1. Taking a byte out of cyber threats

Rather than wait for the ‘Big Bang cyber attack’, nations and institutions ought to be prepared for a rash of cyber strikes

Cyber attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism. The world was possibly made aware of the danger and threat posed by cyber weapons with the advent of the Stuxnet Worm in 2010, which resulted in large-scale damage to Iran’s centrifuge capabilities. Two years later, in 2012, a bank of computers belonging to the Saudi Aramco Oil Company were targeted, reportedly by Iranian operatives, employing malware that wiped out data on 30,000 computers. A few weeks later, Iran was again believed to have been behind a targeted attack on the Qatari natural gas company, RasGas. The string of instances appear to have provoked then United States Defence Secretary, Leon Panetta, to utter the warning that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.

Static response

In the decade that followed, and while preparing for a ‘potential Pearl Harbour’ type of strike, including seeking ways and means to retaliate in the eventuality of such attacks, the West seemed to lose its way on how to deal with the emerging cyber threat. Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response. The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber attacks but no changes in methodology have been seen. In 2021, cyber attacks that attracted the maximum attention were SolarWinds and Colonial Pipeline in the U.S., but these were merely the tip of a much bigger iceberg among the string of attacks that plagued the world. Estimates of the cost to the world in 2021 from cyber attacks are still being computed, but if the cost of cyber crimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion. What is not disputed any longer is that soon, if not already, cyber crime damage costs would become more profitable than the global trade of all major illegal drugs combined.

Sectors that are vulnerable

As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns. Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little publicised fact is that the vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.

According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.

Far more than merely apportioning costs linked to cyber crime is the reality that no organisation can possibly claim to be completely immune from cyber attacks. While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world. Comprehending the consequences of this reality could be devastating.

For instance, despite all talk about managing and protecting data, the reality is that ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets. Statistics in this regard are also telling, viz., that new attacks are taking place every 10 seconds. Apart from loss of data, what is also becoming evident is that ransomware criminals are becoming more sophisticated, and are using ransomware to cripple large enterprises and even governments. Talk of the emergence of ‘Ransomware as a Service’ (RaaS) — a business model for ransomware developers — is no mere idle threat.

The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber attacks. A conservative estimate is that a rash of attacks is almost certain to occur on home computers and networks. Additionally, according to experts, a tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages. Furthermore, even as Identity and Multifactor Authentication (MFA) take centre stage, the gloomy prognostication of experts is that Advanced Persistent Threats (APT) attacks are set to increase, with criminal networks working overtime and the Dark web allowing criminals to access even sensitive corporate networks.

Scant clarity

Unfortunately, and despite the plethora of such evidence, cyber security experts appear to be floundering in finding proper solutions to the ever widening cyber threat. There is a great deal of talk among cyber security experts about emerging cyber security technologies and protocols intended to protect systems, networks and devices, but little clarity whether what is available can ensure protection from all-encompassing cyber attacks. Technology geeks, meanwhile, are having a field day, insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks. Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats. Constant references to the Zero Trust Model and Micro Segmentation as a means to limit cyber attacks, can again be self-limiting. Zero Trust does put the onus on strict identity verification ‘allowing only authorized and authenticated users to access data applications’, but it is not certain how successful this and other applications will prove to be in the face of the current wave of cyber attacks. What is most needed is absent, viz., that cyber security experts should aim at being two steps ahead of cyber criminals. This is not evident as of now.

Unique challenges

Missing from the canvas is that cyber technology presents certain unique challenges which need particularised answers. Instead of attempting to devise standard methodologies, and arrive at certain international norms that govern its use, a decade of misplaced effort by the West in preparing for a ‘potential Pearl Harbour type of strike’ has enabled cyber criminals to gain the upper hand. While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalisations, resulting in a decade of lost opportunity.

This situation needs to be reversed. A detailed study of the series of low- and medium-level proactive cyber attacks that have occurred during the past decade is clearly warranted. It could reinforce the belief that when it comes to deterrence in cyber space, what is required is not a piece of ‘grand strategy’: low and medium tech, low and medium risk targeted operations could be just as effective. A related aspect is to prevent individual companies from attempting their own tradeoffs — between investing in security and maximising short-term profits. What many companies and even others fail to realise is that inadequate corporate protection and defence could have huge external costs for national security, as was evident in the SolarWinds attack.

Defence and backup plans

Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data. The emphasis should be on prioritising the defence of data above everything else. Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.

On the strategic plane, understanding the nature of cyber space is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’. This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.

The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked. Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.

Cyber Security

• Cyber security is concerned with making cyberspace safe from threats
• Cyber is no more limited to security only, it is now linked with socio economics as well, which includes politics, industry, health, education and critical infrastructure.
• This is why cyber security and safety has become an imperative issue.

Growing Importance:

• Cyber security spends in India are rising rapidly because of the massive digitisation movement.
• The ransomware attacks in the past have added to the urgency of these spends.
• Cyber-space remains a key area for innovation.
• Demonetisation and the government’s push for Digital India have pushed demand for cyber security talent.

Need For Cyber security:

• To ensure critical infrastructure system do not collapse under any situation.
• To ensure Business continuity.
• For the success of government initiatives like Digital India, Make in India and Smart Cities.
• To balance Individual’s rights, liberty and privacy.

India’s Vulnerability on cyber space:

• India remains vulnerable to cyber-espionage and cybercrime.
• With the growing adoption of the Internet and smart-phones, India has emerged “as one of the favourite countries among cyber criminals.”
• There is growing threat from online radicalization.
• Lack of coordination among different government agencies.
• Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences.

Steps taken by the Government to spread awareness about cyber crimes:

• Online cybercrime reporting portal has been launched to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material, rape/gang rape imageries or sexually explicit content.
• A scheme for establishment of Indian Cyber Crime Coordination Centre (I4C) has been established to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
• Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
• All organizations providing digital services have been mandated to report cyber security incidents to CERT-In
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
• Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.

Challenges involved in ensuring cyber security:

• New technologies such as artificial intelligence, machine learning also face new challenges for cyber security.
• Internet of things are often not built with security
• New technologies aid hackers too.
• We don’t have a cyber-security mindset. People still don’t understand cyber risks to an organization
• Most of the cyber-attacks are not reported
• Scarcity of cyber security professionals, especially at the leadership level.
• Cyber bullies, extremists and terrorists are creating havoc within the system.
• India is not a signatory to the Budapest convention which is the only multilateral convention on cyber security
• No full time cyber security experts.

2. In a double bind, facing conservatism and politics

The campaign of Indian Muslim women to occupy public spaces and protect democracy is a lonely one

Last week I was chased out of a graveyard in Mumbai. On a visit home, I decided to pray Fathia over my father’s grave. But upon the realisation that there was a ‘woman’ in the graveyard, the imam from the nearby mosque broke into a panic interrupting my prayer and sending me out from the final resting place. The subject of women visiting graveyards is a contentious one in the Sunni practice of Islam. One hadeeth (prophetic narration) indicates that the Prophet forbade women from visiting graves. A second narration holds that the prohibition was recanted and all believers were asked to visit graveyards — to remind themselves of their return to the Divine.

Beyond my own experience, this conflict played out years ago when the Haji Ali dargah in Mumbai banned women from entering the shrine’s inner sanctum. This ban was upturned by the judiciary but remains a bone of contention amongst shrine leadership and management.

More about a discomfort

My contestation here is that this debate has less to do with religious stipulations and far more to do with the deep discomfort that emerges from seeing Muslim women occupying public spaces in India. Unfortunately, most voices that claim to politically or societally represent Muslims in India have been male. Even in the electoral sphere, this remains a historically underrepresented group. Despite making up 6.9% of the Indian population, a 2019 report showed that Muslim women have only a 0.6% representation in the Lok Sabha.

On the matter of Personal Law, after the volatility of the Shah Bano judgment and the passing of the dilutive Muslim Women (Protection of Rights on Divorce) Act, 1986, the country’s Islamic leadership had the opportunity to treat the misuse of legal provisions as an internal matter. The Muslim community has the rare, inbuilt grassroots communication system of Friday prayers and the khutba (sermon) that precedes it. This platform to address, assuage and compel the community remains underutilised. Of course this is not helped by the fact that the majority of mosque doors remain closed to women.

Aiding a narrative

As critic Ziya Us Salam argues, the exclusion of women from spaces of prayer and community is a deep injustice and a consequence of jahiliyat (malicious ignorance). The largest mosques in the nation claim that they have no room to spare for women. In this state the spiritual and social needs of women play second fiddle to masculine comfort. Beyond the woman question, these conditions are damaging to the social fabric of Indian Islam as a whole. The systematic exclusion of women from their rightful seat at the table creates the perfect feeding frenzy towards the narrative that ‘Muslim women need saving’.

This narrative was propagated by the far right, helping curate the image of the barbaric, cruel Muslim man. It also provides legitimacy to the calls for the Uniform Civil Code as an act of rescue. As mediaperson Sonali Verma puts it, the declaration of triple talaq, while posturing as a pro-women move, remains mired in communal politics. The invisibilisation of the Muslim women means that there is an artificial lacuna in which multiple bodies (with multiple motives) claim to speak for them.

As a target

This conundrum is made more complicated when Muslim women do in fact occupy public and political space. With the Citizenship (Amendment) Act protests, and particularly the Shaheen Bagh sit-in, the visual of the veiled Muslim woman stopped being synonymous with passivity. With these protests itself there was a recognition of the double bind of Muslim women. The lack of kagazat (documentation) has disproportionate impacts over gender lines, and the calls for aazadi (freedom) are multifold. The visual metaphor of visible Muslim women protesting in the name of the Constitution and democratic principles subverts many mainstream imaginations.

The consequence of this has been brutal. Protesters at the sit-in were termed bikau (for sale) and described in humiliating terms. From potent invisibilisation and portrayals as objects needing rescue, the Right has turned to a hypersexualisation of Muslim women. Online campaigns have seen videos and songs encouraging the abuse of and violence against Muslim women. Prominent figures are often faced with barrages of abuse and hate messaging. This took a particularly crude turn with Sulli Deals (in 2021) and its successor, Bulli Bai (in 2022) where images of influential Muslim women were ‘auctioned’ online.

Affecting a right

Most recently, we can see this through the Karnataka hijab row, where young Muslim girls have not been allowed to access their campus when veiling. A segment has argued that this is to prevent ‘regressive/religious practices’ from seeping into secular spaces. The conflation of regression with Islamic practices aside, this is a direct violation of the girls’ fundamental right to education. Barring Muslim women from secular spaces unless they literally strip off markers of their faith and identity is vitriolic. It serves no purpose but to propagate a malicious narrative that on the one hand pretends to save Muslim women and on the other denies them the tools to craft their own narrative.

In this way the internal fear that the occupation of Muslim women occupying public spaces leading to shame has become a self-fulfilling prophecy. They are left outside the insular, safety net of the community and in turn face vilification by the growing Right. The lack of a middle path here means that Muslim women are forced to occupy spaces on two ends of the spectrum — one that requires a compromise of political agency and the second that requires accepting an exclusion from one’s own community.

This sorry state of affairs bodes poorly for Indian democracy and its political axis as a whole. In a country with as many intersecting identities as ours, no issues or circumstances exist in silos. To be included is an obligation erga omnes (an obligation to all), and damage to it is erosive to a secular democracy. A non-representative leadership is a breeding ground for polarisation, spillovers of which affect us beyond gendered and religious lines.

My submission here remains pained yet hopeful; the campaign of Muslim women to occupy public spaces and protect democracy is a lonely one. However, in the current political climate, it remains necessary to fight this fight — and protect an equal, democratic India.

Constitution about wearing hijab in India

The constitution provides everyone with the power to practice and propagate ones religion. As long as it does not interfere, or degrade other persons religion, everyone is at absolute freedom. The freedom to practice one’s religion is a fundamental right granted by India’s constitution, with certain limitations. It is pertinent to mention here that the right to wear hijab is one of the many protections granted by the constitution and the Indian judiciary.

Article 25(1) of the Constitution says that there is a “Freedom of conscience and the right to freely profess, practise, and propagate religion.” But like any other fundamental right, this also is not fixed.  It can be regulated on basis of other fundamental rights granted by the Constitution. 

Over the years, the Supreme Court has ruled that the Constitution will exclusively protect “essential religious practises.”  Before granting any protections courts will evaluate whether a practise is vital or integral for religion, after studying religious texts and consulting the experts and religious heads. Courts will also consider the reasonableness of the restrictive measure in question while determining the legitimacy of any restriction put on basic rights under the provision of Article 14 (right to equality).

Even in 2016, when All India Institutes of Medical Sciences (AIIMS) forbade hijab-wearing aspirants from appearing in the entrance exam, the Kerala High Court ruled that students might take the exam while wearing the hijab because it was an essential practise of the aspirants’ religious faith.

As long as people are happy and willing to practice the hijab nothing can stop people from practising it, as that would go against the constitution itself.

Provisions Related to Right to Religion

Article 25: Freedom of conscience and free profession, practice and propagation of religion

Article 26: Freedom to manage religious affairs

Article 27: Freedom as to payment of taxes for the promotion of any particular religion

Article 28: Freedom as to attendance at religious instruction or religious worship in certain educational institutions

What is hijab?

Hijab is a kind of headscarf worn by Muslim women as a mark of faith and respect to their religion. It covers most of the hair, the neck and the upper chest area by falling below the level of the shoulders. It might also be long enough to cover down the elbows and drape over the upper back. Hijab is worn by Muslim women as a sign of dedication to their faith.

It is not just a piece of clothing but a sign of modesty as well. It is the most important and respected aspect among Muslim women. Hijab is an essential component like many other practises of Islam. Hijab is one of the identifications of Muslims and that is empowering.

Hijab has been a burning topic of debate for a very long time. In other countries as well, the wearing of a hijab in public has also sparked debate. France in particular, due to rigorous secularism that seeks to exclude religion from public life. It outlawed significant religious symbols in schools, including the hijab, in 2004. In other countries like Belgium and Egypt wearing hijab and Niqab was also banned.

 

209 million muslims

Islam is India’s second-largest religion, with over 209 million adherents in 2021, accounting for 14.6 per cent of the country’s overall population.  India now has over 10% of the world’s Muslim population with a good proportion of women as well. Hijab is an essential part of the faith of Muslim women.

Many Muslim women believe that despite Muslims forming a majority in population in India yet conveniently for over a decade hijab has been misappropriated as something degrading and regressive. They are of the belief that banning hijab or prohibiting women from wearing it can affect their freedom. It also has a direct impact on the mental health of these women.

They can also be deprived of their fundamental rights like education like in the case of Karnataka, where the girls were deprived of education for almost a month. While the constitution and judiciary are of the belief that there should not be any curbs on religious practices, such incidents violate the constitution. As correctly summed up in this statement by some Muslim women, “Owning our identity should not be an issue for anyone. If the constitution empowers us nothing should take that away from us.”

3. Will continue to support India’s rise and regional leadership: U.S.

Collective action key to Washington’s new Indo-Pacific strategy

The Biden administration announced its long-awaited Indo-Pacific strategy on Friday. The document focuses on building collective capacity to deal with challenges in the region — China’s assertiveness, the pandemic and climate change, among others.

The policies set out in the document have continuity with previous administrations’ strategies. These include a focus on challenges from China, advancing the U.S. relationship, a major defence partnership with India and supporting its role as a net security provider in the region. There is an emphasis on working with other countries not just from the region, but also from beyond.

Speaking to reporters on Friday a senior administration official, who did not want to be named, said that India’s role in the Quad was an important element of the U.S.-India relationship, and a means to “speak frankly about issues in the region,” and to deliver together on public goods. The Quad is rolling out a plan to deliver over a billion COVID-19 vaccines to the region by the end of this year.

Responding to a question regarding India’s enthusiasm for greater alignment with the U.S., the official said China’s action along the Line of Actual Control (i.e., its border conflict with India) has had a “galvanizing impact” on India.

The strategy document says the U.S. will “continue to support India’s rise and regional leadership,” working with India bilaterally and through groups on a range of issues. It refers to India as a “like-minded partner” and “driving force” in the Quad.

The overall increasing focus of the U.S. on the region is due to its increasing challenges, especially from China, according to the strategy document.

“The PRC’s coercion and aggression spans the globe, but it is most acute in the Indo-Pacific. From the economic coercion of Australia to the conflict along the Line of Actual Control with India to the growing pressure on Taiwan and bullying of neighbours in the East and South China Seas, our allies and partners in the region bear much of the cost of the PRC’s harmful behaviour,” it says. “We recognise the limitations in our ability to change China, and therefore, seek to shape the strategic environment around China…,” said the senior administration official who briefed reporters.

More broadly, the U.S. will seek an Indo-Pacific that is free and open, connected, prosperous, secure and resilient. On the “free” aspect — one of the strategic actions outlined is investing in civil society, a free press and democratic institutions.

On the topic of “connections” within and beyond the region, the U.S. says it will work “in flexible groupings” to tackle major issues, “particularly through the Quad.” It will also deepen its (five) regional treaty alliances and work with groups such as ASEAN, the European Union (EU) and NATO.

To advance its prosperity goal for the region, the U.S.’s strategy includes seeking higher labour and environmental standards, helping to establish secure supply chains and investing in clean energy.