Army Information Security: Big Brother is Listening

1423
Army chief General Bipin Rawat addressing a seminar on cyber security in New Delhi/Photo: UNI
Army chief General Bipin Rawat addressing a seminar on cyber security in New Delhi/Photo: UNI

Above: Army chief General Bipin Rawat addressing a seminar on cyber security in New Delhi/Photo: UNI

Many military installations, headquarters of formations and defence facilities are being made “leak-proof” as the army is strictly monitoring and imposing penalties where there are breaches

 

By Maj Gen Ashok Mehta

The Indian military is seized with the need for heightened security awareness, especially information security. Very strict monitoring and severe penalties are to be imposed on breaches in information security related to classified information. The Official Secrets Act, 1923 which was to have been streamlined and made contemporary in the light of existing challenges (and not colonial era threats) has not been brought up to speed. Many military installations, headquarters of formations and defence facilities are being made “leak-proof” with layered checks and cell phones taboo inside sensitive military facilities.

Last month, an army command headquarters held a seminar on a neighbouring country which falls in its operational jurisdiction. The seminar was elaborate even by army standards and restricted to senior officers, colonels and brigadiers upwards. Within hours of the commencement of the seminar, hackers from Pakistan and China—allies higher than mountains and deeper than oceans—were at work from as far away as Belize and Haiti in the Caribbean and South America, to get a peek into the seminar. I learnt from officers tracking the hackers that this was normal practice for our enemies to extract information and sometimes disrupt the networks. This electronic espionage is being done to compensate for barriers imposed on operations of their agents.

In the case of Pakistan, as infiltration across the LoC has become more hazardous, ISI is resorting to finding passage for its agents across the open India-Nepal border where a number of terrorists and intelligence operators have gone through. Soon after Kulbhushan Jadhav was apprehended by ISI in Iran’s Baluchistan, R&AW tried to abduct a retired Pakistani Lt Col who was on the loose in Kathmandu.

Hacking of military facilities is increasing, the latest victim being the accounts department of the Army which is responsible for disbursing pay and pensions of serving and retired personnel. Other departments have also been struck. The IAF and Navy are more successful in countering and minimising losses and damage of data due to enemy hacking operations.

The latest ban order to the army rank and file on use of social media by Army Headquarters (AHQ), New Delhi, came after a series of security breaches perpetrated by cameras in smart phones. It is common these days at think tanks to watch information seekers click their cameras to take pictures of slides of any PowerPoint presentation. Many a time, medium grade but classified information slips through. But when this occurs in operations rooms of active formations, sensitive information inadvertently exchanges hands, which then is liable to misuse. A well-known case is of a brigadier who innocently took photographs of operations maps which had sensitive military deployments marked on them, which he later transmitted to his own brigade headquarters on WhatsApp. The designated staff officer in his headquarters passed on the operational deployments to lower formations, thereby violating the sacrosanct principle of sharing information on need-to-know basis.

Recently, a Delhi think tank which was “looking back into the future – 20 years after Kargil” invited the IAF and army commanders who had fought the Kargil battle to share their experience. Candidly, an IAF commander said that the army withheld information attributing it to lack of trust. This presents the dilemma of rational marking of red lines in information sharing. But the information dissemination process should not lead to quarantining another service from operational information. In the 1965 India-Pakistan war, the air chief said he did not get the information on time.

Following the mishap in the operations room of a formation headquarters by a brigadier-level officer, AHQ issued these instructions: “No Indian army personnel shall be part of any large group(s) on internet-based messen­ger/chat/e­mail services. One to one messaging, however, is permitted in a closed-knit group where members/subscribers are those whose credentials can be ascertained may be allowed.”

In my several conversations with serving army officers recently, I discovered an acute sense of information security consciousness which was absent even a decade ago because of advanced digital technology not being available then. Military officers are loath to share their emails and instead pass on the coordinates of their spouses for security reasons.

It has become extremely difficult to communicate with serving army officers on cell phones as these are jammed in all major headquarters. Landlines are not accessible anymore by outsiders. Service officers wishing to communicate from headquarters outside have to go through the military exchanges. In some army stations/cantonments, telecommunication towers have been rejigged to prevent serving officers from using their cell phones. But maybe I am exaggerating. My own efforts this month in establishing contact with serving officers in a big cantonment have failed. I have to send a text message before the person concerned calls back through the military exchange.

AHQ justified the orders issued by the Military Operations Directorate. It said: “The rampant use of personal IT devices especially smart phones and other messaging services including WhatsApp for exchange of official information was identified as the primary source of pilferage of information.”

The use of WhatsApp to transmit classified information is a breach of operational security. Even if information sent on WhatsApp is encrypted, the cell phone handset is vulnerable to tapping/interception.

The current debate over 5G mobile technology which has the potential to connect India with the fourth industrial revolution has one major snag: India’s over-reliance on foreign players manufacturing telecom equipment as our own Make in India industry has failed to take off. One of the 5G service providers is the Chinese Huawei which will have inevitable security implications—the kind that forced US President Donald Trump to blacklist it. India is going ahead with trials and spectrum auction over the next 100 days. But national security concerns will not be ignored.

A special tri-service agency for internet governance and cyber security is to be set up under the Integrated Defence Staff. Lt Gen Rajesh Pant, a former Signals Corps officer, was appointed National Cyber Security Co-ordinator and is likely to produce India’s cyber security strategy policy next year. The National Cyber Security Coordination Centre will handle cyber security intelligence and mitigate online threats. Cyber security, online and social media will play pivotal roles in future wars even as counter-terrorism and left-wing extremism will be India’s primary internal and external security challenges.

Besides, high-tech, practical problems will continue to worry the army. In January 2003, two Indian soldiers were beheaded by Pakistan’s Border Action Team in Mendhar sector of Rajouri. Even before the Brigade and Divisional Headquarters could verify the details of the incident, one of the surviving members of the patrol took a picture of the brutalised soldier on a cell phone and passed it on to a friend who gave it to a journalist. The incident was on social media in no time even as intermediary headquarters remained in the dark. That is why the digital camera is at times compared to a suicide bomber.

Disabling intercom towers, passing ban orders and enforcing other disruptive measures are unlikely to ensure misuse of information. Only an understanding of the fundamentals of national and military security, including information security, will engender the culture to covet and protect these vitals. Big Brother is not only watching but also listening.

—The writer has fought in all the wars after 1947 and was Commander of the IPKF (South) in Sri Lanka