India will reportedly create a new cyber warfare unit to undertake defensive and offensive cyber operations. The unit will be a tri-service agency comprising personnel drawn from the Army, Navy and Air Force. The move is seen as a realisation among the policy makers on the indispensable nature of cyber warfare capability for the future. The agency might be the diluted version of a cyber-command that was for long demanded by the security and strategic community. This cyber agency could also be a forerunner to the future Cyber Command.
The cyber agency will work in close coordination with the National Cyber Security Advisor and probably with the National Technical Research Organisation (NTRO), which is the country’s premier technical intelligence agency. However, it is also possible that the organisation will directly report to the defence ministry as the staff will be mainly drawn from the services.
The move is seen as a welcome step from the government to meet the future security challenges in the cyber domain. However, what really matters is how it will be structured and operated. Other security organisations, particularly investigative and intelligence agencies that were set up in the past ended up being ineffective. The NTRO is believed be the organisation currently responsible for the cyber defence of the country. However, the ineffectiveness is apparent from the number of successful attacks mounted by Pakistani hackers and other external players. Most government security related agencies, even technical units, are reportedly populated by bureaucrats or service officers who are in their final years of service or retired.
If the upcoming cyber agency is also built on the usual lines then it would end up as another inefficient organisation without actual capability. It is claimed that the personnel will be drawn from the three services, which might not be the perfect idea. Usually the services do not part with the cream of their officers and staff for purposes like these and hence the agency will obviously not get the best in service. There is also the question on what level of cyber skill the services are going to bring in.
Moreover, the nature of cyber warfare is completely different from the kinetic domain and cyber security requires a different mind-set which is miles away from the traditional military mind-set. Hence, unless the service personnel who would make up the unit are special recruits either trained for several years or are recruited based on experience in the cyber domain, the agency will be doomed to be another ineffective body. More importantly, the leadership of the agency ought to have a thorough understanding and good experience in that domain.
The best way is to recruit students and experts in the domain and train them to ensure quality as well as discipline. This necessitates the creation of a completely unique training structure different from the regular military training. Further, to avoid inter-agency rivalry the new cyber agency should be made entirely responsible for cyber operations and any duplicate units within the services should be closed. Finally, the success depends on how it is implemented.