The English-language version of Chinese military’s mouthpiece reported on October 15, 2015 that a cyber (Internet-based) exercise codenamed “Xiamen-2015” was held in the city of the same name in Fujian province.
The decision to hold this exercise was undertaken on April 10, 2015 during the SCO RATS Council’s 26th regular meeting in the Uzbek capital Tashkent. It was jointly organized by member states of the Shanghai Cooperation Organization (SCO) of which Russia is currently the head. The exercises simulated a fictional scenario in which an international terrorist organization encouraged supporters and followers to execute terrorist, separatist and violent extremist activities across SCO member states. To counter this threat, SCO states coordinate and collaborate in tandem to combine cyber intelligence gathering skills, location-tracking and on-ground strike operations to nab the miscreants.
Cyber operations exercises are not new but what makes this particular drill unique is the initiative by SCO states to enhance confidence-building measures and consider threats to each other’s cyberspace as their own. The exercise was setup and supervised by SCO’s Regional Anti-Terrorism Structure (RATS). Mr Zhang Xinfeng, Director of the SCO RATS Council, was Chief Commander of the exercise.
Cyberspace is assuming greater significance in national security establishments around the world. Military strategists refer to “cyber” as the fifth domain of war-fighting like Land, Sea, Air and Space. Cyberspace assumes even more significance after several states were found involved in widespread cyber espionage, cyber intelligence gathering and cyber warfare on their adversaries. Stuxnet, largely believed to be jointly-developed by Israel and the US, was used to infect industrial control systems in Iranian nuclear facilities and retard the uranium enrichment process. Similarly, a vast network of critical infrastructure information in Saudi ARAMCO computer systems was stolen and destroyed because of the Shamoon virus.
Current trends project Daesh (ISIS/ISIL/IS) possessing sophisticated cyber activists, even more better trained than their rivals in Al Qaeda. Cyber warfare is a very advanced level of irregular warfare in which identification of an adversary becomes next to impossible. Information Warfare (IW) is another subject of debate. Terrorism can conducted in cyberspace through the use of cyber fires damaging critical infrastructure. Separatism and extremism, on the other hand, require continuous broadcast and distribution of propaganda. IW is the integrated employment of multi-source utilities to unleash a barrage of disinformation and propaganda on an adversary while ensuring that own systems are protected from the same.
What Should Pakistan Do?
Pakistan’s full membership of the SCO (like India’s) was approved in July 2015 following Prime Minister Nawaz Sharif’s visit to Ufa, Russia. SCO’s stated charter passed in 2009 declares in Article 3 that, “development and implementation of measures aimed at jointly counteracting terrorism, separatism and extremism” is among the areas of focused cooperation between member states. Presently Russia and China are facing severe propaganda from Western and Indian fora, respectively. Russia’s alleged destabilization operations in Ukraine and China’s alleged cyber espionage, alleged human rights abuses in Tibet and Xinjiang are some of the crucial points of reference its opponents use when highlighting their global role. SCO members have legitimate concerns; Asia is a melting pot of some of the most vicious terrorist organizations around.
Pakistan can benefit from its permanent membership of SCO and become a member of the RATS Council. The idea is to exchange information and best practices with the two regional giants Russia and China, including other member states. Pakistan is itself the biggest victim of regional and global terrorism. We have terrorist organizations (TTP, Jundullah, Al Qaeda, Lashkar-e-Jhangvi, Sipah-e-Sahaba, Sipah-e-Muhammad etc), separatists (Baloch Liberation Army, Baloch Liberation Front, Jeay Sindh Mutahhida Mahaz, Balawaristan National Front, etc) and extremist groups (Jamaat-ud-Daawah, Ahle Sunnat Wal Jamaat, Sunni Tehrik, Jafria Tehrik, etc) of all kind. We also have an assortment of left-wing extremist organizations inclined toward Communism and Extremist Secularism. They largely depend on cyberspace for propagation of their radical ideologies which pose grave national security threats.
One of the most notable features of exercise Xiamen-2015 is that participating countries reacted to threats on their cyberspace according to their respective laws. Pakistan as yet does not have a national cyber security or cyber defence policy. The Prevention of Electronic Crimes Act 2015 which still awaits final approval from the National Assembly contains a critical Section 10 which covers ‘Cyber Terrorism’ as a national security threat. It is thus incumbent on Pakistani parliamentarians to prevent any further delays so that a resourceful seat in the SCO RATS Council is secured.
Will Pakistan sit passively as always and wait for India to take the initiative here too? As compared to Pakistan, the Government of India already has a punishment for Cyber Terrorism. The Information Technology (IT) Act of 2000 (amended in 2008) details offences under the purview of Cyber Terrorism in Section 66F. From a strictly legal perspective, we are in an extremely vulnerable position in cyberspace.
As threats keep evolving, so do the concepts of national security. Like the rest of the world, Pakistan is progressing toward an increasingly digitized future. Paper records are being digitized, e-services are being provided, the phenomenon of online banking is on the rise, private/public/corporate/industrial clients use the Internet for internal communication and information hosting. What law do we have to deal against cyber terrorists? Do we have adequate cyber defence skills to protect our infrastructure from massive wipeout, as it happened in Estonia?
The future begins today. If Pakistan’s national leadership continues remaining intentionally oblivious, we will have none but ourselves to blame.