As the world has largely shifted from mechanised warfare to hybrid warfare, the choice of mass disruptions via cyberattacks remains the predominant tool, closely followed by the malicious use of AI, in which social media is a highly preferred choice to disorient the valuable human resource of a country. The results are apparent—enduring conflicts instead of a ‘final victory’. The lines of distinction between governmental and industrial secrets have been blurred, and political propaganda to influence the domestic population has been rising. The warfare thus continuously evolves, thereby posing a challenge to the security agencies. The cyber domain remains the most critical field, exposed to multiple threats such as espionage, hacking and even ransomware.

China being a source of most of the cyberattacks in the world isn’t a secret. Beijing’s intent in using technology as a tool against its opponents dates back to 1975 when Ye Jianying, one of the founders of the People’s Liberation Army (PLA), presented its report titled Strengthening Electronic Countermeasure Work to the Communist Party. Later, as the technological advancements in China began to surface, so did its motivations to conduct espionage via the internet for intellectual property theft.

PLA has regularly conducted surveys and competitions since 2003 to identify talent concerning cyberattacks. The Microsoft 2022 Digital Defense Report has stated that China is “likely using cyberespionage as a component of its global economic and military influence” via its “state-affiliated threat groups”.The larger aim is to “steal critical data and information”. The number of attacks from China has increased manifold since 2021. The report directly linked the geopolitical scenario in the Indo-Pacific with China’s aggressiveness and assessed: “China will continue to utilise cyber collection as a tool to help advance its strategic political, military, and economic goals due to observed cyber operations and the breadth of entities targeted.”

India, too, has not been spared. A section of the media reported in 2019 that the case of ‘Robinhood Ransomware’ that hit the electricity departments of Telangana and Andhra Pradesh demanded ₹20 lakh (or six bitcoins) to restore the power supply. Approximately 3.5 lakh consumers were affected. Other examples include ‘WannaCry’ affecting banking facilities in Tamil Nadu and Gujarat (2017), the BSNL malware attacks (2017) and Uttar Haryana Bijli Vitran Nigam (UHBVN) ransomware (2018).

American cybersecurity firm Palo Alto Networks, in its 2022 report, noted that malware and ransomware attacks on Indian interests, such as firms and government establishments, saw a 218% increase in 2021. Nevertheless, if such big companies have faced ransomware, the condition of small and medium enterprises, with an employee count of 200–500 people, having low levels of cyber hygiene, are more prone to ransomware. In such cases, cyber insurance should be popularised at least to ensure some backup against financial losses.

The world is getting extremely cautious about cyber threats from various sources, particularly China. In 2021, a training programme was developed by the United Nations Office on Drugs and Crime (UNODC) that focused on strengthening the abilities of the member countries to effectively investigate and prosecute ransomware and other financially motivated cybercrimes, including cryptocurrency-enabled crime. Interestingly, the most crucial part of the UNODC training programme was that the Japanese government funded the training. In that light, Indo-Japanese cyber cooperation holds tremendous importance. The fourth Indo-Japan bilateral cyber dialogue was held a few months back and stressed on the rapidly changing landscape of cyberattacks and the new frontiers, such as 5G, which must be protected.

Most recently, cryptocurrencies have emerged as the most advanced technique of terror financing and mediums of payments for illegal drugs purchase and small arms supplies. According to a US-based research report published by RAND Corporation (2019), the new cryptocurrencies such as Omni Layer, BlackCoin, Monero, Hawk and Zcash have enhanced measures to increase the non-traceability and thus can be widely preferred by terror groups. Therefore, they pose a severe threat to internal security.

In such a transforming scenario, the objective of India’s bilateral and multilateral cyber-technical cooperation should be to adopt a two-pronged approach consisting of defensive as well as offensive methodologies to counter the threat. Deterring ransomware attacks, apart from sharing software programs with partner countries, merely constitutes a defensive action. The larger objective should be to instil fear in the adversary’s mind so that cyberattacks are indeed deterred. From a cyber-tactical perspective, joint offensive cooperation between Quad and AUKUS countries should be able to target the source by successfully disrupting the ransomware business model and punishing it in an unforeseen manner. Thus, a fine line of distinction between defensive and offensive, apart from a two-way approach, would be better suited for India.

The Quad’s Foreign Ministers Meeting in September this year, apart from focusing on its core objective of the independence of the Indo-Pacific, also emphasised on its mission to implement the UN Framework for responsible State behaviour in cyberspace. In particular, it focused on the transnational threats of ransomware that could potentially disrupt the services of national security, finance, critical national infrastructure and private enterprises. Recently, the Counter Ransomware Initiative (CRI), a grouping of 36 countries, including India, decided to enhance its institutional collaboration to enhance “collective resilience” against ransomware while simultaneously pursuing actions against those guilty.

In the meeting, India announced its counter ransomware platform, ‘Malwarekosh’, with a stated objective “to support, analyse, share and collaborate on counter ransomware activities”. Thus, the country is moving in the right direction concerning developing counter-offensive technologies. Further, the government should build on the concept of India’s digital sovereignty. Additionally, security agencies need to train counter-offensive cyber experts to penetrate the cryptocurrency platforms to stop all illegal activities. Finally, a comprehensive approach towards cybersecurity needs to be adopted to ensure protection.

Thus, the country is moving in the right direction concerning developing counter-offensive technologies. Further, the government should build on the concept of India's digital sovereignty. Additionally, security agencies need to train counter-offensive cyber experts to penetrate the cryptocurrency platforms to stop all illegal activities. Finally, a comprehensive approach towards cybersecurity needs to be adopted to ensure protection.