creating $ 100 billion worth economic activity through data generated by drones in just India in sectors like agriculture, smart cities leading to over half a million jobs creation.            International regulations should reflect the new reality relating to data. From India’s perspective, notwithstanding breaches, it’s eminently empowered to deal with large data from development areas, financial and corporate world as well as government. The latest version of Digital Personal Data Protection Bill 2022 has mooted the idea of a dedicated commission to deal with offenses relating to data that’s regarded ‘sovereign’ and distinctly different from ‘personal’ data. Penalties on individuals, companies and groups that violate data protection for commercial means or otherwise should be slapped based on the crime. Penalties should be directly proportional to the kind of violations detected by the commission. Secondly, defining ‘sovereign’ data for security purposes is paramount while ‘personal’ data privacy should be honoured. In this context, data fiduciary or purpose for which data is access should be determined. Anglo-Saxon laws on data protection may not work in the Indian context and this principle has been recognized in the new version of the bill. Housing data

Read More
Business Technology World
0
478

Exploring the Metaverse

Prachi Mishra / New Delhi Whether in virtual reality or augmented reality, the promise of the metaverse allows a greater overlap of our digital and physical lives. As Zuckerberg has claimed in his keynote address this year, Metavsere will alter conventional reality. The way people make wealth, view productivity, shop, and seek entertainment will all be altered. The Metaverse will be based on freeform reality, where users live and spend time in the virutal world, where they can create their 3D avatars and use objects like cars and houses which can be used to communicate in the Metaverse and interact with others. Metaverse is based on romantic idealism: a stable, unshakeable system with utter disregard for existing economic predicament, wonders of nature, and resources of the real world. This primer analyzes the implications of Metaverse on society, psychology of humans, and economic activity in the present day context. It also discusses the ethics of Metaverse, cybersecurity issues that will surface, and the privacy and safety of users in the virtual space. (Prachi is a research consultant at Centre for Integrated and Holistic Studies.)

Read More
Uncategorized
0
558

War Room to Fight Cyber Wars, Secure Economy

A comprehensive policy must be put together to ring fence cyber fraudsters, mafia and hackers to insulate Indian financial markets K.A.Badarinath / New Delhi Even as RBI readies its plans to launch digital rupee later this year, government and banking regulator’s big focus will have to be on insulating Indian economy from cyber frauds, graft and securing the country’s financial interests. Enhancing economic security in the cyber world would be pre-requisite to further opening currency space through digital instruments. Given the cynical innovation in cyber-attacks that have been reported globally, scaling up the firewalls is the only option while making it a breeze for consumers to undertake financial transactions. On the top of it, introduction of digital currency would lead to new vulnerabilities vis-à-vis fraudsters and possible instability that security breaches could lead to in the economy. Reports said that at least 900 Indians were scammed of over Rs 1200 crore in an initial public offering of a non-existent crypto currency named ‘ICO’. This is only tip of ice-burg in the world of cybercrimes on economic front. While vetoing the proposal to introduce private crypto currencies, these concerns and impending economic uneasiness were flagged by the country’s central banker and RBI Governor Shakti Kanta Das. Finance Minister Nirmala Sitharaman will do well in rolling out a policy to secure India’s economic and financial interests in the cyber world. Union Budget to be presented on February 1 should kick off such a policy framework. Securing the financial ecosystem is particularly significant as more and more transactions are going online.  As per data released by National Payments Corporation of India (NPCI), in December 2020 alone, over 4.56 billion transactions involving Rs 8.27 trillion (Rs 8.27 lakh crore) have gone online through united payments interface or UPI. Akin to consultations on crypto currencies led by Prime Minister Narendra Modi, multi-stakeholders meeting on securing Indian economy in cyber space should be kicked off immediately. As per Indian Computer Emergency Response Team (CERT-In), cybercrimes are on the rise in India. Till June 2021, cybercrimes in the Indian financial markets were a staggering 6.07 lakh. The year before, about 11.58 lakh cybercrimes were committed while thousands of such instances went unreported. Rise technology related frauds were a fact as such cases more than doubled in two years from 3.94 lakh reported in 2019. In value terms, over $ 300 billion worth transactions marking about 18 per cent of consumption GDP during 2021 has been estimated by Hong Kong based independent capital markets and investments consultancy group, CLSA. As per CLSA projections, online transactions are estimated to touch a whopping $ 900 billion to $ one trillion by 2025-26. This is a huge jump given that online transactions accounted for about $ 61 billion that translate to little over six per cent of consumption GDP in 2015-16. This may include banking, non-banking and all financial markets transactions including equities, commodities, bullion and real estate etc apart from corporate deals. Another set of figures available are available in the 2021 report of PwC India and the Data Security Council of India. As per the report, value of digital payments in India was estimated to grow annually at 20.2 per cent from about US $ 64.8 billion in 2019 to US $ 135.2 billion in 2023. Given the huge stakes, India will have to draw up a comprehensive policy framework against cybercrimes in economic space. To start with, a war room may have to be set up like the Modi government did to deal with intransigent, expansionist and unreasonable neighbours like China and Pakistan. In RockYou 2021 cyber-attack that happened June last year, about 8.4 billion passwords were breached thereby wreaking havoc on the economic structures and consumers globally. In a similar attack, way back in 2009, about 32 million online accounts were compromised. This is not the first time such large scale hacking got unleashed on humanity and had the potential to wreck companies with billions of dollar by hackers and unethical operators. WannaCry Ransomware, one of the biggest attacks in 2017 compromised over 200,000 computers across 150 countries having devastating impact on several industries. It cost the world markets humungous six billion pounds in just a couple of days. Let’s not forget hacking of Yahoo servers that led to compromise of 500 million accounts though no banking information was stolen. But, Adobe cyber-attack in 2013 was different as over 2.9 million credit card users information was stolen, personal data of 38 million users got into wrong hands. Given that every industry, bank and financial markets operate in cyberspace, newer and innovative cybercrimes are bound to put billions of dollars at risk. Covid 19 pandemic in its third and fourth waves during last two years have taken most industry and services operations online thereby exposing themselves to the fraudsters like never before. Similar is the case with governance in states and centre where key issues were discussed in chat rooms or private online conference rooms that face attacks and infiltrated in continuum. Exponential digital growth, rising cyber-attacks, and stringent regulatory mandates have landed Indian economy and financial markets in a piquant situation. (Author is Director & Chief Executive Officer at Centre for Integrated & Holistic Studies. Views expressed are author’s own.)

Read More