Chinese threat to cybersecurity: Why India needs a comprehensive & concrete action plan for national security and economic health

India’s first priority must be to promote domestic companies and this must be internalised by every government department and official. The national interest and the future of a billion-plus Indians cannot be sacrificed to petty departmental considerations.

India was in good company—bans/restrictions on Chinese telecom equipment procurement, due to deep disquiet over cyber-espionage and cyberattacks originating from China, were imposed by the US, Australia and South Korea.

Smita Purushottam

The Good

There was good news for domestic telecom manufacturers, following recent duty hikes on telecom equipment and the revival of the preferential market access policy. These were directed at alleviating the current account deficit (CAD) and providing space to domestic manufacturers. They would now get a fighting chance in their own country, which is otherwise heavily biased towards imports. Indian telecom companies’ success in Bangladeshi, Malaysian, Moroccan, Algerian and Mexican telecom tenders against stiff Chinese competition is probably news to Indian officialdom and public alike.

So, a report that the Department of Telecommunications (DoT) had excluded Huawei from 5G trials in India seemed consistent with these policies. DoT, Indian security agencies and other organisations had underlined the threat posed by Chinese telecom equipment in sensitive national networks, with 35% of cyberattacks on Indian sites traced to China, the rest being from other countries. An IDSA (Institute for Defence Studies and Analyses) report on cybersecurity had warned of systems failures across India due to cyberattacks against critical infrastructure.

India was in good company—bans/restrictions on Chinese telecom equipment procurement, due to deep disquiet over cyber-espionage and cyberattacks originating from China, were imposed by the US, Australia and South Korea. Misgivings over Chinese telecom firms’ ties with the PLA, security issues, IPR theft, and anticompetitive behaviour had also been expressed in Israel, the UK and Germany. Faced with increasing threats to national security, the US had disallowed Chinese technology acquisitions in telecom and recently created the unified Cyber Command.

The Bad

Alas, hopes that a coherent national security strategy was being implemented were short-lived. The Trojans were not to be found only in hardware and software. The Global Times snickered that local telecom operators would “ask the Indian government to let (Chinese companies) in.” It seems they knew the Indian ecosystem better than we did. DoT had earlier sent its officers to China for training on 5G. Despite the explosive Bloomberg story about compromised motherboards with “Trojan” chips embedded by Chinese subcontractors and supplied to Apple (Apple cut ties with the supplier, adding further credibility to the report), DoT reportedly invited Huawei to participate in 5G trials, going against all domestic and international security warnings.

Various assurances were offered by DoT, its subordinate entities and service providers, labouring perhaps under the delusion that cybersecurity threats dwell exclusively in abstract cyberspaces/software. But hardware can also be seriously compromised. How will our authorities even be able to detect any at-source design tweaks and alterations to Chinese telecom hardware, when even the top-secret US investigation into the Super Micro motherboard hacking has taken years?

Reasons not to deploy Chinese 5G equipment: We already have Chinese telecom equipment in India. But inducting 5G technology is fraught with grave security consequences, as 5G greatly enables AI, which China is reportedly using to stifle dissent, particularly in Xinjiang. Interos, tasked to analyse ICT supply chain vulnerabilities for the US-China Economic and Security Review Commission, concluded: “Cyberattacks on supply chains will become easier … as 5G mobile network technology and the IoT exponentially increase avenues for attack” (all emphases added).

Moreover, while China’s Informatized Warfare strategy is well-known, its recent metamorphosis into “Intelligentized Warfare” is not. Elsa Kania’s Battlefield Singularity details (i) China’s aim to become the world’s premier Artificial Intelligence (AI) Innovation Hub by 2030, and (ii) the multiple domains where China is pursuing battlefield deployment of lethal autonomous AI systems. She states that the PLA believes that ‘AI will fundamentally change the character of warfare, resulting in a transformation from today’s “informatized” warfare to future “intelligentized” warfare,’ which the PLA is aiming at winning. A RAND study adds that China is preparing for “systems destruction warfare,” in which wars will be won “by the belligerent that can disrupt, paralyse, or destroy the operational capability of the enemy’s operational system,” which includes sabotaging a country’s cybersecurity infrastructure.

Chinese companies are under the CCP’s control and Huawei always had close PLA links. “Intelligentized Warfare” by a totalitarian State enabled by Chinese 5G networks is the stuff of nightmares, but it could soon become reality. Opening India’s ICT networks to Chinese 5G penetration would expose India to terminal security hazards.

Decoupling: Despite finding that around “51% of shipments to 7 leading federal ICT providers originate in China,” Interos still recommended a National Supply Chain Risk Management (SCRM) Strategy, even as the US rolled back Chinese acquisitions of high-tech US companies. It is hard not to see these measures as part of a serious “decoupling” effort to unravel and restructure high-tech supply chains cutting across hostile national borders.
…and the Ugly

Interested lobbies that benefit from subsidised Chinese imports and foreign OEMs exert enormous influence within our system. The PMA is occasionally tampered with at their behest. We hear reports that dues of hundreds of crores owed to domestic telecom companies, which are investing in R&D and upgrading the national ecosystem, are held up by the relevant authorities even as Huawei gets invited to 5G trials.
The COAI representative on the CII Task Force on Cybersecurity told me “So What?” when I raised national security considerations in installing Chinese equipment, and COAI should be asked to clarify whether this is its public stance?

The Department of Industrial Policy and Promotion (DIPP) has passed an order that enables the Indian government to ban any company from a country which bars our companies to bid for tenders, and it is being implemented by DIPP and the ministry of power. Then why isn’t DoT banning Huawei, when Indian companies would not be allowed anywhere near Chinese networks?

Priorities in bilateral/FTA/WTO negotiations have always been to protect the software industry while sacrificing manufacturing. Report after report, committee after committee on cybersecurity prioritise software threats and trivialise hardware security. Indians are seduced by the software industry’s glamour, while ignoring the equally laudable achievements of domestic telecom manufacturers. As they ignore that services, with 55% of our GDP, contributes less in exports than the manufacturing sector, with only a 16% share of GDP.

The failure to build an advanced manufacturing ecosystem has cost us dearly. Manufacturing generates higher-paid jobs, multipliers and exports, and is the basis of the German and Swiss economies’ resilience. Even China progressed based on manufacturing. At the very least, the government should give it equal treatment.

With the US-China trade clash, an era of “decoupling” is at hand and the Chinese telecom sector is under immense pressure. It is incongruous that at a juncture when we can promote Indian companies and national wealth creation, we are throwing the perpetrators of Doklam a lifeline.
The talk of national security rings slightly comical, even hollow, given the realities described above.

The Beautiful

A recent Cybertech CENJOWS seminar concluded that India had an extremely vulnerable cyber-environment and a fragmented approach to the problem. It agreed that security could only be guaranteed through indigenous hardware and software. The proposed Defence Cyber Agency should also support an indigenous push, as no one can understand external threats better.

Fortunately, top of the line Indian companies with 5G and other advanced telecom technologies exist. Unfortunately, they are unable to scale up because of vested interests against domestic manufacturing. India needs a holistic, whole of government/armed forces/industry approach to tackle these lobbies and take concrete action to promote national security and the country’s economic health. It should:

*Proclaim a “Buy India Act” along the lines of the Buy America Act;

* Implement existing policies;

*Institutionalise GoI procurement of advanced technology products from domestic companies to protect honest bureaucrats upholding the national interest when promoting indigenous capabilities;

* Install indigenous networking devices (all 5G gear, interconnection exchanges—Nixi, routers, switches, operating systems, optical equipment, wireless base stations, and network monitoring and cybersecurity systems, etc) in all networks;

*Fund R&D by SMEs along the US SBIR program, instead of allotting all funds to academic institutes, or at least make mandatory partnerships with startups a condition for obtaining funds;

*Build IPRs; Create and promote Indian standards internationally;

*Set a target for gaining 25-50% of global market share for Indian products;

* Strictly enforce anti-dumping duties on Chinese vendors importing SDH and PTN equipment: they continue to import a lot of equipment without paying ADD by exploiting minor loopholes;

* Increase import duty for non-ITA 1 products from 10% to 20%, bringing newer technologies and products under this ambit.

This will secure the national interest in multiple dimensions—the CAD, security and jobs. The defence electronics market is expected to reach $72 billion by 2029 (of the $300 billion by 2020 for all electronics products). If we continue the way we are, high-tech manufacturing ecosystems will flourish in China and other countries, not in India, and this will help them widen the gap with Indian manufacturers, who are not even paid their dues. India will remain a “Khareedna” Republic, not a “Banana” (make) Republic.

India’s first priority must be to promote domestic companies and this must be internalised by every government department and official. The national interest and the future of a billion-plus Indians cannot be sacrificed to petty departmental considerations.

The author is Former Ambassador to Switzerland and Founder of SITARA (Science, Indigenous Technology & Advanced Research Accelerator)

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.

Most Read In Opinion