By Maj Gen P K Mallick, VSM (Retd)
A podcast on social media about a MoU with a popular cab-hailing service has created a lot of controversy regarding cyber security. This was followed up by another X, formerly Twitter, posted by one of the panellists claiming that he had forwarded his concerns with some photographs to the Prime Minister and Raksha Mantri, and he claims that they had taken immediate action.
Leaving aside some of the cuss words and disrespect to armed forces by panellists who are no cyber security experts, the issue needs to be critically examined.
Armed forces officers and personnel are provided with government transport when they proceed on temporary duty, official engagements, or leave. Only the families would benefit from this MoU by ensuring various facilities like protection from surge rentals, discounts, accountability, honouring time-specific commitment, retrieving valuables inadvertently left behind in Cabs, security, etc.
Even if the MoU is not there, for example, in the Army, people will still use these cab-hailing apps. What is the difference? Knowing the address of military personnel in a well-protected Cantt/Military station is not a big deal. Even if you do not have an MoU, the app can still find the details if they wish by using simple data analytics.
There is no 100 per cent cyber security. We have to use risk management analysis. Google knows everything. Every month, google sends me a summary of where I have gone and where I shopped or ate. By the same logic, we should ban Google. Can we do that?
Similarly, in our internet network and edge routers, it is Cisco or Reddit, which are all U.S. companies. U.S. companies provide cyber security mechanisms in CERT-In’s Security Operation Center (SOC).
This is not only in India. It is across the world.
We cannot compare ourselves with China. China is an autocratic country. Chinese citizens cannot access social media, search engines, or operating systems except through Chinese-made software. Is there any other country which does this? Can we do this in our country?
Taking measures like banning Uber or Amazon would only send armed forces families to the Stone Age.
Data security is a legitimate concern. We all want our data to reside within the country and not be accessed from outside. But this is not a zero-sum game. In a similar vein, if the U.S. says that they will not allow data from the U.S. or EU to come to India, our 150 billion dollar BPO industry will die and millions of IT workers will become jobless. Governance is not easy. The government has to balance finance, strategy, security, internal perception, and interest in domestic industry. We are not in the EU. The type of data security laws they can implement, we cannot do that.
In today’s world, we are transparent. You cannot hide much from satellite imagery and synthetic aperture radars. Forget about state-owned satellites; private companies like Maxar provide imagery that, in earlier days, would be seen as highly classified.
A Newsweek report published on November 06, 2024 shows New Activity at China’s Underground Submarine Base by showing this image of water spray directed toward a possible Type 093A nuclear-powered attack submarine at Longpo Naval Base tunnel entrance in China.
CNN published a satellite image from Maxar showing the Zhou class submarine sitting at the pier on March 10, 2024
Source: https://edition.cnn.com/2024/09/26/politics/chinese-nuclear-powered-submarine-sank/index.html
The same type of images will also be available for Indian military installations. It is not a big deal.
The Armed Forces have stringent standard operating procedures (SOP), well-rehearsed tactics, techniques, and procedures for cybersecurity. Armed Forces personnel are not allowed to use FaceBook, etc. Mobile phones are not permitted during conflict scenarios. During peacetime, these restrictions are not implemented. Stopping using smartphones or watches is not the solution.
The cyber security of the armed forces is looked after by very competent people. The same people in the apex body of national cyber security make and implement policies. For example, the present National Cyber Security Coordinator and his predecessor are from the armed forces. The apex body responsible for the cyber security of the nation’s critical infrastructure, National Critical Information Infrastructure Protection Centre (NCIIPC), was headed by a service officer for the last five years. A large number of officers and personnel are working at different levels in NTRO.
Through a systematic campaign, an impression is created that the armed forces have no clue about cybersecurity. Statements like the average Indian public understand more about cyber security than the armed forces are deplorable. This is an organised effort to denigrate the Indian Armed Forces. If the person in question has so much bandwidth to approach PM and RM and get an immediate reply, what was the requirement to publish in X. The concerned authorities would have taken note and taken appropriate action if necessary.
If the armed forces annule the MoU, based on the commotion created in social media, it would be a retrograde step. The decision to sign the MoU was made by a well-considered process that considered all aspects, including cybersecurity. It is the nature of the beast, social media, to create chaos. That should not unnecessarily bother the armed forces to reverse their decisions.
No system is perfect. There is always scope for improvement. Armed forces take regular measures to educate their personnel. However, much more is required to be done to sensitise the families. This is an ongoing process.
Before further damage is done to the image of the armed forces, the CDS or the Chiefs of the services must give statements to clarify the issue. The National Cyber Security Coordinator from The National Security Council Secretariat (NSCS) should do the same.
The author is an Indian Army Veteran
Disclaimer: Views expressed are personal and do not reflect the official position or policy of FinancialExpress.com Reproducing this content without permission is prohibited.