When Soft Checks Become Harder Option to Implement

To define boundaries of Cyber Domain, Cyber Space can be Intra-space (within boundaries / borders) or Extra-space (beyond the borders of nation state) and Cyber Power can be Soft Power of Hard Power. Soft Power is used for agenda framing, swaying opinions, attraction of public to a country or aversion towards a country (may be one’s own), public diplomacy campaigns and even recruitment of terrorists. Hard Power on the other hand is denial of vital services, insertion of malware with an intent to spy, steal data and destroy digital systems. Cyber Power can thus cause devastation / destruction in equal proportions as armed wars. If culture and character of a nation state is swayed, the effect can be everlasting. Therefore, Cyberspace dominance may be applied either by Soft Power or Hard Power. Internet is the primary cyberspace universe that digital world inhabits. Lawfully, no nation state can impose these cyberspace strategies and policies beyond their borders. Yet there is a race for expansionism and protectionism in Cyberspace with the aim of economic prosperity. In this article Cyber Power being more virtual than physical armed power is being referred to as Soft Power.

Opinion

By Maj Gen Lav Bikram Chand (Retd)

Psychological warfare, perception management and other forms of undeclared hybrid warfare is now the preferred warfare techniques. Under the existing provisions of Article 39 of UN Charter read with article 41 and 42 makes it difficult for a nation state, resorting to soft power to be tabbed as an aggressor. To set the context right, UN charter’s definition of aggression as given in Article 1 of UN resolution 3314 is quoted- “Aggression is the use of armed force by a State against the sovereignty, territorial integrity or political independence of another State, or in any other manner inconsistent with the Charter of the United Nations, as set out in this Definition”. Under these articles any act of aggression, can / will result UN intervention. The cost of aggression is set too high financially/ economically. It is not good statesmanship to wage armed wars. The preparators of aggression through cyber power normally go scot-free. At best a case may be filed in International Court of Justice. As long as definition of aggression, laid down in UN charter, attributes aggression only to use of armed forces, that is hard power, use of cyber power will go unaddressed under articles 41 & 42.

Use of soft power, like cyber-attacks (digital attacks) and psychological operations (Psy Ops) definitively impact the three criterion – sovereignty, territorial integrity and political independence, in equal measures as any physical armed attacks. The only difference being there is no physical evidence of an attack. Very nature of cyber world makes it is difficult to prove soft aggression to the satisfaction of independent international bodies like UNSC. There is always an exit available for the preparators of soft warfare. To further complicate matters, vested geo-political interest and competition / rivalry in post west world invariably lead to a veto by one of the permanent members of UNSC.

Use of Soft Power can disrupt, degrade, manipulate and destroy financial infrastructure, nuclear power infrastructure, medical and personal data and any other critical infrastructure. Over (yet necessary) dependence on ICT infrastructure and digital / cyber space in ongoing IT age makes all digitally advanced countries vulnerable to attacks. The impact can be as devastating as an armed conflict.

A viable solution appears to be to redefine Aggression to include use of cyber power (both hard and soft). But it is easier said than done. Unlike armed force, ambiguities and imponderables in cyber power are too many to identify and to arrive at a definitive and irrefutable definition. USA, UK, Russia, Iran, Israel and North Korea have active cyber capabilities. They are unlikely to agree to put a ban on active hard cyber power. At best, they may agree to regulation of cyber space. Growing National Security compulsions to put cyber space and potential threats under 24×7 surveillance add to the complexities.

Use of soft power, like cyber-attacks (digital attacks) and psychological operations (Psy Ops) definitively impact the three criterion – sovereignty, territorial integrity and political independence, in equal measures as any physical armed attacks

Post 9/11, Foreign Intelligence Surveillance Act 1978 has seen major changes. USA brought into force a more stringent Patriot Act on 25 Oct 2001. It is interesting to note that the bill introduced by US Representative Jim Sensenbrenner on 23rd Oct was passed, the very next day by a huge majority of 357-66. It became an act on 25th Oct when it was passed by Senate with 98-1 votes. The urgency in passing the bill and enacting it is a clear indication of USA’s will to freely carry out surveillance of any foreign national world-over and carry out surveillance of US Citizens in accordance to provisions of FISA and Electronic Communications Privacy Act (ECPA) of 1986, that protects the privacy of US Citizens. It is noteworthy that, both FISA and ECPA acts had to be refined post Patriot Act. “Patriot Act, as the name suggests, played into the sentiments of US citizenry and became a much-misused act by US Federal Government”. Snowden leaks that made him the most wanted man in the world stand testimony to the misuse of legitimised soft power. The international diplomatic fallout of these leaks, wherein even heads of state of allied nations were not spared under FISA, is a story that has been captured in celluloid. To be fair(sic) to the oldest democracy in the world, FISA and ECPA have many safeguards to protect the US Citizens. But they have tremendous subjectivity in protecting privacy of rest of the world. Also, over the past twenty-one years, many refinements have been carried out in these three acts. Like Rome was not built in one day so too, laws governing surveillance and privacy can’t be built in a day. “Western World leader America, as elucidated above will not show any urgency to include soft power in the UN’s definition of aggression. On the other hand, Post West world order is led by China who has a stated national Policy of Technology and Cyber Warfare. Both world orders benefit strategically in keeping Soft-power ambiguous and employing it as an espionage and conversion tool. Rest of the world has no influence in soft power”. Regulation of Soft power, which is a heterogenous mix of complex Cyber space activities, will be difficult at both national and international levels.

The world that became a global, open market has cyber space as its universe and the ICT Infrastructure as the nervous system (cloud, data centres, Business Intelligence, Artificial Intelligence / Machine Learning, Autonomous platforms). Internet of Things (IoT) and 5G will soon dictate the way we live, interact and transact on a daily basis. Management of Cyber Space and its justified regulation is important and urgently required. Domination and close watch of cyber space has gained as much importance, if not more, as domination of geopolitically important land, sea regions and space. Cyber space having no boundaries, no physical mass and above all having a hidden and untraceable tunnel in the form of dark web makes it so much more to manage. The pinnacle of this complexity is – easy refutability by state / non-state actors carrying out attacks in cyber space.

Indian cyber world does not reside in a different planet / world. Cyber-attacks are continuously on-going as you read this. Unlike India, USA and most of the developed countries had taken measured and considered steps to enforced laws protecting privacy and raised judiciary establishments in place before enacting acts like Patriot Act. In India, Right to Privacy is enshrined in Indian constitution. But there is no law protecting these rights. Privacy rights are protected under articles fragmented across various laws like IT Act, Aadhar Act among others. Article 21 of the constitution covers right to privacy. But it is too broad based and subject to interpretation. (Article 21 – Protection of Life and Personal Liberty – No person shall be deprived of his life or personal liberty except according to procedure established by law). In addition, India as many unique issues. There is a guaranteed resistance from the opposition (who so ever it may be) in enacting a sensitive law (classic case of Aadhar act and IT Laws). To legitimise surveillance of cyber space, mobile phones, internet etc. necessary procedures have to be established under the law. 

Fast developing economies like India, have to have a mandatory robust digital infrastructure. The flip side is that, this very cyber space is the primary means of information sharing, financial transactions, e-commerce and growing digital transformation of procedures in all aspects of day-to-day life. Cyber space is an all-important part of daily life and therefore has become the preferred target of adversaries. All critical information infrastructures need to be protected.

In India, implementation of laws/ rules as well as developing/ acquiring tools like PRISM (USA surveillance system), protection against soft-power is like Sword of Damocles over the government in power. It is a sure shot recipe for disaster for the ruling dispensation. This issue can neither be tackled in a hurry nor can it be left unaddressed due to the fast-emerging threat in cyber space. Fast developing economies like India, have to have a mandatory robust digital infrastructure. The flip side is that, this very cyber space is the primary means of information sharing, financial transactions, e-commerce and growing digital transformation of procedures in all aspects of day-to-day life. Cyber space is an all-important part of daily life and therefore has become the preferred target of adversaries. All critical information infrastructures need to be protected. Misuse of cyber space for money laundering to support anti-national / terror activities, psy ops, brain washing of section of population en masse with an aim to weaken a nation’s cultural, social and secular fabric are some of the soft war techniques. These techniques are effective yet lie at the fringes of terror and subversion. Words like Cyber Terrorism are currently academic in nature – good for debates and blogs. Indian government needs to sequentially enact privacy laws followed by stringent procedures for surveillance of cyber space. Creation / raising of structures like National Critical Information Infrastructure Protection Centre (NCIIPC), National Technology Research Organisation (NTRO), National Cyber Security Coordinator under National Security Council Secretariat (NSCS), National Security Committee on Telecommunication (NSCT) alone will not be able to mitigate cyber threats. In the absence of suitable safeguards, these establishment will continue to function cautiously and under the cloud of perpetual mistrust. Ambiguity of right to privacy will be exploited to corner the ruling disposition and there is every likelihood of executives of these establishments being made scapegoats when the pot boils over. The executives in these organisations need to be protected while carrying out their legitimate assigned task.

Absence of Privacy Act, Intelligence and Surveillance procedures established under law (act) will continue to lead to the uproar caused by Pegasus, telecommunication tapping and monitoring of cyber space. In today’s world monitoring of cyber space is as routinely important as a police constable on his beat. There is a need to act fast at national and international front before the soft becomes impossibly hard.

– The author is a retired Indian Army officer from Signals. He has vast experience in design and rollout of ICT Communication Infrastructure both Strategic and Tactical.