1. Disinformation is a cyber security threat.
Society needs to be protected from infodemics, to prevent the possibility of a breakdown, interruptions and violence.
GS-3: Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security;
- Disinformation is an attack and compromise of our cognitive being. Nation-state actors, ideological believers, violent extremists, and economically motivated enterprises manipulate the information ecosystem to create social discord, increase polarisation, and in some cases, influence the outcome of an election.
- The strategies, tactics and actions between cybersecurity and disinformation attacks. Cyberattacks are aimed at computer infrastructure while disinformation exploits our inherent cognitive biases and logical fallacies.
- Cybersecurity attacks are executed using malware, viruses, trojans, botnets, and social engineering. Disinformation attacks use manipulated, miscontextualised, misappropriated information, deep fakes, and cheap fakes. Nefarious actors use both attacks in concert to create more havoc.
What is Cyber security?
- Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies
- Cyber security can be described as the collective methods, technologies, and processes to help protect the confidentiality, integrity, and availability of computer systems, networks and data, against cyber-attacks or unauthorized access.
- Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted.
The Cognitive hacking:
- Cognitive hacking is a cyberattack that seeks to manipulate the perception of people by exploiting their psychological vulnerabilities. The purpose of the attack is changes in behavior, usually resulting from exposure to misinformation.
- As such, cognitive hacking is a form of social engineering although it may target a broad audience rather than specific individuals.
- Cognitive hacking is a threat from disinformation and computational propaganda. This attack exploits psychological vulnerabilities, perpetuates biases, and eventually compromises logical and critical thinking, giving rise to cognitive dissonance.
- A cognitive hacking attack attempts to change the target audience’s thoughts and actions, galvanise societies and disrupt harmony using disinformation. It exploits cognitive biases and shapes people by perpetuating their prejudices.
- The goal is to manipulate the way people perceive reality. The storming of the U.S. Capitol by right-wing groups on January 6, 2021, is a prime example of the effects of cognitive hacking.
The implications of cognitive hacking:
- The most common tool used in a cognitive hack is weaponized information, messages or content that is designed to affect the user’s perceptions and beliefs in a way that will harm a target.
- The active “attack” is carried out by the people affected by those messages. For example, disinformation about a political candidate might go viral and convince large numbers of people to vote for someone else.
- The implications of cognitive hacking are more devastating than cyberattacks on critical infrastructure. The damage wrought by disinformation is challenging to repair.
- Revolutions throughout history have used cognitive hacking techniques to a significant effect to overthrow governments and change society. It is a key tactic to achieve major goals with limited means.
- Distributed Denial-of-Service (DDoS) is a well-coordinated cybersecurity attack achieved by flooding IT networks with superfluous requests to connect and overload the system to prevent legitimate requests being fulfilled.
- The well-coordinated disinformation campaign fills broadcast and social channels with so much false information and noise, thus taking out the system’s oxygen and drowning the truth.
- Fake news may seem new, but the platform used is the only new thing about it. Propaganda has been around for centuries, and the internet is only the latest means of communication to be abused to spread lies and misinformation.
The disinformation campaign:
- The advertisement-centric business modes and attention economy incentivise malicious actors to run a sophisticated disinformation campaign and fill the information channels with noise to drown the truth with unprecedented speed and scale.
- Disinformation is used for social engineering threats on a mass scale. Like phishing attacks, to compromise IT systems for data extraction, disinformation campaigns play on emotions, giving cybercriminals another feasible method for scams.
- The specific tools for each campaign are not particularly different—bought followers/fans, likes, reposts, comments, videos. Some campaigns may find it worthwhile to buy “high quality” versions of these products, which are theoretically harder to detect by the social media networks
A report disinformation on Cyber security:
- A report released by Neustar International Security Council (NISC) found 48% of cybersecurity professionals regard disinformation as threats, and of the remainder, 49% say that threat is very significant; 91% of the cybersecurity professionals surveyed called for stricter measures on the Internet.
- An additional 35% said that dealing with these threats will be a focus area for them in the next six months, while 13% would consider taking action if misinformation and fake domains continue to be an issue.
- To combat the threat, 91% of cybersecurity professionals called for stricter measures to be implemented on the internet if the issues are not resolved.
The Deep fakes disinformation on Cyber security:
- Deep fakes add a whole new level of danger to disinformation campaigns. A few quality and highly targeted disinformation campaigns using deepfakes could widen the divides between peoples in democracies even more and cause unimaginable levels of chaos, with increased levels of violence, damage to property and lives.
- Deepfakes refer to manipulated videos, or other digital representations produced by sophisticated artificial intelligence, that yield fabricated images and sounds that appear to be real.
- In which a person in an existing image or video is replaced with someone else’s likeness. Deepfakes have garnered widespread attention for their uses in celebrity pornographic videos, fake news, hoaxes, and financial fraud.
Lessons from cybersecurity:
- Cybersecurity experts have successfully understood and managed the threats posed by viruses, malware, and hackers. IT and Internet systems builders did not think of security till the first set of malicious actors began exploiting security vulnerabilities.
- The industry learned quickly and invested profoundly in security best practices, making cybersecurity a first design principle.
- The industry developed rigorous security frameworks, guidelines, standards, and best practices such as defense-in-depth, threat modelling, secure development lifecycle, and red-team-blue-team (self-attack to find vulnerabilities to fix them) to build cybersecurity resilience.
- ISACs (Information sharing and analysis centers) and global knowledge base of security bugs, vulnerabilities, threats, adversarial tactics, and techniques are published to improve the security posture of IT systems.
- World can learn from decades of experience in the cybersecurity domain to defend, protect and respond, and find effective and practical solutions to counter and intervene in computational propaganda and infodemics.
- The industry can develop disinformation defence systems by studying strategy and tactics to understand the identities of malicious actors, their activities, and behaviours from the cybersecurity domain to mitigate disinformation threats. By treating disinformation as a cybersecurity threat we can find effective countermeasures to cognitive hacking.
- Defense-in-depth is an information assurance strategy that provides multiple, redundant defensive measures if a security control fails. For example, security firewalls are the first line of defense to fend off threats from external systems.
- The Antivirus systems defend against attacks that got through the firewalls. Regular patching helps eliminate any vulnerability from the systems. Smart identity protections and education are essential so that users do not fall victim to social engineering attempts.
How to response and defense-in-depth strategy for disinformation:
- The defense-in-depth model identifies disinformation actors and removes them. Authenticity and provenance solutions can intervene before disinformation gets posted.
- If the disinformation still gets by, detection solutions using humans and artificial intelligence, internal and external fact-checking can label or remove the content.
- The response to disinformation is in silos of each platform with little or no coordination. There is no consistent taxonomy, definitions, policy, norms, and response for disinformation campaigns and actors.
- This inconsistency enables perpetrators to push the boundaries and move around on platforms to achieve their nefarious goals.
- A mechanism like ISACs to share the identity, content, context, actions, and behaviours of actors and disinformation across platforms is needed. Information sharing will help disinformation countermeasures to scale better and respond quickly.
Government response against cyber security threat:
- The provisions for cybersecurity have been incorporated into rules framed under the Information Technology Act 2000. 69A of IT Act authorizes the government to block any content from being accessed by the public on various grounds.
- IT Act 2000 makes social networking sites in India are liable for various acts or omissions that are punishable under the laws of India. Section 79 of the IT Act requires an Intermediary to observe certain guidelines in order to avail of exemption from liability.
- The National Cyber Security Policy 2013 (NCSP) is a policy framework by Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and private infrastructure from cyberattacks,
- And safeguard “information, such as personal information (of web users), financial and banking information and sovereign data”.
- CERT- In is the nodal agency which monitors the cyber threats in the country. The post of National Cyber Security Coordinator has also been created in the Prime Minister’s Office (PMO).
Education is key:
- A critical component of cybersecurity is education. Technology industry, civil society and the government should coordinate to make users aware of cyber threat vectors such as phishing, viruses, and malware.
- The industry with public-private partnerships must also invest in media literacy efforts to reach out to discerning public. Intervention with media education can make a big difference in understanding context, motivations, and challenging disinformation to reduce damage.
- The freedom of speech and the freedom of expression are protected rights in most democracies. Balancing the rights of speech with the dangers of disinformation is a challenge for policymakers and regulators.
- There are laws and regulations for cybersecurity criminals. More than 1,000 entities have signed the Paris Call for Trust and Security in Cyberspace, for stability and security in the information space.
- The 52 countries and international bodies have signed the Christchurch Call to Action to eliminate terrorist and violent extremist content online.
The Indian cyber security market:
- The Indian cybersecurity market is poised to experience significant growth across various segments, including cybersecurity services, organization capabilities, startups, jobs and salaries.
- The digital economy contributes approximately 15% to India’s GDP and it is expected to grow to 20% by 2024.and eCommerce as an industry is expected to grow to $25 Billion by 2024.
- India’s digital requirements have expanded the data infrastructure to cover more than 120 recognized data centers and cloud networks which Indian & MNC enterprises and Central & State Governments leverage and access to store data of not just citizens, but also global and domestic transactions
- Digital payments in India are growing at 13% CAGR, while the mobile wallets domain will soon experience growth of 50% CAGR.
- The Indian cybersecurity industry is valued at $6.7 Bn. As mentioned above, this covers the revenues from all cybersecurity operations originating from India.
- The disinformation infodemic requires a concerted and coordinated effort by governments, businesses, non-governmental organisations, and other entities to create standards and implement defences.
- Taking advantage of the frameworks, norms, and tactics that we have already created for cyber security is the optimum way to meet this threat. And there are close to 96000 cyber security personnel working across enterprises in India.
- Government must protect our society against these threats or face the real possibility of societal breakdown, business interruption, and violence in the streets.
2. Taking the long view with China
Both Asian giants can share prosperity and be independent of each other and of the West.
GS-2: International relations: India and its neighborhood- relations.
- In January, External Affairs Minister said that while both India and China remained committed to a multipolar world, they should recognise that a “multipolar Asia” was one of its essential constituents.
- India to becoming the third largest economy in the world, India needs to have a clear-eyed world view and strategy as it makes hard choices. It needs to reject the developing country regional mindset that has hobbled national aims and foreign policy.
Review of the Ministry of Defence:
- The Review pertinently refers to the “sanctity of our claims in Eastern Ladakh” instead of the term “border” used since 1954, opening space for a settlement.
- India is now confidently moving out of the predicament that Jawaharlal Nehru placed us in Kashmir, fully integrating it into the Indian Union and consolidating our claim line.
- India have a “special and privileged strategic partnership” with Russia, which provides more than three-quarter of India’s military equipment,
- The “comprehensive global strategic partnership” with the U.S. despite the United States Strategic Framework for the Indo-Pacific, 2018, wishing that India sees the U.S. as its preferred partner on security issues.
- India’s relationship with the U.S.-led Quadrilateral Security Dialogue (Quad), where the others are military allies, has rightly been cautious, as U.S. President Joe Biden sees China as a ‘strategic competitor’ rather than a ‘strategic rival’. Realism dictates that India does not need to compromise on its strategic autonomy.
- The foreign policy challenge for India is really two sides of the China conundrum: defining engagement with its neighbour which is consolidating an expanding Belt and Road Initiative (BRI) while remaining involved with the strategic, security and technological concerns of the U.S. located across the vast Pacific Ocean.
- The U.S. ‘Annual Report to Congress: Military and Security Developments involving the People’s Republic of China’ cautions that U.S. aircraft carriers, symbols of the country’s military hegemony, may not enjoy unquestioned dominance for much longer.
- Former President Barack Obama’s military pivot to Asia failed to overawe China in the South China Sea and the costs of former President Donald Trump’s trade tariffs were borne by American consumers and companies.
- There is the real possibility of the Chinese renminbi becoming a global reserve currency or e-yuan becoming the digital payments currency.
- The China is the world’s largest trading economy. It could soon become the world’s largest economy the Fortune Global 500 list of the world’s largest companies by revenue for the first time contains more companies based in China, including Hong Kong, than in the U.S.
- The BRI countries are using the renminbi in financial transactions with China, and can be expected to use it in transactions with each other.
- The European Union, smarting under Mr. Trump’s sanctions, created its own cross-border clearing mechanism for trade.
- The China has stitched together an investment agreement with the EU and with most of Asia. Relative attractiveness will determine when the dollar goes the way of the sterling and the guilder.
- China, facing technological sanctions from the U.S., may well put in the hard work to make this happen soon.
- The EU’s China policy of seeing the emerging superpower as a partner, competitor, and economic rival depending on the policy area in question is going to be the global norm.
- The EU’s reaching out to China despite misgivings of the U.S. means the West has given up on containing the rise of China.
- The broad perspective is also reflected in India’s participation in both the Shanghai Cooperation Organization, led by Beijing and Moscow and designed to resist the spread of Western interests, and in the U.S.-led Quad, with its anti-China stance.
- The United Nations, India’s interests have greater congruence with China’s interests rather than the U.S.’s and the EU’s; sharing the COVID-19 vaccine with other countries distinguishes India, and China, from the rest.
India-USA counters measure Challenges:
- The congruence between India and the U.S. lies in the U.S.’s declared strategic objective of promoting an integrated economic development model in the Indo-Pacific as a credible alternative to the BRI,
- But China opening new opportunities for countries in the Eurasian landmass means that ASEAN will not easily move out of the BRI infrastructure, digital, finance and trade linkages; Sri Lanka is a recent example.
- The China-led Asian Infrastructure Investment Bank has increased its membership to 100 countries.
- China is now the second-biggest financial contributor to the UN and has published more high-impact research papers than the U.S. did in 23 out of 30 “hot” research fields and enhancing its ‘soft power’ nearly to levels achieved by the U.S. earlier.
- India should move the Quad towards supplementing the infrastructure push of the BRI in line with other strategic concerns in the region.
- For example, developing their scientific, technological capacity and digital economy, based on India’s digital stack and financial resources of other Quad members, will resonate with Asia and Africa.
The area’s where India can gain opportunity:
- The area where India can play a ‘bridging role’ is global governance whose principles, institutions and structures now have to accommodate other views for issue-based understandings.
- China “community with shared future for mankind”, and India “climate justice” and asking how long India will be excluded from the UN Security Council, challenge the frame of the liberal order without providing specific alternatives.
- With respect to digital data, the defining issue of the 21st century, India has recently expressed that there must be reciprocity in data sharing, and this is the kind of ‘big idea’ for sharing prosperity that will gain traction with other countries.
- India’s recent policies are gaining influence at the expense of China and the West, and both know this trend will accelerate.
- The steps to a $5 trillion economy shift to indigenous capital military equipment, and a new Science, Technology and Innovation Policy underline impact, capacity and interests.
- The ASEAN remains keen India re-joins its trade pact to balance China. It is being recognized that India’s software development prowess could shape a sustainable post-industrial state different to the U.S. and China model.
Conclusion of The Hindu Editorial Analysis Today:
- Bilateral trade between China and India touched US$89.6 billion in 2017–18, with the trade deficit widening to US$62.9 billion in China’s favors but change in FDI policy, tax duty, tariff buffeted India.
- The insufficient implementation of anti-dumping laws, reliance on Chinese raw materials in sectors such as pharmaceuticals, reliance on Chinese imports in India’s National Solar Mission,
- Also Goods and Services Tax on certain products resulting in increased imports from China, and Indian smart city administrations preferring Chinese bicycles over Indian ones, but now it’s changing because of policy change.
- The good relation with China, which has been blocking India’s efforts to become a permanent member of the UN Security Council, May reiterated its stand on India bid, and called for evolving a “package solution” that is acceptable to all to reform the top organ of the global body.