Security Implications For A Wired India: Challenges Ahead

Lt. Commander Prashant Bakshi, Research Fellow

Abstract

India has earned a significant place in the global Information Technology (IT) industry and aspires to be an IT superpower in the future. With an expanding IT infrastructure, the nation is getting 'wired' to the 'global village' at a rapid pace. Ironically, the technology that empowers us also exposes us to new threats. These threats do not recognise borders and impinge on nearly every cross-section of our society. The article covers the security implications for a 'Wired India' under the military, political, economic and social dimensions. While information security as a concept is gaining ground, a more holistic and integrated approach is imperative for bridging the gaps and warding off the threats successfully.

On June 7, 1998, in the aftermath of Operation Shakti, an anti-nuclear activist group "Milworm" hacked into the Bhaba Atomic Research Centre (BARC) network to protest against India's nuclear tests. While no classified information was compromised, the incident attracted worldwide media attention and more importantly, marked a major security breach in Indian cyberspace. Thereafter, during Kargil, the army's website "armyinkashmir.org" was temporarily disrupted by suspected Pakistani intelligence operators. The website was installed in August 1998 to cover events in Kashmir and counter the Pakistani misinformation campaign. Despite the war at Kargil coming to an end, Pakistani hackers continued to target Indian websites and by August 2000, the toll of Indian defaced websites was approximately 52 which included some top government sites.1

Developing countries like India are getting rapidly wired up to reap the maximum benefits of the Information Technology (IT) revolution. With organisations getting increasingly networked and connected to the paradox called the Internet, the threat to information security is escalating sharply. The threat is not only to the government or the military, but also to the private industry and the entire society at large. In a joint survey done by Price Waterhouse Coopers (PWC) along with Confederation of Indian Industries (CII), 60 per cent of the companies in India from a sample of 72 were reported to have witnessed a security breach in their IT infrastructure. In such a scenario, it becomes imperative to work out strategies to maximise the opportunities provided by connectivity while minimising the associated risks. This article highlights the achievements and immense potential of the Indian IT industry to shape India's future as a prominent, global IT player. With a brief mention of some vital infrastructure developments, the article deliberates on the emerging security implications for a 'Wired India', more so while the networking of the country is in its nascent stage.

India: A Global IT Player

The turn of the century witnessed Western nations seeking Indian software professionals to solve their respective Y2K problems, and as a result, the Indian software industry earned approximately US $ 2.5 billion from Y2K solutions (from 1996 to 1999). With Y2K as the turning point, the Indian software industry has been growing from strength to strength. The phenomenal growth of the Indian IT industry can be gauged by some of the key indicators:2

l The Indian IT industry earned revenues to the tune of US $8.6 billion in the year 2000, registering a momentous growth of 40.9 per cent compared to a revenue of $6.1 billion in the previous year. For the last five years, the Indian IT industry is averaging a CAGR (Compounded Annual Growth Rate) of more than 40.5 per cent which is almost double the growth rate of the IT industry in many developing countries.

l Software exports in 1999-2000 touched US $4 billion, accounting for 10.5 per cent of India's total exports while in 1994-95, these accounted for only 2.5 per cent of the total exports.

l The number of desktop PC units crossed the one million barrier in 1999-2000 and the domestic hardware segment grew by 58 per cent.

l Of the 500 Fortune companies, 185 outsourced their software requirements to India in 1999-2000.

l Of the 23 software companies in the world with SEI-CMM 5 certification, 16 are Indian.3

l Commendable performance of Indian software companies listed at NASDAQ and the New York Stock Exchange, especially Infosys, Wipro and Satyam Computers. (Both Infosys and Satyam have registered growth rates exceeding 100 per cent in their latest quarterly results of 2001)

The Indian government recognises the potential of IT as a vehicle for progress and for leveraging India to an IT superpower status.4 Accordingly, the National Task Force for Information Technology and Software Development has charted a roadmap for the Indian IT industry.5 Future projections for the IT industry are as shown in Table. 1:

Table 1

As on March 31 As on March 31 Target for

1999 2000 2008

Software industry in India $3.9 billion $5.7 billion $87 billion

Software exports $2.7 billion $4.0 billion $50 billion

IT industry in India $6.1 billion $8.6 billion $140 billion

Source: NASSCOM

It is further anticipated that the IT enabled services market (viz. call centres, medical transcription, data digitisation, web content development and animation, etc.) is poised to grow from the present US $10 billion to US $200 billion worldwide. The NASSCOM - McKinsey report on India had estimated that by 2008 more than one million additional jobs could be created, generating additional revenue of US $17 billion. India definitely has an edge in this area due to a large pool of English speaking IT manpower. Despite these positive indicators, India can ill afford to celebrate the accolades of its IT industry. There are several obstacles to cross that include an ever widening digital divide, limited bandwidth and an abysmally low PC-penetration and telephone-density. Nonetheless, the government and the private industry seem determined to overcome these barriers, as has been brought out in the subsequent section.

Wiring India

The Indian dilemma can be best explained by the opinion expressed by N. Vittal and S. Mahalingam in their book, Information Technology: India's Tomorrow:6

India is an odd country, in the sense that all the three waves of Alvin Toffler simultaneously exist here. Here, the bullock cart invented 2000 years ago, co-exists with the latest automobiles.

The authors are of the view that the key to bring all Indians in the same timeframe-psychologically, culturally and intellectually-lies in communications. And the conceptualisation of the National Information Infrastructure (NII) is a step in that direction. The NII 2000 Action Plan includes setting up of a national high-speed network backbone along with expansion of the Internet, increase in PC penetration and localisation of Indian languages.

The NTP (National Telecom Policy) 1999, the corporatisation of DTS (Department of Telecom Services) into BSNL (Bharat Sanchar Nigam Limited), and the recent IT Act 2000 are some of the noteworthy initiatives taken by the government to promote information technology and telecommunications in the entire country. The 'cyber-dhabas' (public information centres) project and installation of information kiosks would further aid in proliferation of the Internet revolution to the rural areas.

The increasing traffic and convergence of technologies on the Internet dictate higher bandwidth and upgradation of the telecom infrastructure in the country. Currently, 390 Mbps of international bandwidth and 34 Mbps of domestic bandwidth are available, against a demand for 5 Gbps and 2 Gbps, respectively.7 The bandwidth requirement for the Internet is further estimated to reach 4,000 Mbps by end 2001 itself, and 15,000 Mbps by 2008. The government and industry seem to have finally taken the scarce bandwidth crisis on a war footing and embarked on an ambitious infrastructure expansion project over land, sea, and air. The government's decision to allow private companies to lay underwater cables for the Internet and to permit Internet Service Provider (ISPs) to set up international gateways and hire bandwidth on foreign satellites has been met with much enthusiasm. The international bandwidth problem in India will undergo a sea change with at least three sub-marine cables being laid by Bharti Televentures, Dishnet DSL and Teleglobe.8

Spearheading the industry's efforts in terrestrial infrastructure, the Reliance group is in the process of laying optical fibre cable in 16 states, spanning a total length of 60,000 km linking 115 cities.9 The BSNL has awarded IP (Infrastructure Provider) licences to 14 companies recently, which enables them to provide optical fibre cables, ROW (right of way) towers and infrastructure for end-to-end connectivity all over the country. This includes public sector companies with ROW for their existing infrastructure. While Railways leads, with its clear and uninterrupted ROW over a 62,800 route-km, PGCIL (Power Grid Corporation of India Ltd) has a sturdy transmission infrastructure of a 40,000 circuit-km, IOC (India Oil Corporation) has a 5,000-km pipeline network and GAIL (Gas Authority of India Ltd) plans setting up a broadband network over its existing ROW spread over 9,500 km.

VSAT (Very Small Aperture Terminal) network in India was established in the mid-1980s for linking district HQ and state capitals with New Delhi using NICNET. It was only in 1995 that VSAT networks were opened to private agencies. The successful launch of Insat - 3B and government's permission for use of C and ku bands from foreign satellites has further spurred the growth of VSAT in the country. In the last five years, VSAT industry has grown from 1,000 in 1994 to 12,617 in 1999-2000.10 During 1999-2000 alone, 4,127 VSATs were installed, an increase of 48.6 per cent over 1998-99. The high growth of VSAT industry can be attributed to the large networks set up by the government departments including Reserve Bank of India (RBI), National Stock Exchange (NSE), Bombay Stock Exchange (BSE) and various other public sector corporations.

Vulnerabilities

It is not difficult to anticipate our accelerating transition to a knowledge-based society in the light of the leapfrogging strides in infrastructure development and networking.11 In the future, the rising dependence on IT would only render us more vulnerable to the very same technologies. The growing dependence is quite discernible by the burgeoning Internet user-base, and increased networking activity in the form of Local Area Network (LANs), Intranets and Extranets.

As predicted by Goldman Sachs, India would be one of the top five Internet user bases by the year 2003 with an estimated count of 70 million online users12 (see Fig. 2)

There has been a 100 per cent growth in the number of Internet subscribers from 0.52 million to 1.4 million, the number of Indian websites have grown from 10,000 to 80,000-a growth of almost 8 times-and private ISPs have multiplied six times from 15 to 90, all in a span of one year.

Table 3

1999 2000 Growth

Websites 10,000 80,000 8 times

Internet Subscribers .52 Mn 1.1 Mn + 100%

No of ISPs 15 90 6 times

Some critical networks, especially within the government and defence are briefly mentioned below to illustrate the growth of networking in the country's critical sectors.

Railways. Indian Railways, one of the busiest in the world, transports more than 11 million passengers daily. Country Wide Network for Computerised Enhanced Reservation and Ticketing (CONCERT) is one of the largest software projects to be implemented in India. The Railways has recently introduced online passenger reservation information services through its website.13

NICNET. The government has designated the nation-wide computer communication network NICNET set up by the National Informatics Centre (NIC) as the government network. The satellite based VSAT network links about 540 district administrations, 25 state secretaries and 7 Union Territory (UT) administrations. The NICNET links spread to the Ladakh region and the Andaman, Lakshwadeep and Minicoy islands.14

Military. The army has a fully automated communication network for its field forces-Army Radio Engineering Network (AREN) and Army Static Switch Communication Network (ASCON) for rearward connectivity from field forces.15 To serve its C4I2 functions, an Army Strategic Information System (ASTROIDS) has been envisaged for exchange of operational information between Army HQ, Command HQ and core HQ. The air force has a dedicated communication network for its air defence-Air Defence Ground Environment System (ADGES) complete with radar and communication links for providing surveillance to various air defence elements. For its logistic operations there is an Integrated Material Management On-Line system (IMMOL). The navy is setting up its Navy Enterprise Wide Network (NEWN), which would connect all its ships and shore establishments. The Integrated Logistic Management System (ILMS) and Ship-Based Logistic Management System (SLMS) cater to the navy's inventory control and logistic management.

ERNET. The Education and Research Network (ERNET) has been providing network services to Indian academia and research community since 1990. Connecting more than 750 organisations, it brings together a large cross section of universities, academic institutions, Research and Development (R&D) laboratories, non-governmental organisations (NGOs) and more than 80,000 users.16

National Stock Exchange (NSE). The NSE boasts of not only the first private VSAT network, but also the largest Wide Area Network (WAN) in the country. One of the few interactive VSAT based stock exchanges in the world to provide online trading of stocks, it is expected to grow to over 3,100 VSATs covering 425 cities.17

Threat Perception

Information Warfare (IW) is the warfare of the 21st century wherein disruption of an enemy's vital information infrastructure would prove more disastrous than the destruction of a vital asset. Disruption in the services of the NSE network or taking India's case, jeopardising the communication infrastructure of the Software Technology Parks of India (STPI) engaged in software and IT exports, would have serious national financial implications. And going by some reports, these are certainly not exaggerated threats. In China, the People's Liberation Army (PLA) recently conducted a network simulation exercise, where PLA soldiers simulated cyber-attacks on the telecommunications, power, finance and media sectors of Taiwan, India and South Korea.18 In fact, the Chinese IW centre established in 1996 lays down offensive computer attacks on enemy critical systems as its primary mission. The Chinese IW doctrine includes economic and industrial espionage, and the 'doctoring' of chips and software that can plant viruses or 'trap-doors' in enemy information systems.19 This is most worrisome: given the thriving piracy in Indian markets, low priced software CDs from Chinese markets sell like hot cakes. On the western front, Pakistani hacker groups like 'Death to India', 'Kill India', 'Dr Nuker' and 'G Force Pakistan' have been consistently targetting Indian websites. A number of anti-India websites have also surfaced displaying anti-India propaganda and instructions for hacking into Indian websites.20

Notwithstanding the Chinese and Pakistani designs on IW, the threat from terrorists or non-state actors is a cause of greater worry. Cyber-terrorism (convergence of cyberspace and terrorism) offers ideal opportunities for terrorists to carry out remote attacks-safely, anonymously, and without the use of explosives. Terrorist propaganda through Internet websites (for e.g. websites of terrorist organisations like the Hezbollah and Liberation Tigers of Tamil Eelam (LTTE) can be accessed at www.hizbollah.org, www.eelam.com) and increasing use of satellite-phones, electronic-mail and instant messaging for communications have added to the woes of the intelligence agencies worldwide. In the recent terrorist strike at Red Fort by the Lashkar-e-Taiba group, the militants were found to have used a cyber café in North Delhi as a communication link for the operation.21

So, how real is the threat? The USA is perhaps the most technologically advanced country in the world, albeit the most vulnerable to the extent that it often envisages a 'digital Pearl Harbour' scenario for itself. Perceiving the threat as unrealistic would be a terrible mistake on our part, and in fact we must draw lessons from the US example.

Security Implications

Information security (Infosec) is a complex issue as different sectors view security differently. One way would be to look at it from the military, political, economic and social dimensions:

Military Dimension. The crux of IW lies in denial or destruction of the enemy's information systems while protecting and exploiting one's own information resources. As information becomes a strategic resource, engineering a network of C4I2 capability, which is secure and survivable against cyber attacks takes maximum precedence. Mission-critical systems, for instance, India's nuclear command and control system, as and when developed, would obviate the most secure communication architecture for its operation.22 The armed forces will also be called upon to protect critical networks from adversary nations or cyber-terrorists.

However, cyber-war would be mostly fought in conjunction with conventional warfare. This was demonstrated in Kosovo and more recently in the Arab-Israeli clashes when both sides indulged in extensive hacking, attempting to disrupt critical networks and communications.23 With the concept of WMD2 (weapons of mass destruction and disruption) gaining ground, the possibility of our adversaries employing directed-energy (DEW), radio frequency (HERF-high energy radio frequency) and electromagnetic pulse (EMP) weapons also poses a serious threat to our information and communications infrastructure.24

The Internet has revolutionised intelligence and espionage. Safeguarding vital defence information becomes one of the toughest challenges in a networked scenario. This aspect is best exhibited by the Cox Report, which highlights the Chinese exploits of stealing classified US nuclear secrets from the US Energy Department computers.25

Political Dimension. This involves non-disruptive means of attacks on information networks. Website hacking for purposes of activism (as in the case of the BARC hacking) is also termed 'hacktivism', These are mostly nuisance attacks and rarely offer any strategic value, except good media publicity. The Internet with its global reach, and economical publication facilities provides an ideal tool for protest and activism.

The information revolution is nurturing network forms of organisations, whereby small, isolated groups can link up and coordinate joint actions. The term 'net war' has been coined to describe a mode of conflict which occurs at a societal level with protagonists using network forms of organisation and related doctrines, strategies and technologies.26 These protagonists are likely to consist of dispersed small groups who communicate, coordinate and conduct their campaigns in a networked manner, without a precise central command for e.g. transnational terrorist groups, black market proliferators of weapons of mass destruction (WMD), drug syndicates and intellectual property pirates. The most quoted case of net-war is the Zapatista "social net war" of Mexico during 1994, where activists 'swarmed'-electronically and physically-from various parts of the world into Mexico.27

The government and law enforcement agencies (with their typical hierarchical structures) are at a tremendous disadvantage when pitted against such networked groups. Another challenge facing the Indian government, which has announced 2001 as the year of e-governance would be to safeguard against misinformation campaigns and media-manipulation.

Economic Dimension. The concept of security on the Internet actually emerged when the infamous "Morris Worm" crashed computers worldwide in 1988. More recently, the "Love-Bug" virus wreaked havoc on e-mail systems around the world and afflicted damages to the tune of nearly $15 billion.28 Increasing reliance on the Internet to support mission critical business processes has resulted in higher risks of losing connectivity. Even a momentary failure of the gateway or a break in Internet access can interrupt high-value transactions, resulting in lost revenues, dissatisfied customers and reduced productivity. Apart from the financial losses, security breaches like virus attacks diminish public confidence in e-commerce and e-business. Credit card fraud, for example is a frequent occurrence that has greatly deterred people from using credit cards online. As per estimates by NASSCOM, the projected growth of e-business in India is to the tune of $1.5 billion by 2004 and $10 billion by 2008. However, most of these e-businesses (especially in the B2C segment) have not got underway except for online banking and stock trading, and only a safe and secure environment would see these ventures obtaining critical mass in the future.

The Microsoft hacking incident where hackers broke into the MSN server and possibly compromised 'source codes' of a future application highlight the risks corporations face in a networked environment.29 As the MSN hacking case brought out, companies are at risk not only from corporate espionage, but also from their own disgruntled employees who might divulge authentication passwords to hackers and compromise Infosec.

The International Narcotics Control Strategy Report 1999 released by the US Department of State calls attention to the rise of money-laundering through emerging cyber-payment technologies such as digital cash, smart cards and Internet banking.30 Money laundering, apart from having devastating social consequences, also poses a threat to national security as it promotes the cause of drug-dealers, arms smugglers and terrorists. In the Indian context the "Hawala Triangle" comprising Pakistan, India and Dubai is responsible for significant money laundering activities that go far beyond South Asia. The 1993 serial bomb blasts that shook Mumbai were apparently financed through hawala transfers. The use of the Internet as a medium for soliciting financial backing by non-state actors is only likely to grow in the future.

Social Dimension. The Internet and associated technologies (e.g. Cookies) are making it possible for vendors to obtain certain information, e-mail addresses, for instance, and browsing habits about customers, which they cannot currently obtain through conventional commerce. At present, there is little restriction on what the vendor does with this information. But as the Internet gets steadily ingrained into our daily lives, this database will become increasingly important in the next few years and privacy will become a vital issue

The protection of Intellectual Property Rights (IPR) of organisations and individuals in the Internet era is also a matter of growing concern. Among IPR issues, cyber-squatting or the dispute over domain name registrations has been most prominent, yet issues like software and multimedia copyright protection, patent laws for software and the rampant software piracy in the country also call for due attention.

Society is further subjected to perpetrators of crime on the Internet that include online pornography, cyber-harassment, identity-theft and cyber-stalking. As far as cyber-crime is concerned, what we are witnessing today is just the tip of the iceberg, as enunciated by Central Bureau of Investigation (CBI) Director Raghavan: "Cyber-crime is the crime of the future, and a decline in conventional crime can be expected in the future."31

Information Security: A Few Initiatives

In the wake of increasing security breaches, a growing awareness of Infosec is beginning to set in. India became only the 12th country in the world to enact the cyber-laws and pass the IT Act 2000, which besides granting legal sanctity to electronic documents, covers a broad range of legal issues. The Ministry of Information Technology has set up an IT security centre at Hyderabad, in line with the American Computer Emergency Response Team (CERT) as part of a multi-pronged approach to control cyber-crime.32 The National Association of Software Services and Companies, (NASSCOM) a nodal agency for promoting IT in the country, has on its part set up a National Cyber-Cop Committee comprising members from the government, IT experts and the police, to address the growing threat to cyber security in the country.33

The CBI is also tuning itself to counter the cyber threat. The cyber crime cell established by the CBI since April 2000, acts as an international contact point in India for resolving cyber-crime cases. The cell has a committed core team, which interacts with the Federal Bureau of Investigation (FBI), Interpol and police forces of other countries. The CBI academy has also introduced cyber-related training programmes for police officers of state police forces.34

The defence forces on their part have adopted information warfare doctrines, which include Infosec as a vital element. There is a growing partnership between the defence and private industry to evolve IT security solutions for the defence information infrastructure. In this regard, the development of 'Trinetra', an encryption system for secure communications by the Indian Navy in collaboration with IIT Kanpur deserves special mention.35 As defence reliance on commercial off the shelf technology (COTS) grows, the dilemma of selecting an appropriate vendor has been to a large extent addressed by the CII online defence directory-a web based listing of Indian software vendors working on defence related systems and applications.36 The private companies offer a wide base of security solutions ranging from security auditing and consulting to implementation of solutions like firewalls, encryption technology and intrusion detection devices.

Challenges Ahead

The well-proven cliché, "you are as secure as the weakest link", underscores the predicament of Infosec professionals. Hackers have successfully exploited the 'weakest link' and infringed some of the best-protected computer systems in the world, which include NASA, CIA, Pentagon and Microsoft. Infosec is a serious issue-and the realisation is fast dawning in India too. We cannot afford to be reactive in our approach towards information security, responding to stray attacks on our information infrastructure. In an increasingly networked environment, the need to be proactive in our approach towards securing a wired India is of paramount importance.

While a number of initiatives have been undertaken, the nature of the issue demands a more holistic and integrated approach. An effective Infosec strategy should deliberate on each of the three vital aspects-legislation, policy and technology.

l Legislation for deterrence

l Policy for control

l Technology for prevention

Legislation. As we develop a national Internet backbone and an NII, the protection of critical information infrastructure takes maximum priority. We need to identify the 'Minimum Critical Information Infrastructure' and secure it with the utmost resolve. The critical areas in the Indian context should include:

- Banking and finance (including NSE and BSE).

- Energy (power, oil and natural gas).

- Transportation (railways, National Highways Authority of India (NHAI), civil aviation and ports).

- Defence.

- Telecommunication and space (including telephone and media services).

- Vital public conveniences (water supply, hospital and emergency services).

A national strategy on Infosec should issue guidelines and determine mandatory practices for government, defence, industry and individuals. Organisations in turn should be accountable with well-defined security policies, catering to their current and future requirements. This can be enforced only through compulsory computer security audits as done in the case of financial audits. Infosec is an ongoing process and needs constant updating of policies of technology. Even the IT Act 2000 needs updating on various issues like digital signatures and PKI (Public Key Infrastructure) to enable e-commerce transactions on the net.

Policy. Organisations need to control their employees' access to information and this can be done only when information is clearly categorised or classified (as in the case of the military). Restricting access to the Internet and relying on isolated mainframe computers to store vital information resources are a few measures that should be incorporated in an organisation's Infosec policy. In the corporate sector, unfortunately, a majority of the security breaches go unreported, fearing loss of customer confidence. The practice of not reporting security breaches and cyber-crimes is a major hindrance to the progress of law enforcement agencies in combating cyber-crime. Presently, no reliable data is available on the nature and extent of security breaches. With the Ministry of IT and NASSCOM both establishing IT security centres, this information can be made available along with details on IT security trends and available technology. Lack of budgets, poor awareness and practically no training in Infosec practices are the other equally vital areas where organisations need to invest, in terms of both money and manpower.

Technology. Customised security solutions comprising smart cards, firewalls, intrusion detection devices, encryption algorithms and biometric systems (e.g. fingerprint and retina scan) are commercially available today, albeit at a cost. While the best of firewalls can be circumvented and encryption codes cracked by hackers, technology itself cannot provide the answer to a fool-proof security system.

So, where does the solution lie? Strict legislation, sound policy and a judicious mix of technology solutions offer the most credible solution to the Infosec dilemma. And this can prove successful only if strongly implemented and constantly updated. The complex nature of the problem also requires being open to innovative solutions. For instance, ethical hacking or employing own hackers is becoming a popular method for assessing network security. NASSCOM has employed a force of 18-20 ethical hackers recently (all teenagers) who test various networks for vulnerabilities and expose a range of 'security bugs' within operating systems. 'Honeypot' and 'tracers' are other recent technologies,37 which use 'decoy servers' and 'surveillance algorithms' to track and trap hackers in cyberspace. Finally, in the dynamic world of IT where obsolescence is high and time a premium, we need to collate our strengths and act fast in our endeavour to ensure that information security prevails.

NOTES

1. For details on hacked Indian websites see <www.attrition.org> and <www.safemode.org>

2. For details on the Indian IT industry, visit NASSCOM (National Association of Software Services and Companies) website at <www.nasscom.org> and the Ministry of Information Technology website at <www.mit.gov.in>

3. SEI-CMM 5 (Carnegie Mellon's Software Engineering Institute-Capability Maturity Model) 5 is the highest certification for software engineering quality a company can achieve.

4. See Akshay Joshi, "Information Technology: Advantage India", Strategic Analysis, April 2000.

5. IT Action Plan and the report of the National Task Force on IT and Software Development can be accessed at the Ministry of Information Technology website, <www.mit.gov.in>

6. N. Vittal and S. Mahalingam, Information Technology: India's Tomorrow (New Delhi: Manas Publications 2001), pp. 117-125.

7. Dewang Mehta , "Bandwidth Shortage Hurts Software", The Economic Times, December 8, 2000

8. Bharti Televentures has joined hands with Singtel (Singapore Telecommunications Limited) to set up the world's largest capacity private undersea cable venture at a cost of $650 million. The 11,800-km-long ring network would connect Singapore, Chennai and Mumbai, with a total bandwidth of 8.4 terabits per second (8,400 Gbps). The first leg of the project between Chennai and Singapore is likely to be completed by end 2001. For more details on sub-marine cable infrastructure development refer Tele.net, November 2000

9. Manoj Gairola, "Reliance, Shyam & Bharti get DOTted with IP Licence", The Economic Times, December 13, 2000.

10. For details on VSAT networks and technologies, see S. Barathy, "VSAT Systems", Bitcom India, November 2000.

11. Cmde Prem Chand, "Addressing the Challenges of Information Revolution", 3rd Asian Security Conference, New Delhi, January 26-29.

12. For a detailed report on growth of the Internet in India, see "Global Competitiveness - India Can do it" (All India Management Association, New Delhi), the theme for the 27th National Management Convention at Nehru Centre, Mumbai, September 14 to 16, 2000

13. See Indian Railways website at <www.indianrailways.com> and CRIS (Centre for Railway Information Systems) website at <www.indianrail.gov.in>

14. See NIC website at <www.nic.in>

15. See Brig. Vinod Anand, "Joint Development of Inter Services Network and C4I2 Systems", Strategic Analysis, October 2000, for a detailed account of military networks and C4I2 systems.

16. See ERNET website at <www.doe.ernet.in>

17. See NSE website at <www.nseindia.com>

18. R.V. Prasad , "Hack the Hackers", The Hindustan Times, December 19, 2000.

19. Lt. Cdr A. Anand, Information Technology: The Future Warfare Weapon (New Delhi: Ocean Books Pvt Ltd.), pp. 56-62.

20. Prasad, n.18.

21. Gaurav Kala, "Intelligence Agencies Leave a Lot to Chance", The Times of India , December 27, 2000.

22. Major General Yeshwant Deva, "Threats to Cyber Security in the Wake of Pokhran II", Indian Defence Review, April-June 1998, pp.47-49.

23. Lee Hockstader,"Pings and E-Arrows Fly in Mideast Cyber-War", Washington Post, October 27, 2000.

24. Robert J. Bunker, "Information Operations and the Conduct of Land Warfare", The Land Warfare Papers (published by The Institute of Land Warfare), October 31, 1998.

25. For a declassified copy of the Cox Report, visit <www.tscm.com/coxoverview.htm>

26. John Arquilla and David Roffeldt, In Athena's Camp: Preparing for Conflict in the Information Age (Santa Monica: RAND Corp, 1997) pp. 369-391.

27. Ibid.

28. "Cyber-Crime", Businessweek, February 21, 2000.

29. Prashant Bakshi , "Microsoft Hacker Trouble", Financial Express, November 8, 2000

30. The International Narcotics Control Strategy Report 1999 can be accessed at <www.state.gov/www/global/narcotics_law/>

31. Conference on "E-security and Hacking: Threats and Opportunities for e-Commerce & e-Governance" at FICCI, New Delhi on January 10, 2001.

32. Sudhir Nagaraj, "Cyber-Crime May See a Dead End at Govt's IT Security Centre", Economic Times, December 7, 2000.

33. Sobha Menon , "Beat'em if You Can", Economic Times, October 15, 2000.

34. Cited by CBI Director Raghavan at the conference on "E-security and Hacking : Threats and Opportunities for e-Commerce and e-Governance" at FICCI, New Delhi on January 10, 2001.

35. Beena Mishra,"IIT Develops Cipher Code for the Navy", TOINS, also accessible at <www.bharat-rakshak.com>

36. CII online directory of Defence IT industry can be accessed at <www.ciionline.org/defence>

37. See "Hackers Caught in Security Honeypot" at <www.bharat-rakshak.com>