📰 Quad meet focuses on Indo-Pacific cooperation
Differences emerge over stand on Russia, Myanmar.
•Calling for justice for the 26/11 terror attacks in Mumbai (2008) and the Pathankot airbase attack (2016) for the first time since the group was formed, Foreign Ministers of the Australia-India-Japan said that the Quad is already cooperating on sharing intelligence on threats in the Indo-Pacific region.
•The group of ministers, who held their fourth Quad ministerial meeting in Melbourne on Friday also resolved to speed up delivery of more than a billion Covid vaccines to be manufactured in India, to hold a special meet on climate change this year, and step efforts to ensure maritime security in the region. They announced plans for a Quad summit including PM Modi, U.S. President Biden and Australian PM Morrison to be hosted by Japan’s PM Kishida in Tokyo in the “first half of 2022”.
•“We call on all countries to ensure that territory under their control is not used to launch terror attacks and to expeditiously bring to justice the perpetrators of such attacks,” said a joint statement issued at the end of talks between the Foreign ministers. “We reiterate our condemnation of terrorist attacks in India, including 26/11 Mumbai and Pathankot attacks,” it added, indicating two attacks linked to the Lashkar e Toiba and Jaish e Mohammad in Pakistan.
•The statement also made a veiled reference to China’s actions in the South and East China seas, reaffirming a commitment to a free and open Indo-Pacific, “in which states strive to protect the interests of their people, free from coercion.”
•Chinese Ministry of Foreign Affairs spokesperson called the Quad mechanism “only a tool to contain China.” “This is a deliberate move to stoke confrontation and undermine international solidarity and cooperation,” spokesperson Zhao Lijan said in Beijing, calling on Quad countries to “abandon the outdated cold war mentality.”
•While the grouping committed to stronger cooperation on Indo-Pacific initiatives, divisions appeared in their stand on global developments like Russia-NATO tensions over Ukraine and sanctions against Myanmar’s military, as External Affairs Minister S. Jaishankar expressed an independent line during a press conference held after the meeting.
•“Where we are concerned, we don’t follow a policy of national sanctions,” Mr. Jaishankar said, pointing out that India is “troubled” by the situation in Myanmar post-coup, but its thinking is guided by concerns over cross border insurgencies, Covid infections, and concerns of a humanitarian situation that could arise from food shortages when asked about fresh US sanctions being placed on Myanmar.
•In contrast, U.S. Secretary of State Antony Blinken, who has backed the sanctions, pushed for countries to stop arms trade with the Myanmar military. The joint statement called for a return to democracy in Myanmar, and also condemned North Korea’s recent ballistic missile tests.
•Foreign Ministers of Australia, Japan and U.S. also took a sharp line on the build up of Russian troops along the border with Ukraine in recent weeks, where Mr. Blinken warned that “an invasion [by Russian troops] could begin at any time”. Australian Foreign Minister Marise Payne expressed “deep concern” about Russian “aggression”, while Japanese Foreign Minister Yoshimasa raised tensions over Ukraine as well. However Mr. Jaishankar did not speak about the issue, nor did the Russia-Ukraine situation find any mention in the joint statement. When asked by Australian journalists about India’s stand, Mr. Jaishankar said that the Quad meeting was “focused on the Indo-Pacific.” “So I think you should figure out the geography there, and where we stand,” he added.
Vaccines initiative
•The joint statement issued included a renewed commitment to the “flagship” Quad Vaccine initiative to deliver at least one billion vaccines produced at Hyderabad’s Biological E facility by the end of 2022 to Indo-Pacific countries, and to a pledge to donate 1.3 billion vaccine doses globally. It also recorded progress on the other fields for cooperation identified during the Quad summit last year, including climate change, critical and emerging technologies, counter-terrorism, infrastructure, humanitarian-assistance and disaster-relief (HADR) and maritime domain awareness.
Bilateral meetings
•After the Quad meeting, Mr. Jaishankar also held separate bilateral meetings with Mr. Blinken and Japanese Foreign Minister Hayashi Yoshimasa. Mr. Jaishankar is due to meet Mr. Blinken in Washington for a “2+2” along with India-US defence ministers, for a meeting that has been delayed since November.
•In talks with Mr. Yoshimasa, Mr. Jaishankar also hoped to welcome the Japanese PM Kishida for a visit to India, that has been delayed since former PM Shinzo Abe put off his trip in December 2019, and the two ministers agreed to hold the next round of the India-Japan 2+2 soon.
•All the Quad ministers called on Australian PM Scott Morrison, who said the Quad must ensure regional countries “can enjoy their sovereignty, and not be coerced”.
The world must prioritise equitable health care and also reclaim the earlier normality
•In what will cheer the tourism industry and travellers, the Government has allowed fully vaccinated passengers from 82 countries to skip the mandatory quarantine period, from February 14. The requirement of compulsory on-arrival testing for passengers from certain countries identified as “at-risk” has also been removed. These guidelines, from the Ministry of Health, apply to countries with whom India has a pact of reciprocity and include the U.K., the U.S., Canada, Australia and New Zealand, or those which see significant traffic in and out of India. Currently, India has air bubble agreements with 35 countries. The Government had earlier moved to resume international flights from December 15, but withdrew the decision due to the Omicron variant. The tourism industry estimates that COVID-19 has caused losses of ₹150 lakh-crore since March 2020. Prior to the pandemic, India had at least 1.1 crore inbound tourists and 2.7 crore outbound tourists annually, say industry estimates, and the new relaxations appear to be in line to recoup these numbers.
•There are sound epidemiological reasons for the decision. India’s daily trajectory of fresh COVID-19 cases is declining — from close to 3,00,000 cases a day on January 24, to around 58,000 cases a day now. It bears remembering that this precipitous fall — the speed of which is unusual compared to previous waves — is also due to a change in testing attitudes. The easy availability of rapid antigen tests that can be self-administered has seen more cases being registered outside the system of Government-tracked RT-PCR testing and not reflecting in official case counts. Overall, while the relative mildness of the Omicron variant, compared to the Delta variant, has meant that many of those infected did not need hospitalisation, the availability of vaccines has also contributed to the third wave posing a diminished health threat. Though deaths continued to rise, it was not to the same degree as earlier though a full reckoning will take more time after excess death tallies from States start to become public. Finally, the varied results internationally from booster doses, in that they were not enough to deter transmission, have led to a broader acceptance that the coronavirus cannot be eliminated by vaccines alone but can be repelled, over time, with a mix of approaches such as wearing masks, vaccination and accepting short lockdowns. Moreover, there is also no situation where herd immunity will ensure elimination of a virus as breakthrough infections and reinfections are rife. The opening of schools and the normalising of air travel imply that the world must learn to prioritise equitable health care and improve hygiene — yet move forward, reclaim and repair the social and economic remnants of the pre-pandemic period.
📰 Taking a byte out of cyber threats
Rather than wait for the ‘Big Bang cyber attack’, nations and institutions ought to be prepared for a rash of cyber strikes
•Cyber attacks may be a relatively new phenomenon, but in a short time frame have come to be assessed as dangerous as terrorism. The world was possibly made aware of the danger and threat posed by cyber weapons with the advent of the Stuxnet Worm in 2010, which resulted in large-scale damage to Iran’s centrifuge capabilities. Two years later, in 2012, a bank of computers belonging to the Saudi Aramco Oil Company were targeted, reportedly by Iranian operatives, employing malware that wiped out data on 30,000 computers. A few weeks later, Iran was again believed to have been behind a targeted attack on the Qatari natural gas company, RasGas. The string of instances appear to have provoked then United States Defence Secretary, Leon Panetta, to utter the warning that the world had to prepare for a kind of ‘cyber Pearl Harbour’, highlighting a new era of potential vulnerabilities.
Static response
•In the decade that followed, and while preparing for a ‘potential Pearl Harbour’ type of strike, including seeking ways and means to retaliate in the eventuality of such attacks, the West seemed to lose its way on how to deal with the emerging cyber threat. Each succeeding year, despite an increase in cyber threats, witnessed no change in the method of response. The years 2020 and 2021 have proved to be extremely difficult from the perspective of cyber attacks but no changes in methodology have been seen. In 2021, cyber attacks that attracted the maximum attention were SolarWinds and Colonial Pipeline in the U.S., but these were merely the tip of a much bigger iceberg among the string of attacks that plagued the world. Estimates of the cost to the world in 2021 from cyber attacks are still being computed, but if the cost of cyber crimes in 2020 (believed to be more than $1 trillion) is any guide, it is likely to range between $3trillion-$4 trillion. What is not disputed any longer is that soon, if not already, cyber crime damage costs would become more profitable than the global trade of all major illegal drugs combined.
Sectors that are vulnerable
•As 2022 begins, the general consensus is that the cyber threat is likely to be among, if not the biggest, concern for both companies and governments across the globe. In the Information age, data is gold. Credential threats and the threat of data breaches, phishing, and ransomware attacks, apart from major IT outages, are expected to be among the main concerns. Results are also likely to far eclipse the damage stemming from the COVID-19 pandemic or any natural disasters. A little publicised fact is that the vast majority of cyber attacks are directed at small and medium sized businesses, and it is likely that this trend will grow.
•According to experts, among the most targeted sectors in the coming period are likely to be: health care, education and research, communications and governments. Health-care ransomware has been little publicised, but the reality is that ransomware attacks have led to longer stays in hospitals, apart from delays in procedures and tests, resulting in an increase in patient mortality.
•Far more than merely apportioning costs linked to cyber crime is the reality that no organisation can possibly claim to be completely immune from cyber attacks. While preventive and reactive cyber security strategies are needed — and are essential to mitigate cyber risks — they are proving to be highly illusive in an increasingly hyper-connected world. Comprehending the consequences of this reality could be devastating.
•For instance, despite all talk about managing and protecting data, the reality is that ransomware is increasing in intensity and is tending to become a near destructive threat, because there are many available soft targets. Statistics in this regard are also telling, viz. , that new attacks are taking place every 10 seconds. Apart from loss of data, what is also becoming evident is that ransomware criminals are becoming more sophisticated, and are using ransomware to cripple large enterprises and even governments. Talk of the emergence of ‘Ransomware as a Service’ (RaaS) — a business model for ransomware developers — is no mere idle threat.
•The huge security impact of working from home, dictated largely by the prevailing novel coronavirus pandemic, must again not be underestimated as it is likely to further accelerate the pace of cyber attacks. A conservative estimate is that a rash of attacks is almost certain to occur on home computers and networks. Additionally, according to experts, a tendency seen more recently to put everything on the Cloud could backfire, causing many security holes, challenges, misconfigurations and outages. Furthermore, even as Identity and Multifactor Authentication (MFA) take centre stage, the gloomy prognostication of experts is that Advanced Persistent Threats (APT) attacks are set to increase, with criminal networks working overtime and the Dark web allowing criminals to access even sensitive corporate networks.
Scant clarity
•Unfortunately, and despite the plethora of such evidence, cyber security experts appear to be floundering in finding proper solutions to the ever widening cyber threat. There is a great deal of talk among cyber security experts about emerging cyber security technologies and protocols intended to protect systems, networks and devices, but little clarity whether what is available can ensure protection from all-encompassing cyber attacks. Technology geeks, meanwhile, are having a field day, insisting on every enterprise incorporating SASE — Secure Access Service Edge — to reduce the risk of cyber attacks. Additional solutions are being proposed such as CASB — Cloud Access Security Broker — and SWG — Secure Web Gateway — aimed at limiting the risks to users from web-based threats. Constant references to the Zero Trust Model and Micro Segmentation as a means to limit cyber attacks, can again be self-limiting. Zero Trust does put the onus on strict identity verification ‘allowing only authorized and authenticated users to access data applications’, but it is not certain how successful this and other applications will prove to be in the face of the current wave of cyber attacks. What is most needed is absent, viz., that cyber security experts should aim at being two steps ahead of cyber criminals. This is not evident as of now.
Unique challenges
•Missing from the canvas is that cyber technology presents certain unique challenges which need particularised answers. Instead of attempting to devise standard methodologies, and arrive at certain international norms that govern its use, a decade of misplaced effort by the West in preparing for a ‘potential Pearl Harbour type of strike’ has enabled cyber criminals to gain the upper hand. While the West focused on ‘militarization’ of the cyber threat, and how best it could win with its superior capabilities, valuable time was lost. It led to misplaced ideas and erroneous generalisations, resulting in a decade of lost opportunity.
•This situation needs to be reversed. A detailed study of the series of low- and medium-level proactive cyber attacks that have occurred during the past decade is clearly warranted. It could reinforce the belief that when it comes to deterrence in cyber space, what is required is not a piece of ‘grand strategy’: low and medium tech, low and medium risk targeted operations could be just as effective. A related aspect is to prevent individual companies from attempting their own tradeoffs — between investing in security and maximising short-term profits. What many companies and even others fail to realise is that inadequate corporate protection and defence could have huge external costs for national security, as was evident in the SolarWinds attack.
Defence and backup plans
•Nations and institutions, instead of waiting for the ‘Big Bang cyber attack’, should actively prepare for a rash of cyber attacks — essentially ransomware — mainly directed at available data. The emphasis should be on prioritising the defence of data above everything else. Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber attacks.
•On the strategic plane, understanding the nature of cyber space is important. While solving the technical side is ‘one part of the solution, networks and data structures need at the same time to prioritise resilience through decentralised and dense networks, hybrid cloud structures, redundant applications and backup processes’. This implies ‘planning and training for network failures so that individuals could adapt and continue to provide service even in the midst of an offensive cyber campaign’.
•The short answer is to prioritise building trust in systems — whether it is an electrical grid, banks or the like, and creating backup plans including ‘strategic decisions about what should be online or digital and what needs to stay analog or physical, and building capacity within networks to survive’ even if one node is attacked. Failure to build resilience — at both the ‘technical and human level — will mean that the cycle of cyber attacks and the distrust they give rise to will continue to threaten the foundations of democratic society’. Preventing an erosion of trust is critical in this day and age.