These Four Events Signalled That India’s Disregard For Cyber Security Cannot Continue Into 2020

There were four significant events in computing recently. The first was the remarkable result announced by Google about a landmark in quantum computing.

The second was a report that the control systems of the nuclear power plant in Koodankulam, Tamil Nadu, had been penetrated by hackers.

The third was a report that, while the Chandrayaan-2 flight was in progress, ISRO officials were alerted about a hack into its systems.

The fourth was a report that an Israeli program, Pegasus, had been used to snoop on WhatsApp users, breaching their end-to-end encryption.

There is a common thread: Cyber Security. And India's cavalier disregard for it, which will come back and haunt us in future.

Quantum computing is, per se, not about security, but peripherally, it so happens that a quantum computer with many qubits can do prime number factoring of large numbers.

Most current cryptography is based on the difficulty of doing just that. Thus, when quantum computing matures, we need newer, quantum proof encryption methods.

We are a few years away from that. Today's result is only a proof of concept.

Let us note in passing, that India has invested almost nothing in the technology, whereas arch foe China is a leader.

The second and third issues are more urgent, and pose an immediate danger. Experts have long warned that India has no policies or procedures for dealing with this threat.

As the country undergoes digital transformation, more or less haphazardly, we are creating massive problems. A good analogy is Bangalore’s growth: no rules, no oversight. Result: traffic gridlocks, lakes filled with toxic foam, general misery, with, yes, growth.

This won’t do in cyberspace, because the result can be a foe turning off our electric grid or banking system or air traffic control.

The fourth is not quite India’s problem because at least 1,200 people worldwide have been spied on. India’s leftists jumped to the conclusion that the government was behind it, but looking at the alleged victims - small fry - that is hard to believe.

But it is yet another example of how we have no idea what goes on the bowels of #BigTech (WhatsApp is owned by Facebook) while we blithely rely on them for everything.

Quantum computing is only in its infancy. It heralds a new kind of computing for specialised applications, including deep science such as simulating chemical reactions from first principles. But this will take time, as the computing, at very low temperatures, is fiddly and unstable.

The cyberattacks on two of India’s crown jewels, the national-security-sensitive ISRO and DAE, are more unsettling. The attack on ISRO, which apparently was reported as the Chandrayaan-2 was en route to the moon, raises an intriguing possibility.

Did the hackers gain operational control and sabotage the Vikram lander? Everything was going picture-perfect in this prestigious project until the 11th hour when, in official-speak, “the connection with the lander was lost”.

I remember how distraught ISRO officials were at the time. Was it just an accident, or did they realise that somebody had hacked the control software to ruin Vikram’s landing and turn triumph into tragedy?

Who could that somebody be? Any of India’s competitors in space, such as the US, Russia, the EU, and especially China. Given an entire arm of the Chinese Army is dedicated to hacking, as reported by the US, and China’s aim to ‘contain’ India, they are the likely suspect. We have to security-harden our spacecraft.

There is also concern about the attack on Koodankulam. This reactor has been the target of a lot of people, for instance the church, which has used bogus crypto-scientific arguments to try and shut it down, possibly because of two reasons: the reactors are Russian, not Western European; and there is thorium fast-breeder technology there.

India still has (after a lot of coastal sands in Kerala and Tamil Nadu were spirited away by kindly Europeans and Americans) a good bit of thorium, and that technology is valuable. The control software has to be made hack-proof. Stuxnet is waiting.

But these are band-aids. A comprehensive, forward looking cyber security policy is long overdue.